Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malwarebytes (free) findet Registerwerte von PUP.Optional.FrostwireTB.A

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.11.2014, 12:13   #1
juhu73
 
Malwarebytes (free) findet Registerwerte von  PUP.Optional.FrostwireTB.A - Standard

Malwarebytes (free) findet Registerwerte von PUP.Optional.FrostwireTB.A



Hallo,

Bei einem mwb-Lauf hat er Registerwerte von PUP.Optinal.FrostwireTB.A gefunden. (s. Img) Ich weiß nicht, ob ich sie einfach in Quarantäne und dann löschen kann.
Hier die Zusammenstellung der Infos:

Defogger disable:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:42 on 10/11/2014 (Hubert)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01
Ran by Hubert (administrator) on HUBERT-PC on 10-11-2014 11:46:02
Running from K:\Hubert\Eigene Dokumente\PC - dies und das\FRST
Loaded Profiles: Hubert &  (Available profiles: Hubert)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Acronis) C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
(Mirko Böer) C:\Program Files\SSS\SimpleScreenshot.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILPE.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(The Document Foundation) C:\Program Files\LibreOffice 4\program\sbase.exe
(The Document Foundation) C:\Program Files\LibreOffice 4\program\soffice.exe
(The Document Foundation) C:\Program Files\LibreOffice 4\program\soffice.bin
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Acronis) C:\Program Files\Acronis\DriveMonitor\adm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [192000 2009-08-19] (Wistron)
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [413696 2009-08-05] (Wistron Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495728 2009-10-24] (IDT, Inc.)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [3342336 2009-11-12] (Sentelic Corporation)
HKLM\...\Run: [adm_tray.exe] => C:\Program Files\Acronis\DriveMonitor\adm_tray.exe [533808 2010-06-04] (Acronis)
HKLM\...\Run: [SimpleScreenshot] => C:\Program Files\SSS\SIMPLESCREENSHOT.EXE [2255360 2011-07-12] (Mirko Böer)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILPE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4285553767-1374707740-3178024607-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILPE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=prc265
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4285553767-1374707740-3178024607-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: QTTabBar AutoLoader -> {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{d2bf470e-ed1c-487f-a333-2bd8835eb6ce} -  No File
Toolbar: HKLM - No Name - !{d2bf470e-ed1c-487f-a666-2bd8835eb6ce} -  No File
Toolbar: HKLM - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QTTab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default
FF Homepage: https://de.yahoo.com?fr=hp-avast&type=prc265
FF SelectedSearchEngine: Yahoo! (Avast)
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Hubert\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\abs@avira.com [2014-10-21]
FF Extension: CsFire - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\csfire@cs.kuleuven.be [2012-08-25]
FF Extension: GoogleSharing - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\googlesharing@extension.thoughtcrime.org [2011-07-05]
FF Extension: Windows Media Player Extension for Firefox - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\jid0-nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack [2012-06-06]
FF Extension: WOT - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906} [2010-05-06]
FF Extension: DownloadHelper - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-02]
FF Extension: Inline Translator - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\itrans@tenshi.xpi [2011-08-14]
FF Extension: Tab Control - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{39952c40-5197-11da-8cd6-0800200c9a66}.xpi [2011-04-07]
FF Extension: NoScript - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-15]
FF Extension: ImTranslator - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-04-10]
FF Extension: Adblock Plus - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-15]
FF Extension: BetterPrivacy - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-04-22]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "https://de.yahoo.com?fr=hp-avast&type=prc265"
CHR Profile: C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (WOT) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-14]
CHR Extension: (YouTube) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-10]
CHR Extension: (Adblock Plus) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-11]
CHR Extension: (Google-Suche) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-10]
CHR Extension: (Avira SafeSearch) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-10-21]
CHR Extension: (Gmail offline) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-12-10]
CHR Extension: (Avira Browser Safety) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-21]
CHR Extension: (Tabs to the front!) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla [2013-12-10]
CHR Extension: (PDF Viewer) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccchjobcggajhnmckffhcahkkbioifn [2014-06-03]
CHR Extension: (Window Close Protector) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnpifgapnmpninomacbhdlconlpikdai [2013-12-15]
CHR Extension: (Google Wallet) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]
CHR Extension: (Google Mail) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-10]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [661072 2009-10-31] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-01-22] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2014-11-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-04] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
S4 CGVPNCliSrvc; C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S4 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-06-14] (Teruten) [File not signed]
S4 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-27] () [File not signed]
S4 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-07-29] (Secunia)
R2 STacSV; c:\program files\idt\wdm\STacSV.exe [225382 2009-10-24] (IDT, Inc.)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [113152 2009-03-04] (Wistron Corp.) [File not signed]
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-09-24] (Avira Operations GmbH & Co. KG)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2010-07-15] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2010-07-15] () [File not signed]
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-06-14] () [File not signed]
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-12-03] (Lavasoft AB)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-10] (Malwarebytes Corporation)
S3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-07-30] (NXP Semiconductors Germany GmbH)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.) [File not signed]
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-09-24] (Avira GmbH)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project)
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [911680 2010-01-22] (Acronis)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Hubert\AppData\Local\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S2 HWiNFO32; \??\F:\Progs\hwinfo32\HWiNFO32.SYS [X]
S3 StarOpen; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 09:29 - 2014-11-10 09:33 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-10 09:28 - 2014-11-10 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-10 09:28 - 2014-11-10 09:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-11-10 09:28 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-10 09:28 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-08 09:50 - 2014-11-08 09:50 - 00001059 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-21 17:35 - 2014-10-21 17:35 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Avira
2014-10-21 16:29 - 2014-10-21 16:25 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-21 16:21 - 2014-09-24 11:44 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-21 16:21 - 2014-09-24 11:44 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-21 16:21 - 2014-09-24 11:44 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-21 16:21 - 2014-09-24 11:44 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-10-21 16:15 - 2014-11-08 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-21 16:15 - 2014-11-08 09:50 - 00000000 ____D () C:\Program Files\Avira
2014-10-21 16:15 - 2014-10-21 16:21 - 00000000 ____D () C:\ProgramData\Avira
2014-10-21 16:14 - 2014-11-08 09:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-15 16:35 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 16:35 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 16:35 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 16:35 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 16:35 - 2014-09-19 23:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 16:35 - 2014-09-19 23:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 16:35 - 2014-09-19 23:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 16:35 - 2014-09-19 23:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 16:35 - 2014-09-19 23:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 16:35 - 2014-09-19 23:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 16:35 - 2014-09-19 23:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 16:35 - 2014-09-19 23:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 16:35 - 2014-09-19 23:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 16:35 - 2014-09-19 23:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 16:35 - 2014-09-19 23:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 16:35 - 2014-09-19 23:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 16:35 - 2014-09-19 23:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 16:35 - 2014-09-19 23:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 16:35 - 2014-09-19 23:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 16:35 - 2014-09-19 23:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 16:35 - 2014-09-19 23:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 16:35 - 2014-09-19 23:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 16:35 - 2014-09-19 23:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 16:35 - 2014-09-19 23:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 16:35 - 2014-09-19 23:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 16:35 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 16:35 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 16:35 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 16:35 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 16:35 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 16:34 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 16:34 - 2014-08-29 02:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 16:34 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 16:34 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 16:34 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 16:34 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 16:34 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 16:34 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 16:34 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 16:34 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 16:33 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 16:33 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 16:33 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 16:33 - 2014-07-07 02:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 16:33 - 2014-06-28 01:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 16:33 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 16:33 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 16:32 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 16:32 - 2014-08-19 03:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 16:32 - 2014-08-19 03:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 16:32 - 2014-08-19 03:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 16:32 - 2014-08-19 03:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 16:32 - 2014-08-19 02:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 16:32 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 16:32 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 16:32 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 16:32 - 2014-07-07 02:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 16:32 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 16:32 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 16:32 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 16:31 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-13 15:16 - 2014-10-13 15:16 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Ashampoo
2014-10-13 15:16 - 2014-10-13 15:16 - 00000000 ____D () C:\Users\Hubert\AppData\Local\CrashRpt
2014-10-13 15:14 - 2014-10-13 15:17 - 00001230 _____ () C:\Users\Public\Desktop\CleverReach.de.lnk
2014-10-13 15:14 - 2014-10-13 15:14 - 00000000 ____D () C:\Users\Hubert\AppData\Local\ashampoo
2014-10-13 15:14 - 2014-10-13 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-10-13 15:13 - 2014-10-13 15:14 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-10-13 15:13 - 2014-10-13 15:13 - 00000000 ____D () C:\Program Files\Ashampoo
2014-10-13 13:58 - 2014-10-13 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2014-10-13 13:58 - 2014-10-13 13:58 - 00000000 ____D () C:\Program Files\PhotoScape
2014-10-13 13:37 - 2014-10-13 13:37 - 00000865 _____ () C:\Users\Hubert\AppData\Local\recently-used.xbel
2014-10-13 13:37 - 2014-10-13 13:37 - 00000000 ____D () C:\Users\Hubert\AppData\Local\gtk-2.0
2014-10-13 13:29 - 2014-10-13 13:38 - 00000000 ____D () C:\Users\Hubert\.gimp-2.8
2014-10-13 13:29 - 2014-10-13 13:29 - 00000000 ____D () C:\Users\Hubert\AppData\Local\gegl-0.2

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 11:46 - 2014-01-29 18:29 - 00000000 ____D () C:\FRST
2014-11-10 11:28 - 2010-01-21 14:40 - 01343333 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 11:25 - 2014-02-18 15:25 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-710 Series Update {B3A05D5E-0816-4D39-BC7D-04A0F78A3960}.job
2014-11-10 11:25 - 2014-02-18 15:25 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-710 Series Invitation {B3A05D5E-0816-4D39-BC7D-04A0F78A3960}.job
2014-11-10 11:11 - 2010-02-14 16:48 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 10:11 - 2010-02-14 16:48 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 09:29 - 2011-03-30 15:38 - 00000000 ____D () C:\Users\Hubert\Desktop\Sicherheits-Check Programme
2014-11-10 09:28 - 2011-03-30 16:34 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-11-10 09:28 - 2010-10-20 15:18 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Malwarebytes
2014-11-10 09:28 - 2010-10-20 15:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-08 19:04 - 2009-11-06 04:43 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 19:04 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-08 19:04 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-08 18:59 - 2014-05-17 16:25 - 00005252 _____ () C:\Windows\setupact.log
2014-11-08 18:59 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-03 16:41 - 2014-06-10 07:35 - 00828982 _____ () C:\Windows\PFRO.log
2014-10-29 09:35 - 2013-12-10 14:48 - 00002085 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-21 16:12 - 2011-07-26 15:12 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-21 12:50 - 2010-01-21 16:18 - 00044762 _____ () C:\Users\Hubert\AppData\Roaming\wklnhst.dat
2014-10-21 12:50 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-21 12:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-20 10:06 - 2011-11-04 15:51 - 00005120 _____ () C:\Users\Hubert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-20 10:05 - 2013-07-20 13:55 - 00000000 ____D () C:\PFS8.0 AE_TMP
2014-10-20 09:39 - 2009-07-14 05:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-15 17:16 - 2009-07-14 05:33 - 00444768 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 17:13 - 2014-04-24 14:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 17:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-15 16:52 - 2013-07-12 13:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 16:42 - 2009-11-06 09:23 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-13 15:16 - 2013-07-20 12:44 - 00000000 ___RD () C:\Users\Hubert\Desktop\Fotoprogramme
2014-10-13 13:34 - 2010-01-21 14:46 - 00000000 ____D () C:\Users\Hubert

Some content of TEMP:
====================
C:\Users\Hubert\AppData\Local\temp\avgnt.exe
C:\Users\Hubert\AppData\Local\temp\jna7945255070255805652.dll
C:\Users\Hubert\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-06-21 18:42

==================== End Of Log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-11-2014 01
Ran by Hubert at 2014-11-10 11:47:16
Running from K:\Hubert\Eigene Dokumente\PC - dies und das\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Acronis Drive Monitor (HKLM\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.187 - Acronis)
Acronis*True*Image*Home (HKLM\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.6029 - Acronis)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version:  - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Photo Commander 11 (HKLM\...\{C92AB6F1-0F9C-8526-5DF1-0A2FD0FB33D9}_is1) (Version: 11.1.8 - Ashampoo GmbH & Co. KG)
Avira (HKLM\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
AVM FRITZ!fax für FRITZ!Box (HKLM\...\FRITZ! 2.0) (Version:  - AVM Berlin)
Biet-O-Matic v2.12.7 (HKLM\...\Biet-O-Matic v2.12.7) (Version: Biet-O-Matic v2.12.7 - BOM Development Team)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.9.2809 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CorelDRAW Essential Edition 3 (Version: 3.0 - Corel Corporation) Hidden
CyberGhost VPN Patch 4.7.19 (HKLM\...\CyberGhost VPN_is1) (Version:  - CyberGhost S.R.L.)
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2130 - CyberLink Corp.)
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3121 - CyberLink Corp.)
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3213 - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2231 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2010 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM\...\{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.0.6720 - CyberLink Corp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2130 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2609 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DE (Version: 3.0 - Corel Corporation) Hidden
DocFetcher (HKLM\...\DocFetcher) (Version: 1.1.3 - )
Driver Booster (HKLM\...\Driver Booster_is1) (Version: 1.4 - IObit)
EASEUS Partition Master 6.1.1 Home Edition (HKLM\...\EASEUS Partition Master Home Edition_is1) (Version:  - EASEUS)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
Epson Event Manager (HKLM\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-710 Series Printer Uninstall (HKLM\...\EPSON XP-710 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
e-Wörterbücher (HKLM\...\{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}) (Version:  - )
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 8.5.4.0 - Sentelic)
Firebird SQL Server - MAGIX Edition (HKLM\...\{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}) (Version: 2.1.23.0 - MAGIX AG)
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Helium (HKLM\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6208.0 - IDT)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
K-Lite Codec Pack 7.0.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Launch Manager V1.5.0.5 (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.0.5 - Wistron Corp.)
LibreOffice 4.2 Help Pack (German) (HKLM\...\{2EC623B7-3559-4058-B4AC-14DC018FC0B7}) (Version: 4.2.6.3 - The Document Foundation)
LibreOffice 4.2.6.3 (HKLM\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation)
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Medion Home Cinema (HKLM\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.)
Medion Home Cinema (Version: 6.0.0000 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Filter Pack 2.0 (HKLM\...\{95140000-2000-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MozBackup 1.4.10 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 25.0.1 (x86 de) (HKLM\...\Mozilla Firefox 25.0.1 (x86 de)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.2.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MPlayer für Windows (HKLM\...\{97D341C8-B0D1-4E4A-A49A-C30B52F168E9}) (Version: 2013-05-25 - The MPlayer Team)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.207.0 - Tracker Software Products Ltd)
Perf3490P_3590P Benutzerhandb. (HKLM\...\Perf3490P_3590P Benutzerhandb.) (Version:  - )
Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PHOTOfunSTUDIO 8.0 AE (HKLM\...\{E715809A-194F-4AD6-84E6-36C88267940B}) (Version: 8.00.511 - Panasonic Corporation)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Presto! BizCard 4.0 Komponente für Windows CE (HKLM\...\{1A058DC0-1DD1-4787-BBD6-A8909B421B78}) (Version:  - )
QTTabBar 1.5.0.0 Beta 2 (HKLM\...\{7EDF4F60-E41A-4D55-8400-A633443C0065}) (Version: 1.5.260 - Quizo and Paul Accisano)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0130 - REALTEK Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (Version:  - ) Hidden
Secunia PSI (2.0.0.4002) (HKLM\...\Secunia PSI) (Version:  - )
Simple Sudoku 4.2 (HKLM\...\Simple Sudoku_is1) (Version:  - )
SimpleScreenshot 1.40 (HKLM\...\SimpleScreenshot) (Version:  - )
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Software Updater (HKLM\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)
StreamTransport version: 1.0.2.1931 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.55.1000 - SUPERAntiSpyware.com)
Sweepi 5.4.00 (HKLM\...\Sweepi_is1) (Version: 5.4.00 - YooApplications)
SyncBack (HKLM\...\SyncBack_is1) (Version:  - 2BrightSparks)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinMerge 2.12.4 (HKLM\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)
Wise Registry Cleaner 5.9.4 (HKLM\...\Wise Registry Cleaner_is1) (Version: 5.9.4 - ZhiQing Soft, Inc.)
X10 Hardware(TM) (HKLM\...\X10Hardware) (Version:  - )
XMedia Recode 3.0.4.6 (HKLM\...\XMedia Recode) (Version: 3.0.4.6 - Sebastian Dörfler)
XMLmind XML Editor Personal Edition 4.6.0 (2010-05-31) (HKLM\...\XMLmind XML Editor_is1) (Version: 4.6.0 - XMLmind)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4285553767-1374707740-3178024607-1000_Classes\CLSID\{7116EF10-DE66-4175-8790-97209D720A03}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

04-10-2014 14:58:52 Installed LibreOffice 4.2 Help Pack (German)
07-10-2014 08:15:00 Windows Update
11-10-2014 14:02:12 Windows Update
15-10-2014 15:36:21 Windows Update
20-10-2014 08:54:34 Windows Update
21-10-2014 15:03:38 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2011-07-05 16:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08018A10-88B5-4E80-8457-D91472DB2575} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2B3F1C56-4FC6-4C37-BB06-AD4FC2329373} - System32\Tasks\EPSON XP-710 Series Update {B3A05D5E-0816-4D39-BC7D-04A0F78A3960} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLPE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {79DB802B-C6FB-44F7-91BC-69DED40F7044} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {8E548E7F-FFB7-43D8-AF40-FC03FC8B5A36} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {91569EDA-99E0-49F5-8ED4-2514F4F16219} - System32\Tasks\Driver Booster Update => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe [2014-06-19] (IObit)
Task: {96E255EC-B3BD-443A-AB58-DF18D2EBBF19} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {98D6955E-17D4-4644-8FC6-DC7C819227E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {D7066AFC-35CC-46E1-AB9F-B33DBE9D7312} - System32\Tasks\EPSON XP-710 Series Invitation {B3A05D5E-0816-4D39-BC7D-04A0F78A3960} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLPE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {DA7FA646-8F7E-44D9-9691-9319E58FC207} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2014-03-07] (IObit)
Task: {EE830AEA-D33B-4BC6-AD54-3F47E7672CA8} - System32\Tasks\Driver Booster SkipUAC (Hubert) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe [2014-06-19] (IObit)
Task: {F536871A-DBC9-4181-89C3-D66A010E8658} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON XP-710 Series Invitation {B3A05D5E-0816-4D39-BC7D-04A0F78A3960}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLPE.EXE
Task: C:\Windows\Tasks\EPSON XP-710 Series Update {B3A05D5E-0816-4D39-BC7D-04A0F78A3960}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLPE.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-04 13:41 - 2009-12-23 17:32 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-04-23 00:54 - 2011-04-23 00:54 - 00067072 _____ () C:\Program Files\QTTabBar\QTHookLib32.dll
2010-07-04 22:32 - 2010-07-04 22:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-08-05 14:22 - 2013-08-05 14:22 - 00053248 _____ () C:\Program Files\FSP\KbdHook.dll
2009-11-12 15:30 - 2009-11-12 13:50 - 00073728 _____ () C:\Program Files\FSP\FspLib.dll
2010-06-04 17:40 - 2010-06-04 17:40 - 00012128 _____ () C:\Program Files\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
2014-10-29 09:35 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-29 09:35 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-29 09:35 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-29 09:35 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-06-11 13:16 - 2014-06-11 13:16 - 03022960 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-06-11 13:16 - 2014-06-11 13:16 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-11 13:16 - 2014-06-11 13:16 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-08-27 22:02 - 2014-08-27 22:02 - 01042232 _____ () C:\Program Files\LibreOffice 4\program\libxml2.dll
2014-08-27 22:02 - 2014-08-27 22:02 - 00183096 _____ () C:\Program Files\LibreOffice 4\program\libxslt.dll
2014-08-27 22:03 - 2014-08-27 22:03 - 00080696 _____ () C:\Program Files\LibreOffice 4\program\python3.dll
2014-08-27 19:17 - 2014-08-27 19:17 - 00049152 _____ () C:\Program Files\LibreOffice 4\program\python-core-3.3.3\lib\_socket.pyd
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2010-06-04 17:57 - 2010-06-04 17:57 - 00603568 _____ () C:\Program Files\Acronis\DriveMonitor\x_adm_driver.dll
2010-06-04 17:40 - 2010-06-04 17:40 - 00018272 _____ () C:\Program Files\Acronis\DriveMonitor\log_trace.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: AntiVirSchedulerService => 2
MSCONFIG\Services: AntiVirService => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CGVPNCliSrvc => 3
MSCONFIG\Services: ehRecvr => 2
MSCONFIG\Services: ehSched => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: FsUsbExService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Lavasoft Ad-Aware Service => 2
MSCONFIG\Services: MatSvc => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: ProtexisLicensing => 2
MSCONFIG\Services: RichVideo => 3
MSCONFIG\Services: Secunia PSI Agent => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: sp_rssrv => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TuneUp.Defrag => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: UxTuneUp => 2
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk => C:\Windows\pss\LUMIX Simple Viewer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 8.0 AE.lnk => C:\Windows\pss\PHOTOfunSTUDIO 8.0 AE.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Hubert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Hubert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Shoot'n Save.lnk => C:\Windows\pss\Shoot'n Save.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DocFetcher-Daemon => C:\Program Files\DocFetcher\docfetcher-daemon-win.exe
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MDS_Menu => "C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SpywareTerminator => "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
MSCONFIG\startupreg: YouCam Mirror Tray icon => "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s

========================= Accounts: ==========================

Administrator (S-1-5-21-4285553767-1374707740-3178024607-500 - Administrator - Disabled)
Gast (S-1-5-21-4285553767-1374707740-3178024607-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4285553767-1374707740-3178024607-1013 - Limited - Enabled)
Hubert (S-1-5-21-4285553767-1374707740-3178024607-1000 - Administrator - Enabled) => C:\Users\Hubert

==================== Faulty Device Manager Devices =============

Name: HWiNFO32 Kernel Driver
Description: HWiNFO32 Kernel Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HWiNFO32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/21/2014 04:03:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7cc3ce37-d682-4a2b-8a25-9e4835ef3743}

Error: (10/13/2014 04:04:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm ashampoo_photo_commander_11_11.1.5_16492.tmp, Version 51.1052.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: bc8

Startzeit: 01cfe6ef5621fab1

Endzeit: 55

Anwendungspfad: C:\Users\Hubert\AppData\Local\Temp\is-1R5V9.tmp\ashampoo_photo_commander_11_11.1.5_16492.tmp

Berichts-ID:

Error: (10/13/2014 03:14:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ashampoo_photo_commander_11_11.1.5_16492.tmp, Version: 51.1052.0.0, Zeitstempel: 0x525a5795
Name des fehlerhaften Moduls: webbrowser.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ff22ae9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x02f25f00
ID des fehlerhaften Prozesses: 0xbc8
Startzeit der fehlerhaften Anwendung: 0xashampoo_photo_commander_11_11.1.5_16492.tmp0
Pfad der fehlerhaften Anwendung: ashampoo_photo_commander_11_11.1.5_16492.tmp1
Pfad des fehlerhaften Moduls: ashampoo_photo_commander_11_11.1.5_16492.tmp2
Berichtskennung: ashampoo_photo_commander_11_11.1.5_16492.tmp3

Error: (10/13/2014 01:33:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm gimp-2.8.exe, Version 2.8.14.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 18a8

Startzeit: 01cfe6e1a004ae19

Endzeit: 31

Anwendungspfad: C:\Program Files\GIMP 2\bin\gimp-2.8.exe

Berichts-ID: 045eaafe-52d5-11e4-af81-001f1631576c

Error: (10/13/2014 01:31:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm gimp-2.8.exe, Version 2.8.14.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1864

Startzeit: 01cfe6e159fe164c

Endzeit: 3

Anwendungspfad: C:\Program Files\GIMP 2\bin\gimp-2.8.exe

Berichts-ID: bf279b3b-52d4-11e4-af81-001f1631576c

Error: (09/30/2014 01:57:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm soffice.bin, Version 4.2.5.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c2c

Startzeit: 01cfda6ca19a67b9

Endzeit: 220

Anwendungspfad: C:\Program Files\LibreOffice 4\program\soffice.bin

Berichts-ID: 30924077-48a1-11e4-8564-001f1631576c

Error: (08/21/2014 04:20:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Kies.exe, Version: 1.0.0.1949, Zeitstempel: 0x53d21837
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x531599f6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000812f
ID des fehlerhaften Prozesses: 0x6e0
Startzeit der fehlerhaften Anwendung: 0xKies.exe0
Pfad der fehlerhaften Anwendung: Kies.exe1
Pfad des fehlerhaften Moduls: Kies.exe2
Berichtskennung: Kies.exe3

Error: (08/21/2014 04:20:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Kies.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.InvalidOperationException
Stapel:
   bei System.Windows.Threading.Dispatcher.VerifyAccess()
   bei System.Windows.DependencyObject.SetValue(System.Windows.DependencyProperty, System.Object)
   bei Kies.Plugin.DeviceHost.BatchService.EndBatchService(Kies.Plugin.DeviceHost.BatchServiceResultState, Kies.Plugin.DeviceHost.BatchServiceSaveFailReason)
   bei Kies.Plugin.DeviceHost.CommonBnRService.SetEndWorkingStatus(System.String, Kies.Interface.MainUI.TaskStatus, Kies.Plugin.DeviceHost.BatchServiceResultState, Kies.Plugin.DeviceHost.BatchServiceSaveFailReason)
   bei Kies.Plugin.DeviceHost.MultimediaBatchService.ExportThreadFunc(System.Object)
   bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (08/21/2014 03:44:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Kies.exe, Version: 1.0.0.1425, Zeitstempel: 0x5227081c
Name des fehlerhaften Moduls: Kies.ni.exe, Version: 1.0.0.1425, Zeitstempel: 0x5227081c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0015c795
ID des fehlerhaften Prozesses: 0x16c8
Startzeit der fehlerhaften Anwendung: 0xKies.exe0
Pfad der fehlerhaften Anwendung: Kies.exe1
Pfad des fehlerhaften Moduls: Kies.exe2
Berichtskennung: Kies.exe3

Error: (08/21/2014 03:44:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Kies.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.DispatcherOperation.Wait(System.TimeSpan)
   bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherOperation, System.Threading.CancellationToken, System.TimeSpan)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei System.Windows.Threading.Dispatcher.Invoke(System.Delegate, System.Object[])
   bei Kies.MainFrame.MainWindow.<.ctor>b__1()
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.DispatcherOperation.Wait(System.TimeSpan)
   bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherOperation, System.Threading.CancellationToken, System.TimeSpan)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei System.Windows.Threading.Dispatcher.Invoke(System.Windows.Threading.DispatcherPriority, System.Delegate)
   bei Kies.MainFrame.MainWindowVM.LoadedCommand_Execute()
   bei Kies.MainFrame.MainWindowVM.<get_LoadedCommand>b__0(System.Object)
   bei Kies.MVVM.RelayCommand.Execute(System.Object)
   bei Kies.MVVM.AttachedCommandBehavior.CommandExecutionStrategy.Execute(System.Object)
   bei Kies.MVVM.AttachedCommandBehavior.CommandBehaviorBinding.OnEventRaised(System.Object, System.EventArgs)
   bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
   bei System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
   bei System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
   bei System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs)
   bei System.Windows.BroadcastEventHelper.BroadcastEvent(System.Windows.DependencyObject, System.Windows.RoutedEvent)
   bei System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(System.Object)
   bei MS.Internal.LoadedOrUnloadedOperation.DoWork()
   bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()
   bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()
   bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(System.Object)
   bei System.Windows.Media.MediaContext.RenderMessageHandler(System.Object)
   bei System.Windows.Media.MediaContext.Resize(System.Windows.Media.ICompositionTarget)
   bei System.Windows.Interop.HwndTarget.OnResize()
   bei System.Windows.Interop.HwndTarget.HandleMessage(MS.Internal.Interop.WindowMessage, IntPtr, IntPtr)
   bei System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.ShowWindow(System.Runtime.InteropServices.HandleRef, Int32)
   bei System.Windows.Window.ShowHelper(System.Object)
   bei System.Windows.Window.Show()
   bei Kies.App.StartKies()
   bei Kies.App.App_Startup2(System.Object, System.Windows.StartupEventArgs)
   bei System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
   bei Kies.App.OnStartup(System.Windows.StartupEventArgs)
   bei System.Windows.Application.<.ctor>b__1(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.Run()
   bei System.Windows.Application.RunDispatcher(System.Object)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run(System.Windows.Window)
   bei System.Windows.Application.Run()
   bei Kies.App.Main()


System errors:
=============
Error: (11/10/2014 09:18:56 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/08/2014 07:01:42 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (11/08/2014 07:01:38 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (11/08/2014 07:01:33 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (11/08/2014 07:01:03 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (11/08/2014 06:59:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HWiNFO32 Kernel Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (11/06/2014 02:03:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (11/05/2014 01:01:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.

Error: (11/04/2014 06:28:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (11/04/2014 11:56:26 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.


Microsoft Office Sessions:
=========================
Error: (11/11/2012 03:40:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5090 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/17/2010 04:30:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 2351 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 69%
Total physical RAM: 3004.87 MB
Available physical RAM: 923.82 MB
Total Pagefile: 6008.03 MB
Available Pagefile: 2262.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.86 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:270.01 GB) (Free:222.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recover) (Fixed) (Total:19.99 GB) (Free:9.52 GB) NTFS
Drive h: (Lokaler Datenträger) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive k: (Daten) (Fixed) (Total:34.67 GB) (Free:24.92 GB) NTFS
Drive s: (Sicherungen) (Fixed) (Total:139.98 GB) (Free:20.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1BBC3EEB)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=270 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=194.6 GB) - (Type=05)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
         
GMER:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-10 12:45:06
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AX00 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Hubert\AppData\Local\Temp\uwrirpow.sys


---- System - GMER 2.1 ----

SSDT            999F9186                                                                                           ZwCreateSection
SSDT            999F9190                                                                                           ZwRequestWaitReplyPort
SSDT            999F918B                                                                                           ZwSetContextThread
SSDT            999F9195                                                                                           ZwSetSecurityObject
SSDT            999F919A                                                                                           ZwSystemDebugControl
SSDT            999F9127                                                                                           ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                           82E3FA35 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                             82E79392 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                82E806DC 4 Bytes  [86, 91, 9F, 99]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                82E80A38 4 Bytes  [90, 91, 9F, 99] {NOP ; XCHG ECX, EAX; LAHF ; CDQ }
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                82E80A7C 4 Bytes  [8B, 91, 9F, 99]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                82E80AF8 4 Bytes  [95, 91, 9F, 99] {XCHG EBP, EAX; XCHG ECX, EAX; LAHF ; CDQ }
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                82E80B4C 4 Bytes  [9A, 91, 9F, 99]
.text           ...                                                                                                

---- User code sections - GMER 2.1 ----

.text           C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE[256] kernel32.dll!SetUnhandledExceptionFilter            75C6F5AB 5 Bytes  JMP 320A53FC C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
.text           C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE[256] ole32.dll!OleLoadFromStream                         77206143 5 Bytes  JMP 32B6F68E C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
.text           C:\Windows\Explorer.EXE[3080] SHELL32.dll!SHCreateShellFolderView + EB8                            763F1776 5 Bytes  JMP 5DB11890 C:\Program Files\QTTabBar\QTHookLib32.dll
.text           C:\Windows\Explorer.EXE[3080] SHELL32.dll!SHCreateDefaultExtractIcon + 7B20                        76433B41 5 Bytes  JMP 5DB11920 C:\Program Files\QTTabBar\QTHookLib32.dll
.text           C:\Windows\Explorer.EXE[3080] SHELL32.dll!SHFileOperation + F968                                   7662AE39 5 Bytes  JMP 5DB11B20 C:\Program Files\QTTabBar\QTHookLib32.dll
.text           C:\Windows\Explorer.EXE[3080] SHELL32.dll!SHLoadInProc + 13CB2                                     76677E04 5 Bytes  JMP 5DB11A40 C:\Program Files\QTTabBar\QTHookLib32.dll
.text           C:\Windows\Explorer.EXE[3080] ole32.dll!RegisterDragDrop                                           7721E924 5 Bytes  JMP 5DB11620 C:\Program Files\QTTabBar\QTHookLib32.dll
.text           C:\Windows\Explorer.EXE[3080] ole32.dll!CoCreateInstance                                           77249D0B 5 Bytes  JMP 5DB115C0 C:\Program Files\QTTabBar\QTHookLib32.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                             tdrpm258.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                             tdrpm258.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                             tdrpm258.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                             tdrpm258.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                             tdrpm258.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                             tdrpm258.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                             tdrpm258.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                 
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@F9909D31        802
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\XP-710 Series(Netzwerk)@ChangeID  148141388

---- EOF - GMER 2.1 ----
         

MWB:
Code:
ATTFilter
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/11/10 09:33:33 +0100</date>
<logfile>mbam-log-2014-11-10 (09-33-32).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.3.1025</version>
<malware-database>v2014.11.10.03</malware-database>
<rootkit-database>v2014.11.08.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x86</arch>
<username>Hubert</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>318183</objects>
<time>1486</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>2</values>
<datas>0</datas>
<folders>1</folders>
<files>1</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>warn</pup>
<pum>enabled</pum>
</options>
<items>
<value><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{D4027C7F-154A-4066-A1AD-4243D8127440}</path><valuename></valuename><vendor>PUP.Optional.FrostwireTB.A</vendor><action></action><valuedata></valuedata><hash>62f2df5aa8d4ec4adf5b4ba435cd9e62</hash></value>
<value><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{D4027C7F-154A-4066-A1AD-4243D8127440}</valuename><vendor>PUP.Optional.FrostwireTB.A</vendor><action></action><valuedata>|ÔJf@¡*BCØt@</valuedata><hash>62f2df5aa8d4ec4adf5b4ba435cd9e62</hash></value>
<folder><path>C:\Users\Hubert\AppData\LocalLow\DataMngr</path><vendor>PUP.Optional.Datamngr.A</vendor><action></action><hash>292bc4756517a195dad76d980ff4ad53</hash></folder>
<file><path>C:\Users\Hubert\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}</path><vendor>PUP.Optional.Datamngr.A</vendor><action></action><hash>292bc4756517a195dad76d980ff4ad53</hash></file>
</items>
</mbam-log>
         
Miniaturansicht angehängter Grafiken
Malwarebytes (free) findet Registerwerte von  PUP.Optional.FrostwireTB.A-image210.jpg   Malwarebytes (free) findet Registerwerte von  PUP.Optional.FrostwireTB.A-image209.jpg   Malwarebytes (free) findet Registerwerte von  PUP.Optional.FrostwireTB.A-image208.jpg  

Alt 10.11.2014, 12:15   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Malwarebytes (free) findet Registerwerte von  PUP.Optional.FrostwireTB.A - Standard

Malwarebytes (free) findet Registerwerte von PUP.Optional.FrostwireTB.A



Hi,

ja kannste löschen lassen.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 10.11.2014, 13:24   #3
juhu73
 
Malwarebytes (free) findet Registerwerte von  PUP.Optional.FrostwireTB.A - Standard

Malwarebytes (free) findet Registerwerte von PUP.Optional.FrostwireTB.A



Hier die Logs:

AdwCleaner:
Code:
ATTFilter
# AdwCleaner v4.101 - Bericht erstellt am 10/11/2014 um 13:46:44
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-07.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Hubert - HUBERT-PC
# Gestartet von : K:\Hubert\Eigene Dokumente\PC - dies und das\adwcleaner\AdwCleaner_4.101.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Hubert\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Hubert\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Hubert\AppData\LocalLow\DataMngr

***** [ Tasks ] *****

[x] Nicht Gelöscht : Driver Booster Scan
[x] Nicht Gelöscht : Driver Booster Update

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v25.0.1 (de)


-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [5465 octets] - [29/01/2014 18:16:19]
AdwCleaner[R1].txt - [2004 octets] - [10/11/2014 13:40:23]
AdwCleaner[S0].txt - [5532 octets] - [29/01/2014 18:19:01]
AdwCleaner[S1].txt - [1874 octets] - [10/11/2014 13:46:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1934 octets] ##########
         
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x86
Ran by Hubert on 10.11.2014 at 13:56:13,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\Driver Booster Scan
Successfully deleted: [File] C:\Windows\System32\Tasks\Driver Booster SkipUAC (Hubert)
Successfully deleted: [File] C:\Windows\System32\Tasks\Driver Booster Update



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{004C87BE-6CE9-4FDA-A0E8-D8FA3ECBC107}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0069FED6-22F2-436B-8709-A0F8032B3184}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{00A2C4B5-8A61-4B23-87F8-C7881DB6F2EC}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{01601445-4D44-4374-9E9A-C406653E3063}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{02061411-3564-45A9-B7C8-4910F969E5A7}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{020A5FB0-4FE4-44FB-911C-5A8F33A3F19B}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{028626C4-4849-4218-BDB1-0A645A716CA0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{02F31811-3D5E-4392-AA69-E7B1B62FBA9F}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0346DD06-1924-49A3-BD6D-A0826B474959}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{03C69506-A10B-435C-965A-32E362DAA978}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{03E6E2C7-6490-4039-9FE2-690F0315A2AF}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{03E84315-2110-4319-8310-984FADF245D6}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0439D578-2EE6-4DD2-ACCD-7025589E0DCF}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{04482075-0AC1-4ACD-9635-C577AB6D6567}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0476349B-2B74-4D9D-8CBC-1C2F7098EBEF}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{04BC0853-81D7-47AE-9718-D94763738FB6}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{04D44499-0A16-4992-86A3-1A2C693F7397}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{057359EF-FB40-4982-AC0E-2AB11D8EC404}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{05E85A95-45D0-4707-B70F-8F73A43DF0CB}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0609E90B-6EE8-4433-901C-010E84568C4F}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{06DDF69C-3161-4328-B022-624A9A279DF8}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{07032DF9-3149-4E35-A6C3-671B74DA3A4B}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{074B5C23-EF52-40D6-92DA-C961160C926C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{07790B69-3112-431F-AB38-C5591C8D3235}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{07E5BD59-CAAB-4DA1-9CB4-8A6F4D241D4E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{081F2C2D-79F3-4DD4-B6D3-A23FD8E4E820}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{082191F1-A99B-4CA2-9261-4B9B29CF18B5}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0910A482-0700-4C23-8869-9E95384A7D06}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0943348F-5CA3-4140-B458-283EFECE0C2D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{096E551B-F3E9-40D9-A8DE-CEDF992B8766}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{09870A60-7780-490C-99BD-F2D5057D8407}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0A0E28BA-952C-4290-A0D8-D14F7CDB31C1}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0AA84A82-2352-4DE1-917E-3290EC1DFE70}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0AFDB81E-42A0-4767-AAFC-2B831B4DD9A4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0B23FE73-8B1B-4E1F-9C5A-1D4DC088BB78}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0B5A49E4-7379-42B5-86BC-24B83A9AF56C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0B907A36-F4B3-4A9F-9F20-11B419C20D87}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0B950D41-8EF0-4740-8E9F-94F0F0AFFD5C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0C0A8725-21E4-4DD4-B562-435AAFE9D33D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0C3FEAEF-002D-4CAC-993E-8ED7969B1549}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0CAD083A-0C81-41DD-B085-3D506393C44B}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0CE4F521-9997-4662-AB9F-F1EC2BFA2015}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0D3146DF-6D26-49FB-A418-ED34B4FFA19B}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0DE7ADE1-8132-4A3C-8405-53CB03A50476}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0E01BA9F-D518-41A1-B9AA-CD55F7CC8905}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0E1DF0D4-955D-4C70-AEAF-52147B6234EB}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0E70EE70-FD3B-436A-9EFE-CFF35C5A39E0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{0F8D0387-E493-4FBB-9683-863D85AE720D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{102ECEA1-6CA8-40CD-9353-BCBA637789AF}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{106EF3C4-C0C2-4C44-BEFB-6B79C676E9B5}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{108614C6-958D-4C16-997E-C0734F91A07D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{11A71CE7-C651-464C-A195-42E253D29E4C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{125519A2-4086-41FE-8606-BBEE182C1827}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{13007CB6-4712-45B1-906F-998ECE97A2D5}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{135C417A-E6C3-4815-AF21-377E749239ED}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1372E446-0D74-447E-8B93-1909F8B7A4E0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1383A125-DDEF-4229-95DA-C33C92917F00}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1388B344-5D3F-4043-B342-CC7F1E0642BD}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{13F0D153-4CC1-4D69-AFED-A88EBA4E6371}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1511DA29-C4F7-4290-BBEF-0F2E5366D3FE}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1539A33E-E95C-4D4D-BD49-7A10E9A58201}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{15A4770B-D6BA-48B2-BF16-CD9D9BA46BE1}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{15C742C0-3116-4568-AAF4-652EE0071084}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1661B961-EB86-4A0F-B162-763F4E87A21C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{167A9177-81A5-43F4-A618-9A37A6092F15}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{16983A57-E729-478D-AEA7-951952825340}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{16EDFA14-7DC0-4845-B964-45FCFCE436D1}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{17DD5CAD-612F-4553-AE89-A60173BFC8B2}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{18319B6A-C2BA-49DB-BFF0-22F664843BE4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{187F5506-3A27-4683-8BB6-60545B858B52}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{18A662BD-C561-48BF-BD2D-EF03D7D479D5}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{18D4C7D9-5DEE-4082-8326-26080DFE7170}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{18DA1370-E458-42C5-BF70-FB8A37DD11BB}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{19582FB5-2978-4F30-97AD-572D00CD8E38}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{19CF6DCC-CAC9-419C-A430-DB1933323099}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1B2DF073-6DB8-4441-BC35-8EAABC1C8FC4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1B8D4DD4-1DF6-459A-8463-5B0D1CB442EF}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1C613DE8-5918-4249-A5AE-95CC7E81A5F5}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1CA841D0-083D-498F-B867-8E9BE7C88875}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1CB82942-7AB8-49DF-B04A-C88749AB2308}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1D0759C4-92E9-426E-95EC-5E1FB8AF6DEC}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1D0E7965-D8E7-4D3A-A8CA-2A901F1CA578}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1D27496D-66F6-40DE-B824-21E2BE8A6333}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1D34B771-AE1C-43E0-A079-A07359ECC918}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1D407905-374A-4D33-A2D4-DDE3AAA2BDFA}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1D80E91C-EFBC-4438-86F0-E484189CA31E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1E421DEF-5A99-4B6A-8937-EDFD4CEBEED4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1E728D08-407B-4877-A37B-ECC507E03CC9}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1F02666D-5AFC-4355-955F-2A8B29C243CA}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1F0B259A-9AE9-4D92-ADD2-A7FE511CDD12}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1F3C8189-C15D-4E90-85A9-1E811BE439F8}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1F44FC62-BEA6-4777-8FFE-28ECA3BF1C6F}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{1F9A3E16-B40F-4D6B-AB60-BFC05E646829}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{20035850-2FA8-4587-9650-B8E9528CA520}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{20FD9CDD-1A13-4DB9-A178-FD7A82652C79}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{221EDDE1-8B63-4E8D-B97A-39850A49F203}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{227069AE-DE0F-475C-8B94-2F11A8EBAD12}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{22FBBC39-7F9F-4237-B242-8A55892CEBB4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{23410041-641F-4A83-90C5-454D811C6727}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2373C2C1-1C2F-4ACB-A519-1AB0C257F91C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{24104056-632B-4C19-A6F9-DF435ABA577F}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{24313631-4EF0-4363-9CB5-8FC77127B67B}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{24B3FD0D-2C23-488E-A183-224285D46615}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2573350D-A359-4278-BE6C-2E6AC0EC6326}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{258A223F-3AB0-4E3C-8EE9-FB11A19C5C59}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2634A4B4-01B6-4AED-B724-9EF28B7EDA3C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{26A5E1DF-768B-4B66-9BB1-93D9CE9B5EE6}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{26B7752F-03A4-455D-AB34-F456922ED769}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{26ED2B61-4EA0-4D96-953A-59DE49337A4A}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{289F0DEA-902A-4BCC-A9C0-8C516EEE53C9}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2A345DE0-0619-4A12-A34B-8BFCF0C6239E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2ADFDEC0-0AB9-4B9D-BEC2-01AC43C8AE64}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2B389020-943E-4AB6-A319-FB7D7266D8A9}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2B76142C-AD29-48E7-BD0A-6F39E6101CE8}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2BE5A417-DBB7-4A7E-B343-5A3FAFD7F258}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2C724EF4-D797-41E3-9618-7239044F9FA4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2CBCCEB5-83AA-4F62-B55C-A321B7EF3EFA}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2CC19DE4-9990-40EF-A3CF-BBE3415FD572}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2CDB5767-E1BB-4132-898D-6E7A0232BEA6}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2D023C9A-6828-4DA2-A3AB-CC3CB406305D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2D50AD64-71AF-4CB6-8704-F9E0C40E17F4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2D64DE1D-315A-412D-B3DE-A755C41F8FFE}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2DBAF8C2-CE17-42E3-8B73-0C994FAF6D7A}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2DC197BB-66ED-4D17-A9CC-2E59E805A113}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2EB6AB91-9DAA-48D8-B701-AFDD1CEDDCE3}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2ED32330-5FFC-460D-BC70-A952CFE44B83}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2F0B59E1-BCC6-4150-A05C-D1FB892880F2}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{2F38D13A-262F-4C2F-BD4B-D94CD8FAF3F2}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{30FF4A69-457F-4D50-9FC9-4CADAACC0808}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{320AFD84-45FE-4721-BF33-0FE3501CE1E4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{325E4ECF-97E3-40C3-A8BE-FA065C22F1C6}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{3389EF88-995D-41C4-A987-18B226ABC8BB}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{33E62F2E-A80D-464A-A373-91A82236454E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{3498884B-1AE3-483D-8DBD-FA424F98F0F2}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{34B9F532-AF38-467B-A80D-EC0C989893B6}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{34CDE6B9-6430-42B4-A0CC-E83926B3285D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{35E850F3-878D-47CB-9C8E-62E4949BFE13}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{3606E38D-68A4-4FA3-9C2C-DDB13AB18843}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{364E3ABE-44CD-482B-8C80-54FA9A961733}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{36593358-0C3E-446A-9073-30FE7C9B1F2D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{3769E7FA-6EEB-4590-9DD9-5C99A7A58A83}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{37BB12E2-586D-4D8A-AE9E-34F1C5880D11}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{388D81B7-63FE-4FE8-A9C4-BAA3DBBB1BC8}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{38F60FD9-1478-42CF-AE49-E46B4334D69D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{3A31FEF2-9E1D-4AEB-81A5-3AD1F78CA6A4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{3A44605E-9FAA-40DB-A27D-92CF72481B96}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{3A6516F7-7CEB-4A15-B20B-C125E7B6B047}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{3B94E00B-42AA-4AE7-A32A-5A7835597462}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{3BE068FE-8497-4C78-B8FA-233F57436CFD}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{3CB0F783-0596-49FC-9F35-E7A6738141EA}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{3CE09C8E-DA39-4890-900E-6408BBC4A360}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{3D579F79-6D55-45E3-A313-FD1D3DDE82EC}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{3D6BB796-AC5B-4FCE-88AC-123C73C174DD}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{3DD3CF04-BD25-4163-9F69-F5566A10DFB1}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{3E030D81-E2FA-4215-A162-9C8C558656F7}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{3E81A03A-C5C9-4F64-BB56-9D73A895993B}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{3F3C1045-17D3-4064-AFF9-C7C9EF9E53CA}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{3F9B55A7-355A-4C57-8319-88B8C2643450}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{407F355D-B43B-4FE2-B36B-6580B5468B2D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{40FBFB43-F59F-4A9F-968B-C0838A1BCBBA}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{4125179E-4A38-43DE-87A4-2685BC2093B5}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{413A9B11-4317-49FE-98EE-0C2B2857B4C4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{416AB374-F65B-4205-86CF-0491B418894E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{4172149B-7680-467C-86FD-1F3097A7223C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{41A71345-69C2-475D-99FE-FD7B6E6809C9}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{41C85F70-9222-4D96-B857-40EE8C84F337}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{41E3FB6A-FC96-47C1-9C32-5FFC08C5B45E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{427065AF-2987-4F50-A3A1-EDD06F1954B0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{42E5A63E-7555-4020-B0AF-496EC5899CEA}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{42E8D976-A3F9-4E94-A178-36C67122E03F}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{431F32F9-F221-48B8-ADB8-18941F313E28}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{43D7586B-BD14-47D0-B88C-25CCC57233BF}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{44A2D6F3-5F79-465E-957A-2AECEF12F6AC}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{45A6B23B-EA62-4237-A8D0-715509A1E7D7}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{46FF1B2C-B592-42DF-B106-DEF6D9E8E311}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{473A8F4E-8389-4942-AE76-6D76A3C2582E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{48D8EB72-585E-4E72-9F0C-6D80473B709B}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{490EF508-234A-42F5-8459-8E7E336EEB0B}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{49556691-173F-4C47-8303-67D6DFCA5744}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{49BE296B-58E4-457D-823F-8E7A1C1EB867}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{49DD3FBA-157B-417D-9C83-73085EE19971}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{4A585882-A2A2-42CC-A6B9-3645D7C0B406}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{4AA416F0-BBD1-4FFD-ACA2-6C38B4B78002}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{4B29FB8D-B3F6-4F27-A6B8-98B943DEF598}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{4BA66214-474C-486A-8BB6-B0FE5EF55E18}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{4BCBF91E-7D30-4739-89C0-A803391972D0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{4C7CA038-5C87-4853-A143-36A9214468F0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{4CB8CC7C-F3F4-4B39-B7D8-C7CFA2AA03AF}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{4D894BFE-D118-457A-A2F3-19D2A27D4ED7}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{4DF2F124-C4B8-40E8-B1FC-20B3A1437B38}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{4EC9E622-07AD-43EA-94AA-297165BB35AD}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{4F0873C2-E33B-4BEC-AA9E-869B86DAD537}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{4F506A7E-69D5-4D91-846D-5946A6B10DE1}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{4FA022A3-F497-4B4B-AE54-0D13200B2B0C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{4FBD1042-ADB7-4F08-A1B9-81EA8526A4A6}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{4FC93239-D422-448E-BE06-9B97AA146000}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{50417053-E904-4F88-BAE6-B86115D1681A}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{506EB01A-4974-43BB-805D-B4C3436DC8F7}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{511FA0DF-0F07-4479-98C2-89BED63DA708}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{51387910-25D4-4E43-A3A0-F1395F204BFA}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{51A4F701-8CB7-4F2D-A586-0A6A873B038B}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{51DEA04A-635B-42B5-8A28-19C221B5F264}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{52250278-D8FC-453C-BD2C-926B6B97EC27}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{527D2BEF-5D08-45F8-9109-71607F98C2F3}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{534FE2DA-5C64-4A69-A944-7808738434FA}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{535953F7-6130-4A23-B160-3E53C8C0418E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{535A01C0-6761-4A87-88A7-55993202BBBF}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{538C0321-8A7F-450E-A831-495759F4E969}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{539F04B7-02AE-45E1-BEFC-58D1D4884DB4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{53DA375A-063B-490A-B0BF-0AF03F87E7BC}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{53DF6F2C-A73F-4E5B-8F6B-586ACEF36D05}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{549FFAE3-4FCA-458F-8FAC-30DF3C1D28C3}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{54A87563-16A4-4990-A532-3EDFED4B5FEE}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{54C498A4-1238-4C48-BA29-E44A4CAC61AB}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{54E9C4AF-4F14-4221-8E58-C57E78E9A64D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{550107A8-A9B8-47DB-A31F-83D0BAE4770D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{552F65F7-C8FE-4AD8-A333-9DC32A5C1A95}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{5560E287-8616-4C8B-A568-BB72353C9036}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{55703D80-2F65-4B12-9E2A-C508CFE56DF9}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{55EEF36F-5425-4114-897A-F35E50649B0D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{5673B92B-66EF-4E41-861F-F0E909D376A0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{56FA99FC-8B44-40DA-9110-58BA891E132E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{573305DE-08E5-4088-9978-19C38F32A0B5}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{57374E2B-02FF-448F-95EF-32CEEE980C21}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{57796B11-7A31-4E14-96AB-5F24FF9B226C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{588B07D7-AF2C-4E6E-B327-43034F4121BB}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{5A881A68-1A17-4123-8B07-0D0B593DD81C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{5AB5F4E0-4606-437C-B897-9734FBA58AFE}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{5AB6BF9D-7475-41CC-9613-80FD18E0B71F}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{5B37920D-4C2E-4E5A-8DD8-6F50286DB5F4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{5C494B29-A49D-4F40-AB70-2C9FA47E7CB9}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{5C4BF1EC-A06F-4561-99D4-4B66ED0281DC}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{5C78AAC1-2F0D-4D03-9BDE-DC2F97D7A4BD}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{5CD14D65-90FD-4C98-942B-D4994130A46D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{5D70E91C-5A14-4477-B8F5-F884054CC8D2}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{5D84EADA-2814-4D86-8A63-2E8AC2FEC38C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{5E8F35BA-090F-42B2-8BBD-976803B96DF0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{5F524BBF-6C3B-47BD-8705-35198130F43C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{60186379-A4BF-4713-A1E0-AE85CDD5C67C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{601F123E-3DD6-4598-AC85-2E3D013D42D6}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{60215085-362F-4447-B96B-789AE6FA7ED8}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{61028B5E-4DDA-46A2-A175-3746DEC53C89}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{61246469-3F25-46A0-8C85-231B3AFFB0D2}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{615AD402-27D3-4EE3-961C-C47A65CCDBD4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{617AA6A1-9CF5-421B-9231-21CF33CBABB2}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{6239CCC2-DAED-4CB9-9E01-7ACF0FFC3628}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{628488AD-9DD0-4523-B956-D659E6F20CBC}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{62EAD136-6478-48A9-98C4-7939597CF13A}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{62F4C18C-653D-433A-BE37-3048984822B9}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{64D0B530-0EF3-4CB1-BD6E-9D2C38ECE176}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{64E4A43F-CA41-4467-BAF5-2EC2FC26CB95}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{64FAD3C0-3181-4423-87EB-6875668034A6}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{6640FEF0-00FF-4BE7-8D94-AC528BC4ED3C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{666AB2F4-CD54-421E-BA2F-BB71AF0F66E5}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{6671CDDA-4DAF-4135-B64B-7F5BFAA7BA8F}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{66D2EF7F-B1E3-481A-8107-15BCDAFC2C49}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{66D42741-5ABB-476C-A094-AF1A99A55796}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{67B1DF49-58C8-4599-B64C-D360E66DC04B}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{67B57DF9-4A5D-4331-A647-54901D4C5168}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{67F70EF9-096B-4403-9D3B-0AD619AA10DF}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{67F7CAB5-0E58-4400-9D4E-0B2243FCB27D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{6842D38D-52DA-4541-87F5-0AECD5BBDBDA}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{686160A6-5E23-40C7-BE94-5C8C89367852}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{68E361E9-C18A-4899-ADFF-34BA4345ACF5}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{6A4D7E85-CBED-4AF0-BBF6-2BAA55255425}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{6AE034E1-B409-44BA-9A03-728DEC3C44BC}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{6C1CD441-0590-44D8-A76E-E4E1EF37ACA2}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{6C4BBECC-660B-4548-95A4-F02A5C2572DE}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{6CAFC4D5-6D38-4A73-BCA2-CFB14A9F5C07}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{6CBD5F4B-620A-43A0-B1FC-609337AD91B7}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{6CC4476E-51B7-4DE7-A084-122EDC2C015C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{6D280E74-C5BD-498F-8D85-99AD8105AFCE}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{6D5B8018-E4BE-482F-8A92-A4801B412E83}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{6D9A64F3-667A-416B-9CC5-30E4DFBBEDA0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{6E213D6A-6E59-482D-A3F4-00092B86A884}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{6E54B238-C4FE-42AD-A4F2-D8A9DBFED8D5}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{6E5D0243-C787-47E2-B711-C61C82EEE186}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{6E9C36BA-BE44-4543-BBD5-73EFD08954DE}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{6FD0F266-D2F7-4F42-A9F5-698E0B8D56C2}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{706C1AC9-2F08-431A-8D04-4F7CA4012C3F}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{70767CBA-EC58-4456-B889-D02C3CD68170}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{710417FF-6677-49F5-ACD7-41101884953A}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{71603986-D322-484C-8020-285E8E5D4D77}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{721F8F25-1B73-4DFF-A884-8D3D03F9A2D7}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{72C5038A-4B8C-41DB-AC4F-0A1410A6E070}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{72F68CD5-865D-4914-ABE0-6723A36DD7D8}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{73EB2886-2DEE-493C-B473-15AC99DB73EB}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{73FB044B-70E9-4897-8D39-5AC0E57F999E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{740B0554-47B9-43CF-835C-FA14C0E1D8F3}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{740DDA5C-A3DD-497E-886E-C68CA442ED44}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{7459DA2A-3C61-4F2B-BC51-E51215FD6BAA}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{750D272F-5282-4A31-9FFE-B9E44C90CBC5}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{769EC4B2-F01F-41A1-8431-8C5A9D04270D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{77400818-0201-4EA8-B068-F2FCB2F1443F}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{7836A85C-C9D8-4002-BAB8-CD1CB7FD5BEC}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{79100B28-6622-40B3-ABDE-7CE729E2B7AE}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{79433523-0E1C-468C-99C9-F88ADB9EE9BB}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{79B44F5F-0231-45EF-A0D0-7D7AD660D192}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{7A1A4B66-4FD9-4698-9ECD-56714AA63B0B}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{7A4D9AB8-6505-4DBC-AB3A-23C55FA1DE29}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{7AC09868-307B-4544-8F6F-A20A9F9FF22E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{7B2B7890-090A-43E9-A640-025792FDF7DE}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{7C31DCA9-C71F-44EA-8C0E-E6EFB577DEC3}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{7C5BFB63-ECD7-46D5-9A1B-B4B69F8BF9E6}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{7C75E76F-6907-449C-98DE-62B2CF043BAB}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{7D3195B7-9AB2-48CE-80B1-DB7C9F04012A}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{7DA3417D-7CE5-4363-934D-E39F7BC8A2EC}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{7DC8C8A8-205D-44FD-8624-E393CAEA416E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{7DE7374A-CC39-4F5B-B5CB-E70B815503EA}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{7E0811DA-4EF0-4506-8BB1-9234A212E862}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{7E51DFD4-3B29-4DF8-9208-126D6B9E2B76}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{7E8A4AF2-5583-4DF1-8E48-9BA7A9469842}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{7FE05389-7E4F-4617-8DD3-2E6D7CE680C4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{7FE4B21D-88EE-41B9-92E6-FFA8ADEC44FE}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{800BBB83-9181-41EE-9817-07F176F8A70C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{80B7756C-421C-484F-B656-7DB44A27F756}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{810E7499-8D3D-4DEB-8176-0D96DC8870CA}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{819FFE0D-1205-4ADD-9AC7-2BA5694166F1}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{81DDB8D8-D9FB-4C6A-8D8F-B9095FC04407}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{82457FF8-3AF3-468F-982A-B8C578416119}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{828B14F1-1D8D-406B-9643-EF13F248094C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{830ABE77-CE8E-4416-912A-D2BC11A80B85}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{8310B147-B660-41DE-938A-11B2ED7E2025}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{836DF26C-0EAE-4A7F-8010-39DB83D83A02}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{8397735C-17C8-4ECD-B2C4-51A36B906AC6}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{83D54EEF-38AD-4F28-977C-9F363AA680D9}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{8481DD9B-664D-4F75-B663-CBE77F001B56}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{84C31801-37EC-4C92-8FC5-3CC553055B7C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{84DBAE7D-8506-4510-B97C-88146002DEA0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{870E233F-6051-463E-9E56-0EB39C99107A}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{885D5DE4-7007-42D3-8B6A-F6E773D9FD27}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{88ABDAD5-2E23-425D-B250-6FE5ADBA8E42}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{88AF8D1D-BADF-49A8-8DE3-4B5D201AB6EB}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{895CE37F-1872-4F28-8D8C-EB2AE590AEE0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{89616F6E-32BC-49AA-A722-A41FC8FA5646}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{8984B687-DD09-4F00-833F-E97E48925352}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{899C123A-3596-438E-A367-DC36C73D7CE2}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{8A7674BE-FA3D-48A8-9245-1D3E8971E5F0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{8A7AA566-27B5-4396-8639-A8D3362C4E26}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{8AD03CF1-5331-4BA6-B05E-B67BC01F6734}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{8B0C815C-1530-452D-AA0C-D39A935E3136}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{8B22EC18-4534-4599-AC02-A5C2DD6F556E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{8C37730D-6DA8-49C8-AF2B-21E9964782E0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{8C3C942B-9510-494C-9133-8DB629BBC76D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{8CDD2CC9-0915-4A67-BF52-F56CDD609DF8}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{8F8EFB4D-CD0C-457E-BA96-DF5D3D118646}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{8FB92EA5-EDEA-4ED0-815F-47E9F73B3A8B}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{90E4E2EF-A1F0-45B9-82CF-86B0EA9D1A0C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{90FAC2F1-3C57-4723-A84F-59B9662FB03A}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{9119B9CF-9763-431B-93A9-09A3B86131F3}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{92E161F0-427A-48D1-B7DC-FA767F2D5921}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{933340D6-CB5F-4A39-8AF0-C6142D4A7029}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{93BBF49B-2C1D-451E-B6BF-DAB9EBBB95E4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{93BEAB14-419C-4ACE-A442-3C04AF832FF5}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{93CFCB2A-80C9-4924-BF03-38BF7BA0D400}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{93FD34A3-BB61-4BE8-BDC9-3AE13E9AC7CB}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{94A56EA2-5EDB-424D-A190-BE9DD2C4D193}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{94DC43D0-57D0-46EC-A674-82788D9A81C1}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{957922E9-EDEC-4A23-856E-2BCBEA76DF54}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{95F36135-D7CF-4D59-A303-B4AA4CA5FEBE}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{96938ED5-EB42-4CB4-A73D-FA75D5D95277}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{96DF34A4-4F84-4CEF-9385-7854A160884C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{970C9286-81FD-4986-83D7-E70DE87C2EDD}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{970E6574-862D-452A-B35E-9BB15E53761D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{97DA833C-42FE-47B3-80E9-CB0AA3B2E20E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{981FB568-9139-43D9-AF17-B61CD5BCE251}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{98422022-B2BB-4CCA-9F5D-F16D1EEF3580}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{98575C3E-1467-40D8-9482-3D859789E43A}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{987510F1-252D-4047-A7AE-42778D23CD87}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{9959B6B1-F1E6-4B9C-A24E-5A3CE9CE8815}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{9B496E07-59ED-4CDC-88D5-DFBB37185F4F}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{9B517CC8-99B7-488E-A1D9-0A1F4C794944}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{9B97CB51-1F86-4711-BB38-1AD3C74CE60F}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{9E0A6B99-FB61-4549-BEB4-068857BA7795}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{9E19BEF9-05DF-46F6-ABD5-6A1209D37EAF}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{9E279BAE-DF02-4A9B-BB82-01925F4DAD5A}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{9E52B44E-D954-4B48-907B-F78455F1AA5C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{9E7687EE-132F-49CA-B3DA-618AC681C020}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{9F419967-82C1-4842-B26D-E79EE5046021}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{A013C3B1-E9B6-4D17-ABDD-49409F6EE3F8}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{A0224D41-85ED-44D8-83A9-048CEBBF732A}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{A0B13ED4-C710-4DC7-8D52-94306141129C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{A0F5ED71-9E24-4A87-8E77-2AE19BEDCF5A}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{A209F080-2907-4A6D-A4F1-2EEA66C47573}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{A291384A-1DB5-44F9-8299-1598142B5973}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{A2A1333B-12AE-48F6-8437-4D70FE5DCCD6}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{A2EE4002-DB36-429C-B3AF-BDFD06BD9FF4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{A3A7F86A-7D57-4AEC-BE5D-1861BEED4D11}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{A517BEDD-F82F-4D8A-84A4-1A71E35FA750}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{A52B7637-32BD-4082-A43A-737535B67DA8}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{A56A5A35-E586-441B-8808-CC6660E1B704}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{A64F79E8-041E-4198-B4E6-79A22EF0053A}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{A7893762-725D-42A9-8721-CD72A9B28551}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{A866D8DB-A25B-4EBA-8329-C1F3EA92C655}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{A90B3BC3-1C6A-4F6C-93B5-C44F7E2F0666}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{A9BA0ACE-1D48-4342-84AE-7D2D9533416A}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{A9CCA23B-6981-41D0-8D32-003270A871CD}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{A9F333DB-9772-4169-93F3-6120FFFA5B1D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{AA0F2BDA-A568-4B24-B8D8-E9A797869901}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{AA7E8427-0A34-4A5E-83F0-127D24CB4715}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{AA9E2F5D-055F-48BD-A5DE-8F0DE4F9E38E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{AAA1290E-4A82-491C-8CD8-1ECD545D4B28}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{AB82A7D1-5FD9-408A-A68C-41B98B3F5E7E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{AC3BB507-2C7E-4547-9D12-263B70F6BFAA}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{ACDC8CFB-B730-43E3-BD90-C0171D006EB4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{ACE13090-5349-45CB-B1DB-A983BCEF5B32}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{AD3D4822-77FA-4992-BC73-8F4A05255AF4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{ADC85713-2C3A-442C-AB89-E0426B3A9486}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{AE338550-425F-46D5-8B36-B26AC462389D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{AEA42AA0-AB8F-4946-8D89-2537E5A85D5C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{AEF37D04-473D-4B29-920B-C0933DD5D7C1}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{AF687E2D-25BC-45E6-8B99-0D872C6A665D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{AFA77BF7-4344-495F-9A0A-BC7B689755C3}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{AFB651DD-02D1-4B01-A588-B29D6BFC315F}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{AFCFFC8C-5F9F-4F89-A922-4444E5BCFBD0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B01BD6B4-5A14-4548-9272-586BEF1CCA6D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B096096B-60F2-4FEC-88DF-CF274761C5B9}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B0EFC339-F9EA-4F87-9B13-BD512A116F2E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B0FCFEF6-2427-4D10-9989-6077A013D7D7}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B13D910D-BF95-4BAE-9E82-CEB5A88D3876}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B141C690-87B3-4118-BCF4-69DFE00DE117}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B1469571-A48F-46F5-A9DC-577B31A17810}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B171E262-5CDB-42DB-9240-1A132C5FF1C7}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B1E50CDE-33CA-4240-BF03-8C7692AE6F41}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B272FFEC-4BEA-4BFA-83BA-8F9061777A6F}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B32AA9EB-1E92-4852-8144-9B4A00AFA3E2}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B38B9E83-6A15-4F1F-8BFE-49B51660DEF1}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B3DEF536-4417-44FF-B079-CBD34C1F5FAD}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B434F213-9DF1-4A34-855D-805D13DF70D3}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B4A8C17A-0106-4CCC-AEE1-9C7A4D289732}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B52F3B2F-14E4-4663-A4A1-00DB8BBA54F2}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B5A811C4-F935-47C0-95B2-ABFB402CB3FC}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B621E09D-E06D-43E9-8C54-A3A988C32DBB}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B6B6FBE1-636C-41BB-960B-9F677C60FE91}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B6FEBA8E-9543-452C-981E-AA0EA7347D01}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B70DEB51-26D5-4D2B-B20D-355E783D4379}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B78088F3-9335-4D19-9AD7-F7FB7C54D133}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B9E87A95-3CFB-46ED-9DC4-1316793805CE}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{B9EB3189-B731-46E8-902A-EFAAAC3E95DD}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{BA0C156B-E349-408D-996C-607D597F8650}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{BABAA147-4FDB-4F0B-B88A-447C225AF3EA}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{BAEA9506-4DC0-4F7D-A4CE-5C5791302CB0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{BAEBC524-4049-4F69-899F-C1619B011A22}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{BBB8FB95-3361-422E-9F54-3576221194FF}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{BBC02B5E-7BDB-402E-8C7E-1D0724827AE1}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{BCD61B0A-A81A-461D-854C-60CE8CA61AE6}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{BE690EED-BD73-4E5C-848E-B54A9392BFDC}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{BEC12E27-5104-4A9C-9A56-A28CE7B97A8C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{BF34F699-AF4D-406C-9DF4-2522479BA6E1}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{BF474EEE-3C6D-4001-951A-DFE8CFA440E8}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{C095C860-293B-4E8B-BA73-A450118895BD}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{C0BCE544-183B-4975-B959-FB58D8410F3B}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{C1427322-11F1-4DDB-ADDF-E6EF4BBE96D0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{C1473BAD-1F1A-44F4-A7A8-A7EF19E59FB9}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{C199FFA7-E64B-467A-B4AB-9E9491602D5E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{C1B1CE61-20E8-49DF-B28D-1A6DB7E5D62A}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{C1E04E39-02AE-4697-8E63-2A9C61747A07}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{C1EA1299-0FC5-4F14-AD45-DCF848A44B07}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{C1FE6EF5-A464-4E4C-B5C1-0402AE72EAE4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{C2F2D1CF-FA00-46BB-97A5-F565A650466C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{C31E2886-F491-464D-9045-28B766868DD2}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{C40BE8A2-7A5B-432E-AA3B-B9D138436A20}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{C50ABF45-F886-43FD-838E-A1FB067F9D7E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{C5206AC9-EFBC-4A57-868D-EBDB44C8EB0F}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{C58A8491-4BEE-4C5B-81F9-CF7251635DD6}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{C6B37142-0F54-46EF-A51C-8B99453928EF}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{C8473837-545A-416C-8EF8-B597443FE9B9}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{CA83E756-1EFE-4A95-B4FA-FAE069736D63}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{CB235D13-3A05-4085-B794-048840F6BDA9}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{CB97B9CE-4577-49E7-806C-E5B5C2781F3A}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{CC45E9E0-A9FF-402C-95BC-56815DB7A84B}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{CCDF1F9E-DB42-41E1-A20D-9F6844BF12C0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{CD3228A6-9F5D-4C01-873E-76A3C91A452C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{CD3EA234-47DB-4FDF-B7AE-E47E86BA27A8}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{CE622A79-702E-4225-ACF2-4061947C71A8}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{CEAFC5B9-1EBB-4D26-9854-6C48EF5C663E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{CF0D53BD-EAA8-4302-832C-6A84F46423D3}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{CFD9E670-C3F4-47F9-9FAE-0CAD3974B489}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{D1B740DE-6CE8-49FE-9A3D-BDD4F8EEBAC1}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{D1E35980-EC3B-41C9-8B73-D116DC933F28}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{D2DDA942-48B1-4BE4-907F-D2A0D94515F1}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{D306B6C4-4DC8-4F09-82C8-81CACDEF525E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{D3B8F69C-4585-4D34-9F03-27D83A355A9C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{D3CE5E90-1AFC-4EF9-9809-9032BD0406FB}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{D5B72E0C-B88A-4697-9839-B6F69A5A6A7D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{D5F47448-9293-40D1-8826-A064BC0ADBE5}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{D6D029D5-2F8A-4554-8D8A-0DD3A1E65A7A}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{D6E7A7AE-ED69-47DC-84E1-CF0673B6E415}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{D7379C6E-5706-48BF-81E0-68C709C52041}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{D750B850-C9DF-45B7-8145-43DB67C61939}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{D7DC9414-F43A-4903-AAB2-0E7511AC8713}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{D8841422-4FAB-4E03-88FF-F353B037A23D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{D9554E51-CD64-4B9D-8644-EA9862E68213}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{D99BD6D1-5FE3-4B5C-AB40-5D22EF52E967}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{D9A5D02D-51FC-4426-907C-EE50518F2209}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{D9AD4EB2-1A88-4870-B8D3-B2F48928898D}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{DA031A9E-BE6F-4658-9F7D-D69369F6EE05}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{DA9E830A-71CD-4FF3-863F-DF1C2426A2DD}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{DB34B376-8587-406F-A224-6166DE0F94EF}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{DB3F882E-F7ED-4218-B4B9-033E89CC4D42}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{DB5AE860-D58E-4AB8-A49A-EC0CA2E23725}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{DBC332E0-5607-4AA8-B143-4960CC34C319}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{DBC4B2D5-747E-43C7-800B-BE028B5EDAE4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{DC325FD6-2813-49A4-865F-214CF44C97D4}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{DC4D9914-DD10-4F19-B541-94AEEFEC8352}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{DE0EB42A-33A8-4704-85CB-EF89175BD8E0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{DF1FA6AB-FE15-4B06-9DD1-AB96073922F8}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{DF4FDB68-9692-4D0B-B1A5-C93B32E5E2B6}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{DF5F75C3-13FB-483E-BE3A-C2EA22951D78}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{DFA20C31-33E2-475B-A78C-88515D96A694}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{DFD83574-DDD6-4404-A1CB-33C4DC603A82}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{DFEC0DA7-B356-4EFC-A04F-7E32FC0CCABB}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E01FA76A-D360-4038-9484-049156D49E4F}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E028FBFC-87D5-40D8-8B40-B284E4AE02DE}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E0585990-C652-460E-B57D-2CD6C25B8EB7}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E0628202-357B-4D73-ABC4-0F84B6599675}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E0C54F4B-BB5D-424A-8D19-730672C511FC}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E1640939-3981-4181-9BB4-9AED6A82A0A8}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E2419045-D6AA-4005-B871-FAF4E1D41639}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E2D35288-DBA5-4AE2-9109-56CD605A2375}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E41FF645-793B-4A8A-8E96-B7F4DEA1B5F2}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E42A91F3-D94F-4088-A9D3-6522FBD6CEE0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E4D86D60-7FF9-4F8D-BE44-AAA4B214ADA2}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E5FC0590-01B0-4BA7-88F9-6C3A2D10120B}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E6853FC5-4519-4ABF-84B4-94FFA0AEE04C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E6A885B4-8C23-4AFA-9C98-6B1C2FCCFFC8}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E79B6B8D-CC43-4E95-94DD-B886E6DCBFED}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E84E3BEE-2972-4AD5-BB98-8CD91BCA90CC}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E8D19373-B3E6-4F37-9091-40215CA6EB44}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E9A35591-C055-4E26-87E5-936F90933901}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E9AE18DA-D580-4A0B-B1E3-C61A696FEBC5}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E9C7ED95-035B-4FFF-A32C-75355120D9D8}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{E9CFA863-C828-4628-900F-264E0F6AE419}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{EA192D9A-9017-43EF-AD4D-BFE7EAC238CC}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{EA39A3A5-F76F-4462-A5D3-2CE429C87D4B}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{EA41771F-DE03-4477-ABB4-422B541F1FA3}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{EA7D5AC2-5425-43ED-AB2C-F7EED5383277}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{EA8AF11D-C343-4268-BB92-C9D45C326D87}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{EABAE33B-E581-4C64-80D5-B11740F5E5C0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{EAC5FE5E-FF4B-4320-94DF-A3A5FCCE0585}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{EB4557CD-2EF4-41DF-B461-5EE9B7F35A5E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{EB4AC11D-81D0-46B4-826C-A67C06466181}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{EC9BDC09-7C8F-4E7A-B6BB-A2D51E434BF1}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{ED0949E0-8364-4CDA-A343-9F0F2871E6D7}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{EDC86BB4-884A-4427-A84F-B4615D67CA0C}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{EDD6DF9F-1591-4615-903E-4ADB1F9B1CB6}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{EE018E50-B7C0-4F28-8DCA-4DCFB573CD56}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{EE4B3F14-1CE8-45F8-8D5E-A8469F750970}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{EE521E8B-9F4D-41CD-BFD1-90CA87B422D6}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{EFC338B1-AEE3-4CA1-A308-76B7CE68FD80}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{EFE67F2E-8DC0-4138-863D-6D7A57F8E075}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F0D35DA1-3A68-4325-A16D-5674F0C43FF6}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F0DFD05F-2CC9-49CC-B007-0F0BA2674E86}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F0E8CBC5-7D38-42BC-8923-A819DF340266}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F0EBF6A6-E643-49B2-B09A-F62982A747C7}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F12347F4-F380-45F5-BDA9-A4AE5225B0EB}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F20A3A2E-C6F3-463D-B8D4-E23E40239E3A}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F298EF96-778A-4F55-AEAF-912EEA926DAB}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F3473A8E-100A-4B32-A804-FE8F34F0D5DA}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F37DBADF-057A-43F2-81A9-DB790413AD7F}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F457266E-0328-4710-B8D9-20F08B4F0589}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F53834D9-69B8-44D8-A884-2EDC55F4F565}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F5832E3C-D0B2-4EA1-9DCF-4E9F922B33CD}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F5A6DA7E-DF06-4C81-B397-7565E9ECA5F7}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F5C7CA26-BC0E-45DE-9B8E-7237F1255C1B}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F5EA15DB-5920-4A1A-9B0C-0892BB300DCD}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F66150C2-C94F-4E78-A08C-B52244AD77F1}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F68FDEEF-24CA-4A46-93F0-9E8FCD93721A}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F6ECC44F-5C08-47C0-93F6-D1C34092F823}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F747A2E3-7C24-4427-A5AB-1D4C3C6AFD27}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F7614CB5-806E-4DF1-8D51-EEEAD7E0C9F1}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F7F342F2-9A53-495E-A8B3-9D85D8FFD2F0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F815E0AC-0F29-48AE-A433-02ADC81CD8FC}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F847F013-2F67-4FCC-9532-1BDE45541757}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F8ABE6E8-F3F2-44E2-A928-F5D70F088EA6}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F8ED66D6-4616-4256-9949-2020D4EF1B90}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F95F89E9-0AFC-40A0-B41C-30FA894CB4D2}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F96145C7-0BD9-419B-BBB3-2BE69729CDC0}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F9A175D6-FBED-44DE-ADF4-8D83FF5C9A05}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{F9D1BE4F-FFD2-441B-8786-D7C2B8C1488B}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{FA04708F-7043-46EB-A15C-44873C9827D8}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{FA5349E2-B65C-4B1C-B945-A0EF3EA3A12F}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{FA6FB559-062F-47AE-9FE0-A26FE6679BE8}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{FB534678-BF5D-4E47-880E-0BA2ADC33341}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{FBACB784-1A66-4BCC-8BE6-5B0FD2A10032}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{FBB69D88-B55C-4D3C-A841-CB2D977D7133}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{FBC02B63-A5C3-4BE0-9EF9-B6D5F22968B2}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{FC0A19A7-3E90-4583-A60F-613315BCB321}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{FC2B1642-62D9-40AF-BAE0-349AD49A3B63}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{FC86F703-5458-40FB-B496-F7C971156175}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{FCF6191E-3582-4723-A305-DBD79626D37E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{FE25F6AA-469E-467C-B5E5-C6178324B66E}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{FE3662AA-3E5E-425D-865C-59BF4C9E79DB}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{FE7967A3-3704-41D8-8195-35F24D9D4E66}
Successfully deleted: [Empty Folder] C:\Users\Hubert\appdata\local\{FF71026F-A2FE-490F-9518-CA7746B53FED}



~~~ FireFox

Emptied folder: C:\Users\Hubert\AppData\Roaming\mozilla\firefox\profiles\dm11batf.default\minidumps [73 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.11.2014 at 13:58:44,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01
Ran by Hubert (administrator) on HUBERT-PC on 10-11-2014 14:02:39
Running from K:\Hubert\Eigene Dokumente\PC - dies und das\FRST
Loaded Profile: Hubert (Available profiles: Hubert)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Acronis) C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Mirko Böer) C:\Program Files\SSS\SimpleScreenshot.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILPE.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [192000 2009-08-19] (Wistron)
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [413696 2009-08-05] (Wistron Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495728 2009-10-24] (IDT, Inc.)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [3342336 2009-11-12] (Sentelic Corporation)
HKLM\...\Run: [adm_tray.exe] => C:\Program Files\Acronis\DriveMonitor\adm_tray.exe [533808 2010-06-04] (Acronis)
HKLM\...\Run: [SimpleScreenshot] => C:\Program Files\SSS\SIMPLESCREENSHOT.EXE [2255360 2011-07-12] (Mirko Böer)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILPE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=prc265
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: QTTabBar AutoLoader -> {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{d2bf470e-ed1c-487f-a333-2bd8835eb6ce} -  No File
Toolbar: HKLM - No Name - !{d2bf470e-ed1c-487f-a666-2bd8835eb6ce} -  No File
Toolbar: HKLM - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QTTab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default
FF Homepage: https://de.yahoo.com?fr=hp-avast&type=prc265
FF SelectedSearchEngine: Yahoo! (Avast)
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Hubert\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\abs@avira.com [2014-10-21]
FF Extension: CsFire - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\csfire@cs.kuleuven.be [2012-08-25]
FF Extension: GoogleSharing - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\googlesharing@extension.thoughtcrime.org [2011-07-05]
FF Extension: Windows Media Player Extension for Firefox - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\jid0-nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack [2012-06-06]
FF Extension: WOT - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906} [2010-05-06]
FF Extension: DownloadHelper - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-02]
FF Extension: Inline Translator - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\itrans@tenshi.xpi [2011-08-14]
FF Extension: Tab Control - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{39952c40-5197-11da-8cd6-0800200c9a66}.xpi [2011-04-07]
FF Extension: NoScript - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-15]
FF Extension: ImTranslator - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-04-10]
FF Extension: Adblock Plus - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-15]
FF Extension: BetterPrivacy - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-04-22]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "https://de.yahoo.com?fr=hp-avast&type=prc265"
CHR Profile: C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (WOT) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-14]
CHR Extension: (YouTube) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-10]
CHR Extension: (Adblock Plus) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-11]
CHR Extension: (Google-Suche) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-10]
CHR Extension: (Avira SafeSearch) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-10-21]
CHR Extension: (Gmail offline) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-12-10]
CHR Extension: (Avira Browser Safety) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-21]
CHR Extension: (Tabs to the front!) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla [2013-12-10]
CHR Extension: (PDF Viewer) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccchjobcggajhnmckffhcahkkbioifn [2014-06-03]
CHR Extension: (Window Close Protector) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnpifgapnmpninomacbhdlconlpikdai [2013-12-15]
CHR Extension: (Google Wallet) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]
CHR Extension: (Google Mail) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [661072 2009-10-31] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-01-22] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2014-11-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-04] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
S4 CGVPNCliSrvc; C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S4 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-06-14] (Teruten) [File not signed]
S4 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-27] () [File not signed]
S4 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-07-29] (Secunia)
R2 STacSV; c:\program files\idt\wdm\STacSV.exe [225382 2009-10-24] (IDT, Inc.)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [113152 2009-03-04] (Wistron Corp.) [File not signed]
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-09-24] (Avira Operations GmbH & Co. KG)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2010-07-15] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2010-07-15] () [File not signed]
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-06-14] () [File not signed]
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-12-03] (Lavasoft AB)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-10] (Malwarebytes Corporation)
S3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-07-30] (NXP Semiconductors Germany GmbH)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.) [File not signed]
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-09-24] (Avira GmbH)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project)
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [911680 2010-01-22] (Acronis)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Hubert\AppData\Local\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S2 HWiNFO32; \??\F:\Progs\hwinfo32\HWiNFO32.SYS [X]
S3 StarOpen; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 13:58 - 2014-11-10 13:58 - 00064670 _____ () C:\Users\Hubert\Desktop\JRT.txt
2014-11-10 13:56 - 2014-11-10 13:56 - 00000000 ____D () C:\Windows\ERUNT
2014-11-10 09:29 - 2014-11-10 09:33 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-10 09:28 - 2014-11-10 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-10 09:28 - 2014-11-10 09:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-11-10 09:28 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-10 09:28 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-08 09:50 - 2014-11-08 09:50 - 00001059 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-21 17:35 - 2014-10-21 17:35 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Avira
2014-10-21 16:29 - 2014-10-21 16:25 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-21 16:21 - 2014-09-24 11:44 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-21 16:21 - 2014-09-24 11:44 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-21 16:21 - 2014-09-24 11:44 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-21 16:21 - 2014-09-24 11:44 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-10-21 16:15 - 2014-11-08 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-21 16:15 - 2014-11-08 09:50 - 00000000 ____D () C:\Program Files\Avira
2014-10-21 16:15 - 2014-10-21 16:21 - 00000000 ____D () C:\ProgramData\Avira
2014-10-21 16:14 - 2014-11-08 09:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-15 16:35 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 16:35 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 16:35 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 16:35 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 16:35 - 2014-09-19 23:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 16:35 - 2014-09-19 23:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 16:35 - 2014-09-19 23:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 16:35 - 2014-09-19 23:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 16:35 - 2014-09-19 23:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 16:35 - 2014-09-19 23:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 16:35 - 2014-09-19 23:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 16:35 - 2014-09-19 23:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 16:35 - 2014-09-19 23:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 16:35 - 2014-09-19 23:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 16:35 - 2014-09-19 23:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 16:35 - 2014-09-19 23:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 16:35 - 2014-09-19 23:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 16:35 - 2014-09-19 23:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 16:35 - 2014-09-19 23:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 16:35 - 2014-09-19 23:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 16:35 - 2014-09-19 23:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 16:35 - 2014-09-19 23:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 16:35 - 2014-09-19 23:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 16:35 - 2014-09-19 23:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 16:35 - 2014-09-19 23:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 16:35 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 16:35 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 16:35 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 16:35 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 16:35 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 16:34 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 16:34 - 2014-08-29 02:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 16:34 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 16:34 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 16:34 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 16:34 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 16:34 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 16:34 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 16:34 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 16:34 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 16:33 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 16:33 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 16:33 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 16:33 - 2014-07-07 02:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 16:33 - 2014-06-28 01:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 16:33 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 16:33 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 16:32 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 16:32 - 2014-08-19 03:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 16:32 - 2014-08-19 03:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 16:32 - 2014-08-19 03:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 16:32 - 2014-08-19 03:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 16:32 - 2014-08-19 02:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 16:32 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 16:32 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 16:32 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 16:32 - 2014-07-07 02:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 16:32 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 16:32 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 16:32 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 16:31 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-13 15:16 - 2014-10-13 15:16 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Ashampoo
2014-10-13 15:14 - 2014-10-13 15:17 - 00001230 _____ () C:\Users\Public\Desktop\CleverReach.de.lnk
2014-10-13 15:14 - 2014-10-13 15:14 - 00000000 ____D () C:\Users\Hubert\AppData\Local\ashampoo
2014-10-13 15:14 - 2014-10-13 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-10-13 15:13 - 2014-10-13 15:14 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-10-13 15:13 - 2014-10-13 15:13 - 00000000 ____D () C:\Program Files\Ashampoo
2014-10-13 13:58 - 2014-10-13 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2014-10-13 13:58 - 2014-10-13 13:58 - 00000000 ____D () C:\Program Files\PhotoScape
2014-10-13 13:37 - 2014-10-13 13:37 - 00000865 _____ () C:\Users\Hubert\AppData\Local\recently-used.xbel
2014-10-13 13:37 - 2014-10-13 13:37 - 00000000 ____D () C:\Users\Hubert\AppData\Local\gtk-2.0
2014-10-13 13:29 - 2014-10-13 13:38 - 00000000 ____D () C:\Users\Hubert\.gimp-2.8
2014-10-13 13:29 - 2014-10-13 13:29 - 00000000 ____D () C:\Users\Hubert\AppData\Local\gegl-0.2

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 14:02 - 2014-01-29 18:29 - 00000000 ____D () C:\FRST
2014-11-10 13:53 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 13:53 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 13:49 - 2010-02-14 16:48 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 13:48 - 2014-06-10 07:35 - 00829560 _____ () C:\Windows\PFRO.log
2014-11-10 13:48 - 2014-05-17 16:25 - 00005308 _____ () C:\Windows\setupact.log
2014-11-10 13:48 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-10 13:47 - 2010-01-21 14:40 - 01353191 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 13:46 - 2014-01-29 18:16 - 00000000 ____D () C:\AdwCleaner
2014-11-10 13:25 - 2014-02-18 15:25 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-710 Series Update {B3A05D5E-0816-4D39-BC7D-04A0F78A3960}.job
2014-11-10 13:25 - 2014-02-18 15:25 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-710 Series Invitation {B3A05D5E-0816-4D39-BC7D-04A0F78A3960}.job
2014-11-10 13:11 - 2010-02-14 16:48 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 09:29 - 2011-03-30 15:38 - 00000000 ____D () C:\Users\Hubert\Desktop\Sicherheits-Check Programme
2014-11-10 09:28 - 2011-03-30 16:34 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-11-10 09:28 - 2010-10-20 15:18 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Malwarebytes
2014-11-10 09:28 - 2010-10-20 15:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-08 19:04 - 2009-11-06 04:43 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-29 09:35 - 2013-12-10 14:48 - 00002085 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-21 16:12 - 2011-07-26 15:12 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-21 12:50 - 2010-01-21 16:18 - 00044762 _____ () C:\Users\Hubert\AppData\Roaming\wklnhst.dat
2014-10-21 12:50 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-21 12:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-20 10:06 - 2011-11-04 15:51 - 00005120 _____ () C:\Users\Hubert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-20 10:05 - 2013-07-20 13:55 - 00000000 ____D () C:\PFS8.0 AE_TMP
2014-10-20 09:39 - 2009-07-14 05:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-15 17:16 - 2009-07-14 05:33 - 00444768 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 17:13 - 2014-04-24 14:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 17:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-15 16:52 - 2013-07-12 13:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 16:42 - 2009-11-06 09:23 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-13 15:16 - 2013-07-20 12:44 - 00000000 ___RD () C:\Users\Hubert\Desktop\Fotoprogramme
2014-10-13 13:34 - 2010-01-21 14:46 - 00000000 ____D () C:\Users\Hubert

Some content of TEMP:
====================
C:\Users\Hubert\AppData\Local\temp\avgnt.exe
C:\Users\Hubert\AppData\Local\temp\jna7945255070255805652.dll
C:\Users\Hubert\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Hubert\AppData\Local\temp\Quarantine.exe
C:\Users\Hubert\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-06-21 18:42

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Alt 11.11.2014, 06:44   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Malwarebytes (free) findet Registerwerte von  PUP.Optional.FrostwireTB.A - Standard

Malwarebytes (free) findet Registerwerte von PUP.Optional.FrostwireTB.A




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.11.2014, 11:41   #5
juhu73
 
Malwarebytes (free) findet Registerwerte von  PUP.Optional.FrostwireTB.A - Standard

Malwarebytes (free) findet Registerwerte von PUP.Optional.FrostwireTB.A



hier die Logs:

Eset:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=af399aa4c93fd04cb0829d67a24ad3ab
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-13 02:23:20
# local_time=2011-07-13 04:23:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 15815221 15815221 0 0
# compatibility_mode=1797 16775165 100 94 2478 47097127 0 0
# compatibility_mode=5893 16776573 100 94 946523 62191462 0 0
# compatibility_mode=7937 16777213 100 100 866341 21912223 0 0
# compatibility_mode=8192 67108863 100 0 116 116 0 0
# scanned=159573
# found=0
# cleaned=0
# scan_time=6728
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=af399aa4c93fd04cb0829d67a24ad3ab
# engine=21035
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-11 10:56:26
# local_time=2014-11-11 11:56:26 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 10178 4147926 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1824029 167334577 0 0
# scanned=276963
# found=1
# cleaned=1
# scan_time=4775
sh=E09A1F83EB8CD31F0A3BA45B534B3BA88340879B ft=1 fh=7e16d5aafe738e4d vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="S:\Datensicherungen\SyncBack\Eigene Dokumente\Internet-downloads\PDF24 Creator - CHIP-Downloader.exe"
         
SecurityCheck:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Out of date HijackThis  installed! 
 SUPERAntiSpyware     
 Secunia PSI (2.0.0.4002)   
 HijackThis 2.0.2    
 CCleaner     
 Wise Registry Cleaner 5.9.4  
 Java 8 Update 25  
 Java version out of Date! 
  Adobe Flash Player 	11.9.900.117 Flash Player out of Date!  
 Mozilla Firefox 25.0.1 Firefox out of Date!  
 Mozilla Thunderbird (24.6.0) 
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Code:
ATTFilter
S:\Datensicherungen\SyncBack\Eigene Dokumente\Internet-downloads\PDF24 Creator - CHIP-Downloader.exe	Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
         
FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01
Ran by Hubert (administrator) on HUBERT-PC on 11-11-2014 12:29:42
Running from K:\Hubert\Eigene Dokumente\PC - dies und das\FRST
Loaded Profile: Hubert (Available profiles: Hubert)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Acronis) C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
(Mirko Böer) C:\Program Files\SSS\SimpleScreenshot.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILPE.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [192000 2009-08-19] (Wistron)
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [413696 2009-08-05] (Wistron Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495728 2009-10-24] (IDT, Inc.)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [3342336 2009-11-12] (Sentelic Corporation)
HKLM\...\Run: [adm_tray.exe] => C:\Program Files\Acronis\DriveMonitor\adm_tray.exe [533808 2010-06-04] (Acronis)
HKLM\...\Run: [SimpleScreenshot] => C:\Program Files\SSS\SIMPLESCREENSHOT.EXE [2255360 2011-07-12] (Mirko Böer)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILPE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=prc265
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: QTTabBar AutoLoader -> {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{d2bf470e-ed1c-487f-a333-2bd8835eb6ce} -  No File
Toolbar: HKLM - No Name - !{d2bf470e-ed1c-487f-a666-2bd8835eb6ce} -  No File
Toolbar: HKLM - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QTTab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default
FF Homepage: https://de.yahoo.com?fr=hp-avast&type=prc265
FF SelectedSearchEngine: Yahoo! (Avast)
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Hubert\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\abs@avira.com [2014-10-21]
FF Extension: CsFire - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\csfire@cs.kuleuven.be [2012-08-25]
FF Extension: GoogleSharing - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\googlesharing@extension.thoughtcrime.org [2011-07-05]
FF Extension: Windows Media Player Extension for Firefox - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\jid0-nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack [2012-06-06]
FF Extension: WOT - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906} [2010-05-06]
FF Extension: DownloadHelper - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-02]
FF Extension: Inline Translator - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\itrans@tenshi.xpi [2011-08-14]
FF Extension: Tab Control - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{39952c40-5197-11da-8cd6-0800200c9a66}.xpi [2011-04-07]
FF Extension: NoScript - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-15]
FF Extension: ImTranslator - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-04-10]
FF Extension: Adblock Plus - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-15]
FF Extension: BetterPrivacy - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-04-22]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "https://de.yahoo.com?fr=hp-avast&type=prc265"
CHR Profile: C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (WOT) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-14]
CHR Extension: (YouTube) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-10]
CHR Extension: (Adblock Plus) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-11]
CHR Extension: (Google-Suche) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-10]
CHR Extension: (Avira SafeSearch) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-10-21]
CHR Extension: (Gmail offline) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-12-10]
CHR Extension: (Avira Browser Safety) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-21]
CHR Extension: (Tabs to the front!) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla [2013-12-10]
CHR Extension: (PDF Viewer) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccchjobcggajhnmckffhcahkkbioifn [2014-06-03]
CHR Extension: (Window Close Protector) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnpifgapnmpninomacbhdlconlpikdai [2013-12-15]
CHR Extension: (Google Wallet) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]
CHR Extension: (Google Mail) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [661072 2009-10-31] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-01-22] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2014-11-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-04] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
S4 CGVPNCliSrvc; C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S4 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-06-14] (Teruten) [File not signed]
S4 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-27] () [File not signed]
S4 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-07-29] (Secunia)
R2 STacSV; c:\program files\idt\wdm\STacSV.exe [225382 2009-10-24] (IDT, Inc.)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [113152 2009-03-04] (Wistron Corp.) [File not signed]
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-09-24] (Avira Operations GmbH & Co. KG)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2010-07-15] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2010-07-15] () [File not signed]
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-06-14] () [File not signed]
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-12-03] (Lavasoft AB)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-10] (Malwarebytes Corporation)
S3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-07-30] (NXP Semiconductors Germany GmbH)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.) [File not signed]
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-09-24] (Avira GmbH)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project)
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [911680 2010-01-22] (Acronis)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Hubert\AppData\Local\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S2 HWiNFO32; \??\F:\Progs\hwinfo32\HWiNFO32.SYS [X]
S3 StarOpen; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 15:08 - 2014-11-10 15:08 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-10 15:08 - 2014-11-10 15:07 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-10 15:07 - 2014-11-10 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-10 13:58 - 2014-11-10 13:58 - 00064670 _____ () C:\Users\Hubert\Desktop\JRT.txt
2014-11-10 13:56 - 2014-11-10 13:56 - 00000000 ____D () C:\Windows\ERUNT
2014-11-10 09:29 - 2014-11-10 09:33 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-10 09:28 - 2014-11-10 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-10 09:28 - 2014-11-10 09:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-11-10 09:28 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-10 09:28 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-08 09:50 - 2014-11-08 09:50 - 00001059 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-21 17:35 - 2014-10-21 17:35 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Avira
2014-10-21 16:29 - 2014-10-21 16:25 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-21 16:21 - 2014-09-24 11:44 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-21 16:21 - 2014-09-24 11:44 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-21 16:21 - 2014-09-24 11:44 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-21 16:21 - 2014-09-24 11:44 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-10-21 16:15 - 2014-11-08 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-21 16:15 - 2014-11-08 09:50 - 00000000 ____D () C:\Program Files\Avira
2014-10-21 16:15 - 2014-10-21 16:21 - 00000000 ____D () C:\ProgramData\Avira
2014-10-21 16:14 - 2014-11-08 09:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-15 16:35 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 16:35 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 16:35 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 16:35 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 16:35 - 2014-09-19 23:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 16:35 - 2014-09-19 23:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 16:35 - 2014-09-19 23:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 16:35 - 2014-09-19 23:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 16:35 - 2014-09-19 23:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 16:35 - 2014-09-19 23:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 16:35 - 2014-09-19 23:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 16:35 - 2014-09-19 23:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 16:35 - 2014-09-19 23:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 16:35 - 2014-09-19 23:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 16:35 - 2014-09-19 23:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 16:35 - 2014-09-19 23:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 16:35 - 2014-09-19 23:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 16:35 - 2014-09-19 23:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 16:35 - 2014-09-19 23:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 16:35 - 2014-09-19 23:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 16:35 - 2014-09-19 23:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 16:35 - 2014-09-19 23:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 16:35 - 2014-09-19 23:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 16:35 - 2014-09-19 23:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 16:35 - 2014-09-19 23:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 16:35 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 16:35 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 16:35 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 16:35 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 16:35 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 16:34 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 16:34 - 2014-08-29 02:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 16:34 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 16:34 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 16:34 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 16:34 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 16:34 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 16:34 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 16:34 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 16:34 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 16:33 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 16:33 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 16:33 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 16:33 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 16:33 - 2014-07-07 02:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 16:33 - 2014-06-28 01:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 16:33 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 16:33 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 16:32 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 16:32 - 2014-08-19 03:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 16:32 - 2014-08-19 03:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 16:32 - 2014-08-19 03:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 16:32 - 2014-08-19 03:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 16:32 - 2014-08-19 02:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 16:32 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 16:32 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 16:32 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 16:32 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 16:32 - 2014-07-07 02:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 16:32 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 16:32 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 16:32 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 16:31 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-13 15:16 - 2014-10-13 15:16 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Ashampoo
2014-10-13 15:14 - 2014-10-13 15:17 - 00001230 _____ () C:\Users\Public\Desktop\CleverReach.de.lnk
2014-10-13 15:14 - 2014-10-13 15:14 - 00000000 ____D () C:\Users\Hubert\AppData\Local\ashampoo
2014-10-13 15:14 - 2014-10-13 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-10-13 15:13 - 2014-10-13 15:14 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-10-13 15:13 - 2014-10-13 15:13 - 00000000 ____D () C:\Program Files\Ashampoo
2014-10-13 13:58 - 2014-10-13 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2014-10-13 13:58 - 2014-10-13 13:58 - 00000000 ____D () C:\Program Files\PhotoScape
2014-10-13 13:37 - 2014-10-13 13:37 - 00000865 _____ () C:\Users\Hubert\AppData\Local\recently-used.xbel
2014-10-13 13:37 - 2014-10-13 13:37 - 00000000 ____D () C:\Users\Hubert\AppData\Local\gtk-2.0
2014-10-13 13:29 - 2014-10-13 13:38 - 00000000 ____D () C:\Users\Hubert\.gimp-2.8
2014-10-13 13:29 - 2014-10-13 13:29 - 00000000 ____D () C:\Users\Hubert\AppData\Local\gegl-0.2

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 12:29 - 2014-01-29 18:29 - 00000000 ____D () C:\FRST
2014-11-11 12:25 - 2014-02-18 15:25 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-710 Series Update {B3A05D5E-0816-4D39-BC7D-04A0F78A3960}.job
2014-11-11 12:25 - 2014-02-18 15:25 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-710 Series Invitation {B3A05D5E-0816-4D39-BC7D-04A0F78A3960}.job
2014-11-11 12:11 - 2010-02-14 16:48 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-11 11:55 - 2010-01-21 14:40 - 01376931 _____ () C:\Windows\WindowsUpdate.log
2014-11-11 10:28 - 2009-11-06 04:43 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-11 10:11 - 2010-02-14 16:48 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 15:07 - 2013-11-01 15:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-10 15:07 - 2009-11-06 08:39 - 00000000 ____D () C:\Program Files\Java
2014-11-10 14:12 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 14:12 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 14:07 - 2014-05-17 16:25 - 00005364 _____ () C:\Windows\setupact.log
2014-11-10 14:07 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-10 13:48 - 2014-06-10 07:35 - 00829560 _____ () C:\Windows\PFRO.log
2014-11-10 13:46 - 2014-01-29 18:16 - 00000000 ____D () C:\AdwCleaner
2014-11-10 09:29 - 2011-03-30 15:38 - 00000000 ____D () C:\Users\Hubert\Desktop\Sicherheits-Check Programme
2014-11-10 09:28 - 2011-03-30 16:34 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-11-10 09:28 - 2010-10-20 15:18 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Malwarebytes
2014-11-10 09:28 - 2010-10-20 15:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-29 09:35 - 2013-12-10 14:48 - 00002085 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-21 16:12 - 2011-07-26 15:12 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-21 12:50 - 2010-01-21 16:18 - 00044762 _____ () C:\Users\Hubert\AppData\Roaming\wklnhst.dat
2014-10-21 12:50 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-21 12:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-20 10:06 - 2011-11-04 15:51 - 00005120 _____ () C:\Users\Hubert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-20 10:05 - 2013-07-20 13:55 - 00000000 ____D () C:\PFS8.0 AE_TMP
2014-10-20 09:39 - 2009-07-14 05:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-15 17:16 - 2009-07-14 05:33 - 00444768 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 17:13 - 2014-04-24 14:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 17:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-15 16:52 - 2013-07-12 13:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 16:42 - 2009-11-06 09:23 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-13 15:16 - 2013-07-20 12:44 - 00000000 ___RD () C:\Users\Hubert\Desktop\Fotoprogramme
2014-10-13 13:34 - 2010-01-21 14:46 - 00000000 ____D () C:\Users\Hubert

Some content of TEMP:
====================
C:\Users\Hubert\AppData\Local\temp\avgnt.exe
C:\Users\Hubert\AppData\Local\temp\jna7945255070255805652.dll
C:\Users\Hubert\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Hubert\AppData\Local\temp\Quarantine.exe
C:\Users\Hubert\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-06-21 18:42

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Alt 12.11.2014, 09:19   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Malwarebytes (free) findet Registerwerte von  PUP.Optional.FrostwireTB.A - Standard

Malwarebytes (free) findet Registerwerte von PUP.Optional.FrostwireTB.A



Java, Flash und FIrefox updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
--> Malwarebytes (free) findet Registerwerte von PUP.Optional.FrostwireTB.A

Alt 12.11.2014, 10:39   #7
juhu73
 
Malwarebytes (free) findet Registerwerte von  PUP.Optional.FrostwireTB.A - Standard

Malwarebytes (free) findet Registerwerte von PUP.Optional.FrostwireTB.A



Mit den Updates von den von Dir angegebenen Programmen habe ich z.Teil keinen Erfolg:
Ich habe versucht die Updates zu aktivieren, indem ich die jeweiligen Programme aufgerufen habe:

Java: findet keinen Pfad !? (s. Img 220)

AdopeFlashPlayer: ist zwar nicht aktuell (s. Img218), aber angeblich aktualisiert sich Chrome den Player selber, aber in meinen Chrome-Erweiterungen steht er garnicht drin (s. Img219).

Firefox: ist zwar noch auf dem Rechner, aber ich benutze Chrome (u.a. wegen Sync mit Notebook, Tablet und SmartPhone).

Kannst Du mir da weiterhelfen?

Hier die Fixlog.txt:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-11-2014 01
Ran by Hubert at 2014-11-12 11:18:51 Run:1
Running from K:\Hubert\Eigene Dokumente\PC - dies und das\FRST
Loaded Profile: Hubert (Available profiles: Hubert)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
*****************

"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

==== End of Fixlog ====
         
Miniaturansicht angehängter Grafiken
Malwarebytes (free) findet Registerwerte von  PUP.Optional.FrostwireTB.A-image220.jpg   Malwarebytes (free) findet Registerwerte von  PUP.Optional.FrostwireTB.A-image219.jpg   Malwarebytes (free) findet Registerwerte von  PUP.Optional.FrostwireTB.A-image218.jpg  

Alt 13.11.2014, 06:24   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Malwarebytes (free) findet Registerwerte von  PUP.Optional.FrostwireTB.A - Standard

Malwarebytes (free) findet Registerwerte von PUP.Optional.FrostwireTB.A



Java deinstallieren, dann neu installieren in der aktuellen Version.

Flash einfach über Programm und Funktionen deinstallieren und neu installieren, damit ist nicht der Player in Chrome gemeint, der ist dort fester Bestandteil.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.11.2014, 10:25   #9
juhu73
 
Malwarebytes (free) findet Registerwerte von  PUP.Optional.FrostwireTB.A - Daumen hoch

Malwarebytes (free) findet Registerwerte von PUP.Optional.FrostwireTB.A



Ich habe Java neu installiert. Beim Flash Player habe ich nur die Plugins für den IE und ff gefunden (beide nicht im Einsatz).

Die abschießenden Arbeiten habe ich durchgeführt.

Für mich ist alles o.k.

Danke an dich Schrauber.

Alt 14.11.2014, 06:16   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Malwarebytes (free) findet Registerwerte von  PUP.Optional.FrostwireTB.A - Standard

Malwarebytes (free) findet Registerwerte von PUP.Optional.FrostwireTB.A



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Malwarebytes (free) findet Registerwerte von PUP.Optional.FrostwireTB.A
ad-aware, antivir, antivirus, browser, cyberghost, fehler, fehlercode 0xc0000005, fehlercode 0xe0434352, fehlercode 24, fehlercode windows, flash player, helper, homepage, launch, lightning, logfile, mozilla, netzwerk, newtab, registry, security, software, svchost.exe, system, tracker, win32/downloadsponsor.a, windows



Ähnliche Themen: Malwarebytes (free) findet Registerwerte von PUP.Optional.FrostwireTB.A


  1. Win 8: Malwarebytes findet : PUP.Optional.Downloader
    Log-Analyse und Auswertung - 29.03.2015 (11)
  2. Pup.Optional.DownloadSponsor von Malwarebytes free beim Suchlauf gefunden, Avast hat nichts angezeigt.
    Plagegeister aller Art und deren Bekämpfung - 18.02.2015 (6)
  3. 21 Malwarbytes Funde: PUP.Optional.FrostwireTB.A und PUP.Optional.Ask.A
    Log-Analyse und Auswertung - 02.01.2015 (15)
  4. Malwarebytes findet PUP.Optional.Iminent.A und PUP.Optional.Somoto
    Log-Analyse und Auswertung - 10.11.2014 (5)
  5. Malwarebytes findet PUP.Optional.Koyote und PUP.Optional.OpenCandy
    Log-Analyse und Auswertung - 16.10.2014 (1)
  6. Malwarebytes findet PUP.Optional.Babylon.A
    Plagegeister aller Art und deren Bekämpfung - 26.09.2014 (11)
  7. Malwarebytes (free) findet PuP.Optional.Frostwire TB.A auf laaaangsamen PC
    Plagegeister aller Art und deren Bekämpfung - 23.09.2014 (13)
  8. Malwarebytes findet PUP.Optional
    Plagegeister aller Art und deren Bekämpfung - 11.07.2014 (13)
  9. Malwarebytes findet PUP.Optional.Iminent.A und PUP.Optional.OpenCandy
    Log-Analyse und Auswertung - 25.01.2014 (7)
  10. Malwarebytes findet PUP.Optional.Iminent.A
    Plagegeister aller Art und deren Bekämpfung - 08.01.2014 (17)
  11. Malwarebytes findet pup.optional.iminent.a u.a.
    Log-Analyse und Auswertung - 19.11.2013 (11)
  12. Malwarebytes AM findet pup.optional.iminent.a
    Plagegeister aller Art und deren Bekämpfung - 13.11.2013 (11)
  13. Malwarebytes findet u.a PUP.Optional.Babylon.A und mehr
    Log-Analyse und Auswertung - 30.10.2013 (10)
  14. malwarebytes findet Pup.optional.Tarma.a, Pup.optional.OpenCandy und Trojan.Downloader
    Log-Analyse und Auswertung - 13.10.2013 (12)
  15. Malwarebytes findet PUP.optional.opencandy
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (15)
  16. Windows 7 Malwarebytes findet : pup.optional.tarma.a
    Log-Analyse und Auswertung - 02.09.2013 (5)
  17. Windows 7, Malwarebytes findet 1 infizierte Datei: Trojan.PUP.Optional.FileScout.A, bei einen anderen Benutzer Pub.Optional.Open.Candy
    Log-Analyse und Auswertung - 30.08.2013 (32)

Zum Thema Malwarebytes (free) findet Registerwerte von PUP.Optional.FrostwireTB.A - Hallo, Bei einem mwb-Lauf hat er Registerwerte von PUP.Optinal.FrostwireTB.A gefunden. (s. Img) Ich weiß nicht, ob ich sie einfach in Quarantäne und dann löschen kann. Hier die Zusammenstellung der Infos: - Malwarebytes (free) findet Registerwerte von PUP.Optional.FrostwireTB.A...
Archiv
Du betrachtest: Malwarebytes (free) findet Registerwerte von PUP.Optional.FrostwireTB.A auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.