Hi komme nicht mehr auf microsoft seiten.

Microsoft security client user interface geht nicht.OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 26.07.2013 18:16:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Norbert\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 49,27% Memory free
5,99 Gb Paging File | 4,08 Gb Available in Paging File | 68,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,14 Gb Total Space | 31,39 Gb Free Space | 26,34% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 206,41 Gb Free Space | 44,32% Space Free | Partition Type: NTFS
Drive E: | 100,00 Gb Total Space | 22,09 Gb Free Space | 22,09% Space Free | Partition Type: NTFS
Drive F: | 161,38 Gb Total Space | 95,91 Gb Free Space | 59,43% Space Free | Partition Type: NTFS
Drive G: | 80,00 Gb Total Space | 40,17 Gb Free Space | 50,21% Space Free | Partition Type: NTFS
Drive H: | 454,49 Gb Total Space | 353,87 Gb Free Space | 77,86% Space Free | Partition Type: NTFS
Drive Q: | 3,69 Gb Total Space | 3,61 Gb Free Space | 98,00% Space Free | Partition Type: FAT32
Drive Z: | 911,50 Gb Total Space | 145,12 Gb Free Space | 15,92% Space Free | Partition Type: NTFS
 
Computer Name: NORBERT-PC | User Name: Norbert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.26 18:16:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Norbert\Downloads\OTL (1).exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.02.19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.01.31 11:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.01.31 11:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\NisSrv.exe
PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.06 14:07:46 | 000,589,824 | ---- | M] (Fred's Software Company) -- C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Printkey.exe
PRC - [2012.08.06 12:23:08 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2012.07.28 04:10:10 | 000,469,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.07.28 04:09:30 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.05.27 11:46:24 | 000,114,688 | ---- | M] (Electronics For Imaging) -- C:\Programme\Fiery\Applications3\Fiery Bridge\x86\MailboxSyncService.exe
PRC - [2011.05.04 14:59:48 | 000,506,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe
PRC - [2011.01.10 13:45:48 | 000,239,472 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
PRC - [2011.01.10 13:43:50 | 000,608,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Home Server\WHSTrayApp.exe
PRC - [2011.01.10 13:43:46 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Home Server\WHSConnector.exe
PRC - [2011.01.10 13:43:46 | 000,097,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Home Server\esClient.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.10.25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.10.19 13:39:08 | 000,011,776 | ---- | M] (Electronics for Imaging, Inc.) -- C:\Programme\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe
PRC - [2009.10.16 20:12:54 | 000,045,056 | ---- | M] (Electronics for Imaging, Inc.) -- C:\Programme\Common Files\EFI\EFI ES-1000 Service\ES1000Server.exe
PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.12 20:49:44 | 000,396,240 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
MOD - [2013.07.12 20:49:42 | 004,052,944 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013.07.12 20:48:52 | 000,601,552 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013.07.12 20:48:51 | 000,123,344 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013.07.12 20:48:49 | 001,597,392 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2012.01.16 10:12:08 | 000,962,560 | ---- | M] () -- C:\Programme\Fiery\Applications3\HotFolder\HF3MenuExt32.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.10.25 15:15:46 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU
MOD - [2007.05.31 16:00:22 | 000,155,648 | ---- | M] () -- C:\Programme\Fiery\Applications3\Fiery Bridge\x86\cfscore1.0.0.0.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.07.08 11:24:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.27 19:18:00 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.02.19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.09.05 17:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.08.06 12:23:08 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012.07.28 04:09:30 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.05.27 11:46:24 | 000,114,688 | ---- | M] (Electronics For Imaging) [Auto | Running] -- C:\Programme\Fiery\Applications3\Fiery Bridge\x86\MailboxSyncService.exe -- (Fiery Bridge Mailbox Synchronization)
SRV - [2011.01.10 13:45:48 | 000,239,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV - [2011.01.10 13:43:46 | 000,376,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV - [2011.01.10 13:43:46 | 000,097,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Home Server\esClient.exe -- (esClient)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.27 09:37:24 | 004,180,576 | ---- | M] (SafeNet Inc.) [On_Demand | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.10.19 13:39:08 | 000,011,776 | ---- | M] (Electronics for Imaging, Inc.) [Auto | Running] -- C:\Programme\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe -- (EFI ES1000)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.02.19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013.01.20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.07.28 06:06:48 | 008,758,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.07.28 03:14:22 | 000,296,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.05.31 07:49:26 | 000,240,896 | ---- | M] (UVC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dcnt.sys -- (AVEO)
DRV - [2012.03.05 16:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1)
DRV - [2011.11.04 16:00:00 | 000,039,696 | ---- | M] (www.winchiphead.com) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CH341SER.SYS -- (CH341SER)
DRV - [2011.07.29 05:40:55 | 000,064,256 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV - [2011.07.29 05:40:55 | 000,044,928 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronHub3.sys -- (EtronHub3)
DRV - [2011.05.10 16:28:20 | 000,015,656 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV - [2011.03.30 20:46:36 | 000,100,880 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.27 14:24:50 | 000,356,864 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.12.09 22:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009.11.18 01:12:00 | 000,024,664 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBfilt32.sys -- (MBfilt)
DRV - [2009.10.19 14:45:54 | 000,031,288 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008.04.25 17:04:28 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sioctl.sys -- (SIoctl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 8D 76 30 6C 22 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CT3242337.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "WiseConvert Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=827316"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Baff87fa2-a58e-4edd-b852-0a20203c1e17%7D:0.9
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: jyboy.yy%40gmail.com:1.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {E5886C91-CDD7-4832-B32D-0830705A9C60}:1.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3242337&SearchSource=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Norbert\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Norbert\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.08.22 18:16:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.08.22 18:16:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.08.23 10:29:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norbert\AppData\Roaming\mozilla\Extensions
[2013.02.15 18:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norbert\AppData\Roaming\mozilla\Firefox\Profiles\0wkjrii8.default\extensions
[2013.02.15 18:24:19 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\Norbert\AppData\Roaming\mozilla\Firefox\Profiles\0wkjrii8.default\extensions\jyboy.yy@gmail.com
[2013.02.15 18:18:03 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\Norbert\AppData\Roaming\mozilla\firefox\profiles\0wkjrii8.default\extensions\translator@zoli.bod.xpi
[2013.02.15 18:15:15 | 000,042,737 | ---- | M] () (No name found) -- C:\Users\Norbert\AppData\Roaming\mozilla\firefox\profiles\0wkjrii8.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
[2012.08.22 13:14:35 | 000,000,923 | ---- | M] () -- C:\Users\Norbert\AppData\Roaming\mozilla\firefox\profiles\0wkjrii8.default\searchplugins\conduit.xml
[2013.06.27 19:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.06.27 19:17:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.06.27 19:17:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013.06.27 19:17:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.06.27 19:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.06.27 19:18:01 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Norbert\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Norbert\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Norbert\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Norbert\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Google Mail = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.05.29 18:13:20 | 000,001,332 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.de
O1 - Hosts: 21 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKCU..\Run: [Ythoeliky] C:\Users\Norbert\AppData\Roaming\Tukiu\moyxh.exe ()
O4 - Startup: C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Printkey.exe (Fred's Software Company)
O4 - Startup: C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 3518887414 = 50 4B 03 04 D5 45 F2 60 F6 F5 BD D1 98 17 00 00 00 50 00 00 86 87 59 DE 0D 38 6F 5A 8D 9B 08 42 FE 93 3C D0 49 37 40 E3 B2 AF 97 4A 32 9C C8 EA C5 52 2F 50 DE E1 47 63 15 72 F2 70 08 0E 76 22 47 46 DF 9B 0C D8 04 1C 90 B5 DC D1 F7 F7 28 BC 2E DE 42 4A 05 87 0E D5 B9 41 05 4D 5B E6 2C C7 25 9B DB 67 23 69 D6 89 47 20 91 A3 8F 11 CB 36 A6 26 C1 66 1B 12 49 BE 7A E0 A8 AA A9 95 64 A1 7F EC 91 D7 0C 6F 6E 09 63 36 90 C9 0A 5D 6E DA DF 19 7F 04 B7 EB D6 2E 2E 8D E2 83 CA E5 AF E7 B4 54 B2 AC 36 0F 39 22 20 27 05 7A 63 92 B8 65 A4 59 B4 22 6C DE EB 32 6A F9 25 C6 22 E1 28 06 0C 1E A0 14 C3 FF 11 6D 8E 85 7C 3C 8C 6F BC 14 6B 28 27 12 FE F6 06 2F 31 78 E1 2C E9 0D 2B 20 C2 2C F0 14 8F 85 E3 E4 2B A1 72 BE BD CC AE 41 86 7C 7C E4 DA 60 45 55 E6 56 E3 27 34 CF 19 C3 F6 00 5B DB 52 76 55 BF F8 DD 6B 4E D1 64 52 1E 66 87 76 F2 80 D0 5B D7 3F 7B 31 F2 60 06 8A C7 34 31 CC 67 ED 04 9E 20 88 25 C4 7B 48 E0 11 C4 AB B4 54 26 0E B0 40 90 28 55 1D C8 1C 13 5B 7F 71 14 86 FE 72 85 96 32 2F CC 50 3F 63 0B 01 05 11 59 82 35 6B 08 A7 97 8A AC 5A CF 15 EE 78 D2 8F 0B 03 07 04 1C E8 77 67 EB 09 F3 50 D0 33 68 F4 0B C3 3B A1 EB F8 3B F4 D4 1C CB 98 C5 79 E2 F3 B7 49 FD 6C E6 D5 CD A0 13 74 03 AF CB F6 A0 0C 3E B0 2E 20 6E 23 99 FB 58 99 47 19 91 33 AB 39 6A 31 B6 06 35 FA A7 08 37 C6 46 53 E7 F8 DC 8D 70 C5 42 46 70 60 AF 2A DE 54 21 DE A7 A5 FC 42 5D 5A 8B B6 29 D9 17 2F 07 7B 40 59 DA BF 5C 13 5E B3 5B 17 D5 1A CB C9 DC 28 C2 45 06 58 81 AE 43 17 F9 7D 38 C7 F6 74 E3 AC FF 70 06 92 1F 27 1E B5 B4 5B 2D 83 C4 27 3F 43 EC 38 C1 85 13 4C B3 83 BB FC 5E BC 2A 3D 8E 80 12 DC BC 54 EA 24 A5 C0 C6 AD 79 0B 21 61 E0 42 F3 45 18 07 AA 33 19 7D 0E 5D F7 CF D2 9C 03 D0 84 5D A5 8B E2 C6 A3 0F 88 81 88 E5 F0 70 26 AE 95 E2 3B 50 3A FF 5A 90 0F 35 06 44 E0 C3 40 6F E0 7E 2E 05 C7 24 ED 27 4D 16 D3 6E DB 55 D8 75 68 07 3D B4 FF 41 AA D0 4E FC 38 C1 9D 9E 53 F5 42 64 88 4F 4F 02 E7 1C 62 06 DA FE 15 37 48 18 CF 81 BA 88 BC 07 60 FA C6 7F 13 07 78 10 2E 2B 97 5E A5 BD 8C D5 C5 F9 D0 64 94 82 D2 2D 3C AD D5 49 59 9C E7 58 99 D6 4E E8 E7 64 A7 76 46 93 6A 0C DE AA 80 21 E1 CF C2 83 61 F1 D8 61 40 7F A0 97 6B AF B7 21 D5 6C 9F 08 C9 5A 8C 39 70 4D 73 E1 4E E4 BD ED F8 AE E2 6F 55 DC B1 D6 82 90 DB 8F 34 CB FE F0 DB DA 02 D0 8A EE C0 AF 62 B2 75 E8 45 90 31 49 F6 A9 86 9C FC F5 61 A6 9D 96 B3 05 84 A3 45 A7 18 37 71 2E 6E 75 92 45 E7 8F 3A 8E 6C 61 C1 A3 05 39 A4 5D C0 74 31 77 2D B9 64 5E 3F A6 9F 08 57 25 37 B0 CF DC F8 1E B6 8F 02 8E 68 3A E4 EB C5 F0 45 8C FD 68 4B D0 9C 0F CB 7A 8C AD 62 A6 CA 70 6F EF E4 DB CD FB 8F 5B 07 41 5B E0 6B 2A B1 77 72 01 23 07 58 AD CE 59 B7 E1 C5 75 09 86 B8 04 CF C5 A1 C6 3E EC AE B3 75 DB FA 2B 39 93 E7 7A C4 5F 82 12 9B BB 1C 0A 44 C0 72 94 16 3F 54 EE B0 B9 CC 9F C2 C6 9D F6 D7 59 63 AC 38 0C D4 5A 4B 90 3A 46 28 A1 46 D3 59 FD B5 0F CD 17 AE 52 0B DA 53 6C BE 3E 24 AB F7 6F E8 87 62 A5 15 16 4F B9 74 32 28 93 DF 47 62 12 44 00 8D 2C CE 47 12 3E F4 06 1D 50 0C 34 E9 1C 92 D3 9C EC 4B 02 42 EF 02 75 5D C3 AF 0F 2E 8C 49 53 7A 31 71 8D A3 8E E7 7F 35 51 65 BA 35 26 4E 1E 5D 18 41 72 1B 01 5C 73 3C 20 2F 88 5A AB 60 C8 AC 42 F0 5F FC B2 1F B2 6F 55 B4 23 FB A8 AE B8 6A CC C2 D0 37 84 AF B9 DB 84 CA 6A 4F 8E 02 D5 BC 95 8E 5C C7 80 FE 41 BC 27 CC 06 B1 28 8A 00 06 EF 95 70 17 5B D1 D0 96 C5 59 C2 20 C9 88 CA 68 22 97 48 CF 76 BD 36 5B DC 55 19 C4 36 43 D8 93 D5 54 21 D1 A1 72 CC F9 04 6B 8F 47 EC DE 9D A9 C1 8A 4A E3 6E EE 52 A0 61 38 71 68 BA 1D A1 7A CD B8 37 11 93 E5 64 77 C2 82 83 31 CB 30 A1 90 CC AC 83 B3 40 0E FA 09 B4 59 36 6B 71 31 59 E5 E6 6C A6 48 09 49 49 63 12 34 7E 77 BC 0A 0C 0E DD 7B 53 33 2B E1 FD 07 1C AE 05 3A E0 00 D9 70 A8 C4 3C 01 B7 9E 48 3F 4B 7B 25 FF 4C 0F D3 10 65 52 75 5A 66 C3 C8 91 AC 71 81 23 AB CF 09 A5 B6 27 B2 4E CE 1C 68 09 49 71 91 9D AE AF 59 3E 8D 48 E4 02 36 05 F2 96 18 BC E4 8E 45 75 AE D6 73 D2 52 9D 46 17 E4 7F 1F C9 6D A8 05 4D AC 4D 25 6E F4 71 15 58 E1 38 5C CA E5 28 AA 6D 34 F5 AE D2 85 BD 43 B1 1B DC 7E A4 84 20 C3 4E 9A 8A 6D 20 B6 6A 05 0C 5F D9 2C 39 ED 78 85 74 8E 53 0E 64 3F D2 D0 4D 61 F0 4D 36 0D A7 E0 0D 1A 9E 92 ED BB 8E B5 8B 89 EF 6F C1 99 D0 CF A1 36 6B 9A F1 88 39 B2 BB DD 9C AA D1 1F 75 4D 8A 4E B2 7E 8F 0E 5C 1A 9B F6 EC 7F 4E F4 5F 52 02 11 BC E0 14 AF D4 DF 03 E9 03 01 3A DF 99 41 B4 71 2F D0 AB E2 D5 BE 25 56 C8 DF 18 09 4F 0C 58 CC A0 FF 09 17 CF A0 A8 FE 23 A1 42 15 FC F1 99 92 F8 38 C1 E9 08 57 F5 87 90 2E E3 8D 41 1F 1E F1 41 64 19 91 28 B9 22 CD AC 71 21 C1 2F 76 21 C2 7A 27 C6 4F 43 81 12 1D 07 EE 84 F2 DF 7A 2D 0B 99 28 E7 CA B5 F9 8C D3 62 EA 40 B4 1B 3C 5C 76 63 FD C4 87 DA B4 3B 5D 27 6E 65 02 A0 D9 87 87 65 3F 61 88 55 CF 74 AA EC 69 60 AC 86 7A A4 71 0D B2 91 0D EC 73 D2 46 CC 88 1F CF E9 3A E5 81 30 32 A4 BC FF 0C 0B AC 11 F7 65 81 31 92 83 9E 02 E4 4E 3C 02 14 A5 0B 72 8F 4A 84 3F 12 82 81 EF 84 05 54 25 DE 9F 95 82 00 53 6D 07 60 FF 2F A6 1A 08 D2 B7 01 42 52 54 DF 99 09 D6 6C 1D D5 21 B2 66 A1 28 5D 92 68 5F 5D 27 28 D8 27 1D FB 33 89 FD 4E 79 7C 9E E1 25 98 DE 6C 6E 3D E0 83 29 99 09 59 16 C1 F7 8C E9 7D 55 22 AE A5 53 55 05 5D A4 10 C1 76 92 09 3D F4 38 2C 01 41 61 AB 09 B6 46 D7 34 0A 2B 66 79 B9 F3 3A B8 8A C3 B7 2F 65 D4 52 05 21 5F F8 61 BE 84 1A D7 A3 51 2A 08 32 78 91 5D E5 5B 6B F9 37 14 B7 07 1D 0B 3F 81 DE EC 68 EC 8C DC C9 C7 34 C5 C5 51 FF 41 2F 31 EF 8B 16 A0 5D BC 4B 68 8D 3A 2E 60 96 70 1F CE 68 35 82 4E EB 74 B9 80 AB E1 E3 D6 44 6E 1E E9 86 56 6F 07 79 4F C4 44 74 2C A9 37 B8 33 D5 DF 76 0B 62 7C 1A EC B9 D1 85 4E 19 C5 0D D6 54 EC 4A 04 98 F6 05 BC 26 AE FD 42 01 88 24 9C 7B 98 02 CF 6D B6 39 9E A7 78 5F 20 F7 6B 97 F3 50 2A 17 E8 2F CD 7A F7 C8 96 2F F0 DD 70 19 44 74 7A EE 8F 87 66 0C E6 D2 E8 BB 69 DD EA CD D7 43 E8 41 A4 AD F6 29 1D 89 13 72 01 67 87 CC 17 B8 12 49 5E D0 ED 41 F0 28 B2 46 F1 38 F1 4C 11 CC 6B 1D 69 63 CE 57 85 5D 48 BC 48 BF 30 AA E9 E6 31 6C 56 F0 72 A6 90 F7 5A 42 36 18 65 CF C4 11 B2 57 75 F6 58 97 39 70 E0 A9 70 E0 9C 5E F9 9A 73 8D 24 5F DE C7 05 2D 51 B8 49 41 1B 8D E4 B1 2E 2F 94 13 BF 2C AA C1 4E 7F 36 1E F1 B6 30 7C 9E F6 96 D0 4E 7A BA 8C 3A 81 0E FD 3C CD C3 FA 56 EB 7D A3 D6 E1 CE EF 44 71 57 84 85 C3 00 61 32 48 30 1C 3D 6A 3A B3 95 4F BD 1B C7 4C 09 BB C1 CB F0 28 35 0F 62 BA 74 5B 91 80 E8 55 1F A6 FB 5A A7 B6 1E FD FF 44 4F F4 36 79 DF 3A 2F 22 1E 22 65 56 AB B9 2F 0C 65 A6 2E 08 F0 DC 15 95 C3 0E 8D B6 78 5D F7 7B C4 E2 8E D2 5F 10 2E 54 B7 FE BE DE B4 00 82 D4 66 DD 5E 44 AE 4F B6 42 1A FE 5E 52 2E 6F 81 3B D6 50 5C 53 5C 84 11 DF 30 57 BE 98 0E FD CD 4A 5C D4 70 C1 E1 3E 95 FC 95 D2 B6 23 41 82 68 DC 76 78 89 80 94 83 CF A9 47 41 61 05 57 F4 CF C4 54 82 C1 AD E6 F6 16 72 60 3B 58 48 D7 56 5B 23 C7 F6 A4 46 17 6E 3D 01 03 B7 67 AC FE 36 F7 E0 11 DD 92 AB 2F B7 08 D6 B3 C5 39 16 5F A0 D8 00 B0 89 1A 72 64 6B C9 8B 60 5A 17 5F 73 42 F1 DF 1A 9A E4 46 3B 4B 1D 2F 0B 00 B5 83 34 EC DE D9 29 95 D8 8D DB 72 A5 A0 86 AE F3 CF 5D 94 02 DF 4A 58 E4 59 84 E1 8F FD 93 CE 6A 56 B7 69 A8 36 E2 4A BB 88 AD 11 23 F9 CE 1C E2 F8 6D 30 DA 8B 80 30 F4 DA 8A C5 A7 7D B7 81 A2 F0 FF A1 02 4A E6 2B 13 46 6C 94 96 80 AA B9 19 14 3B 66 E1 D0 8C AA A4 53 AE 50 B5 A4 22 FA E0 FB A2 EF 48 BE 9B 57 94 0C 5D F4 E2 76 61 62 2E 7B EF EB 61 D6 49 92 C9 3E 9E 7A D6 87 59 21 93 B7 27 F3 FD 5D B5 E1 53 F7 5F 91 88 B3 58 DC BF 8A FF 86 B0 18 C4 62 01 54 09 BF B9 B2 35 B9 58 A4 EF 96 FA B0 AA A2 34 3A 60 33 D2 AE D6 D8 1D DE 43 25 76 2D B2 B3 5E 52 D2 78 F1 4C AD B7 22 6D ED CB 99 0E 59 06 D0 ED A7 FC 16 BA A5 FD 78 DF 86 71 BA 25 E6 3D 16 05 76 98 FD 67 C5 24 04 FF E0 1F C9 76 CA A1 74 C4 2A 5F 91 9E D5 AF 55 8C 26 BC FF 66 32 26 94 EB 92 38 21 8B 8B 82 0D 2B A8 94 2B 56 A0 09 B9 17 94 E9 FF 31 A3 9D 56 34 8F DF D2 68 ED 5F 38 E8 56 AD 03 52 8C 2F 6B A1 B2 1A E1 FE B1 D9 60 AA DF 03 5F 10 F8 78 F2 E8 49 57 CB 74 47 E3 09 90 FB CD C5 2B BE C4 63 A0 30 8E 27 CB 4D 46 D8 37 CC B5 E6 F3 A3 48 73 B8 55 A7 51 23 56 6D B3 47 59 DF CB 99 B1 39 7D 4A 4E 62 86 4D 14 62 88 B5 4A A5 45 20 46 79 76 2E 6D 30 29 83 67 6D DB 74 33 E9 78 95 91 C9 35 44 DE 11 07 83 42 63 37 A7 4B DA 68 0D 8D 25 B1 97 38 51 2F DD 40 34 B8 D5 83 6F 38 C6 77 F0 5E 4E B4 FF DA AA 06 DC A0 C1 D2 D7 DF A7 FF 5B D6 49 52 28 59 E6 87 13 88 D1 7E 02 92 6A 28 50 82 C1 0F 82 EF 16 B7 10 88 B0 C6 36 97 8A AB AF 2E 6F 5B 1A 7F 23 B5 A6 53 99 17 24 D2 20 3A 23 54 01 F1 28 8C 18 7F C1 7D F3 68 91 78 CF 67 AC B9 91 19 C5 9F 8D 77 FE 54 0B 4F 79 22 62 F9 A4 A4 4F 97 20 93 28 06 75 C1 49 0F 5F 40 18 20 23 3F E8 F3 40 C4 6B 50 41 86 9E 5C EE 18 FF 56 D3 4A 71 45 56 97 E0 D5 EA E2 E3 64 4F 6C 5C D6 38 0A 34 0C CD 23 E9 0C 74 75 EB BE 4C 2E A3 41 B6 0C 61 0C 9E BD 64 6A ED 7B DC 5B 76 E4 19 AF 73 2B 15 63 4A E0 70 1A 30 16 F0 AF C5 96 B0 B6 0F A0 95 BF 14 A0 96 CE 16 80 4E 39 5D C8 C9 B9 1B 11 6C F9 DC 11 20 45 06 89 AB D2 89 B2 BA 4F 69 C2 BA 2A 9E E1 51 E4 7C 84 1D 11 89 A0 58 34 BD 09 24 15 FE 82 7E 15 BD 63 75 52 BE 42 6F 73 F2 D2 F6 37 C5 FC 47 DA 11 F2 ED B6 1E 2E 80 9A A1 6A 1D FB 40 CE 58 06 0D B7 56 13 BC 32 0D D1 88 C6 02 DC 34 31 67 69 07 E2 C4 CC D8 24 26 DD 3B 21 8E A0 1A F9 3A F6 EB 12 1B 0A 32 E3 DC 4D 6B 1A 88 AD C6 92 8B 86 E7 41 6B 25 B4 74 AE 12 B3 96 A8 DC 57 D3 88 3C 63 AF 88 03 50 79 21 77 50 C7 E7 B7 3C AF 7B D2 D1 AD A5 B0 43 13 B9 F2 5B 09 07 02 6F 8B E2 F4 41 D7 A3 B0 F2 DE D0 C2 4A AD E8 54 6E 2A 82 DC 6B 02 A2 97 9C 70 80 1E 4A 6A DC 95 45 89 56 CB 40 20 EE 7A 01 CC D5 AC 3E D4 17 8E 4E 26 14 BC B7 43 C6 FA 8D 00 85 92 E1 2C FA 42 43 BC E1 6E 0B 61 8E F8 F1 36 DB D6 2A 66 43 B7 15 13 36 D1 AE 27 61 65 3B 82 65 21 58 6D E8 9F 85 C5 93 0A 61 73 B1 07 71 C2 3E 12 6F 17 95 73 F4 22 87 E2 66 1F 24 49 DD 79 ED A7 FF ED F9 D7 02 DB A3 1C B9 B6 AE CF 1B CF 5D 6E A4 DB 09 88 35 1D 81 FB E3 89 19 FE 8F C6 0E CB 54 7E 0A C6 46 E6 F4 DB 41 94 D2 1C 2E 84 B0 DC CA 75 83 73 15 E3 97 84 04 5C B7 6D 2F B8 5D 3C 43 38 8D E9 30 31 8B 6C 49 F7 5C 04 E2 6F 99 77 2A 38 48 2E 15 AB A0 52 F6 B4 1F F4 A6 6C 03 22 FA 04 D0 55 01 C5 09 86 DC DE 4F 81 1F DF 4D 7F BB 41 92 FF 3D AE BE 31 95 5B 90 25 1D 00 4C 43 C0 F7 64 98 55 92 53 5C FB A0 73 EE E5 4F 77 9D 5B FA ED 20 90 32 0D 68 5D F2 5E 78 E9 30 17 AF 47 A1 17 62 9B 20 77 34 A3 41 57 2D B4 47 90 E7 DE 8F 24 7F E3 D5 EC DE 57 FF 82 F8 2D 93 00 7C A2 A9 C9 A3 5A C9 BA 17 41 16 7B C5 3F 54 C4 D5 6E E7 25 BC E9 A8 AA 87 93 54 7B F0 8D 72 34 31 1B 13 07 A0 4B 6D D7 7B 3A 3E 60 FC 13 1F 24 EF AD 9A C3 22 7B 18 5C E5 C8 3E 69 60 41 AC 62 A5 55 3E 21 68 B6 4C 5F C6 6B 96 D3 44 84 3A 9C 79 E1 94 D8 0C 9C A7 EF 54 BC 3E E8 7F 46 92 FB 5F 66 FC 76 03 1C 9F 04 B0 51 64 C0 01 D1 FC E8 33 5F 06 7A 2E 2E D1 4E C9 E6 1F AD 9D 65 A3 56 8B D1 30 C0 D9 46 4D 31 9F DC 5C B7 45 82 B6 C9 0D 2B F2 7F 2B 12 A8 AE CC AF F4 85 17 E5 47 8A 27 E2 35 A5 7E A0 9E 1B 9E 69 C1 A3 FE AA 94 20 DF 37 C2 2B 11 3C 80 BB B3 39 5B 6E EF C5 F6 AC DA 96 A8 2F 10 98 99 58 97 CB 2D B2 F1 64 E8 97 9C 71 AB A8 F4 2E E7 6E 00 CC D9 96 6E 2C 0F 22 D9 D4 9B CE 98 DC 7A B8 44 53 0E A7 C4 7B A7 C8 1B A1 D8 5C A9 30 A9 F9 7C D1 BE 28 9A 16 21 C7 55 58 06 8E DD 4B E3 F0 EB DC 5E 05 4F 54 F5 54 9A 90 C4 81 96 E0 D2 17 5D 2A 21 FB 46 03 54 64 1A E8 AC B5 D7 89 23 6F 3E 37 A4 A6 86 EA DD C5 B4 41 DB 62 CC BE B0 F4 3A BB 3B 3A 71 C2 17 8A 9A A2 60 C0 E8 9C 3F A8 5C 34 D7 CD A6 D8 FC 4C BE FF 58 35 75 52 4C 69 94 0D 9F 51 6B 2D 4E F6 14 24 54 0E B4 F9 49 45 AA 39 15 91 AA 5F CA A4 D4 1A E4 4A A8 7A B9 1B 24 4E 79 A6 8A 2A 17 C1 0E D7 28 16 2A 33 C5 E6 A2 D2 7A E7 F2 0B F2 77 17 E5 ED 6C 8D E4 09 4D 89 1B 8C D7 0B 24 5E 78 4B 2C 04 65 87 1C 13 4F BD 15 23 AB 4C 4E BD C6 46 AC BD 41 E4 E2 C2 11 32 2D EA 33 80 2F 36 D1 A2 5F D0 BA D4 0E 88 DF 8C 2F E4 31 B8 A6 77 A4 73 8A EE D3 4C 58 B1 2F FA 75 CD 22 79 DE 5C F8 42 BE 6E 14 47 30 7F 91 FF 49 7B E9 8D EE 1A 6E 03 48 77 5B E1 91 61 07 BE 78 F7 05 B7 29 06 F4 73 19 3D 7A 8E 13 1E DE E2 1A FF AD 80 9E 2F 3B 84 09 2B 69 0D DF 56 21 3B B9 2E 45 D8 81 8F 4A AF 4F 81 63 5F F5 E1 68 1A 60 E3 80 5D AE DF 23 7E 3D FE 2F 72 9B 86 B4 C0 BC C4 83 0D 54 69 A9 85 E2 82 44 62 F0 D0 C1 3F 27 C4 58 3A 2F E9 CE D0 50 40 85 28 DC B8 8F 90 E7 BB 02 59 FE C5 54 D0 48 AB 0D BC FE 95 E0 6B AC C6 41 9C CF B0 60 C9 BD C4 3B EF 22 B0 DE CB E1 85 12 8C 3D D1 D4 87 CC 58 BF 72 C8 9A 9B C1 68 47 7C E8 FA 42 1E 69 F9 BD 02 B7 A0 CA F5 4E A2 8E 56 2F 45 98 45 D8 51 8A 99 29 38 28 9E A6 46 2B E1 6E BA 85 55 71 3C A8 26 37 6A F8 A6 B9 A1 23 E3 01 56 5B 6F 4B A5 9F CF D2 F7 01 73 27 0E B7 F2 96 D2 66 B7 2F 33 DA 1D D0 CF 9E 62 1E 11 25 2B 9E 71 2A 20 D4 C9 DE DE CF 6A F7 08 29 D3 EC 2E 13 08 00 4F AC 98 1C F5 CF 04 0A A4 C9 F8 73 14 88 42 99 F9 A7 A2 CA 2F 52 9B 57 EE 10 C7 48 13 3C 31 75 F0 F7 DE 45 A9 F9 52 85 86 AD 22 8F 68 AB AE 03 DA CF BA 90 36 F7 30 38 04 3D E0 A1 48 49 42 89 06 81 06 A0 14 73 9A BC 1F 87 52 43 43 DE 28 10 59 F1 E6 4C 7B C9 0D 05 38 E8 79 B7 FF AC 56 8C 79 DD 05 1A 0A 9C 9A 2E 73 76 99 D2 49 69 1A CC A1 69 D6 B8 56 E3 FC 7D 98 CB 26 30 FF 6F BE 3B 35 38 F9 18 F9 3A 50 E1 5F EB A0 59 0C DD DD 19 9E 51 19 28 83 12 FE DA B8 3F 79 2E E0 E9 DB D8 57 81 AB 49 3B FE 7E 5B 91 E4 2F 9B E3 A7 95 D3 B7 D4 59 E3 B7 91 CB 30 EF 99 63 12 25 BA 95 5E FB 0E 85 99 B1 17 23 54 69 FD D2 5E 91 75 C2 94 98 A9 39 16 9C 7D 77 9B 9F 0E 79 24 42 B2 1B 92 CB 07 B5 3F C5 14 96 BE 4B AE BC 7F 99 EB 9A D6 69 67 34 EF 1B 1D 8C 2A F7 42 5C 0D F2 AF 4A 20 63 BB 2A 06 64 E3 F2 86 B2 C8 B4 94 28 35 E5 8A 30 AE 4E 73 F5 BB 98 B3 12 B1 31 6C A3 01 2E 25 97 9E 73 89 CA C5 6E 64 92 FF 78 A2 BA AB 81 AF 06 9A 4E 86 B4 35 C5 F2 BF 70 9D BC C5 49 F6 CB 1D 24 E7 2F 78 C6 99 58 3F 32 D4 6F E0 CE 4A 1D 2C CC B3 DB 5D 05 B7 43 3C 70 F0 9A BF CC 86 9F 60 59 C7 56 9D D9 EF 7C 34 96 8B CF 15 F6 C6 F0 82 36 74 01 E8 C2 21 4F 03 AA 49 4F BB FA 06 1B 27 04 E5 BB 0C B8 1A C7 78 05 29 2F 6D 23 5E E7 EF 5D F1 FD 77 45 C6 F8 C6 0C 03 F7 53 BD 1F 4B BD 46 F2 72 98 7C C6 52 B0 3F 58 53 86 AD C5 5D AF B6 B4 E3 3F 51 D9 B2 41 C3 AD 7E F6 F8 64 16 74 4B ED 7C D8 C9 43 03 D1 16 C7 6B BB FF 86 E8 70 ED 2A D3 CA DC 6D 5F 4D F7 7F 64 7E 7C 1B 19 D3 04 5F E6 C0 C1 80 FD D5 8F 9F 7F 86 FB 78 43 C5 90 04 87 7A EB 7F 19 3F 23 AC 1D 59 51 19 56 DE 7D A2 A9 93 6F 16 D7 63 12 B6 E4 83 4F 21 ED C6 B2 51 17 CE AB F2 BD E8 62 3F 3D 2A 04 9F 89 0F 4D 1C B9 57 2C 47 E6 A8 07 E6 FC 53 0F 5D CD 5A 53 BF CB 96 BA F2 42 C0 60 E3 1F 5D AC 87 F5 89 3C 10 A3 F1 18 05 85 75 8C A2 35 C7 E4 F3 74 C5 08 B2 57 0F ED 46 EB 04 5C AA B2 60 96 19 00 16 E5 5B 45 58 1B B9 D9 66 2B D4 6A 04 A0 B6 20 37 61 A0 63 AC AC C7 03 18 B9 29 8B DB 5A 34 05 5F B3 69 A2 03 FA 65 59 21 8A 00 33 9D 7F AE AE 0F 86 CD AC 13 64 DE DC BD 49 C3 A9 8B 4A AD E6 13 1D 99 6E BD 38 37 41 88 34 3E 2E 43 DB 2A CD 06 F9 09 FE 52 DA 9E 60 ED CF 70 27 9A 1A 07 54 AD F8 2B 2E 22 94 22 B4 F1 84 35 2C 1D FE C3 F1 B4 8F 54 11 28 74 37 3F 60 BC 59 DD BE A3 4C 6D A4 36 19 5A E0 E1 F1 EC 65 2C 2B 2E A5 62 48 67 B8 5A 28 25 F2 25 E8 F5 06 3C 52 8B A5 59 40 B0 37 1F 86 DF FD B9 24 71 4F 2C B7 62 C0 52 98 27 38 61 67 78 37 91 71 BC D1 C7 50 E9 FE 2F 23 2E 26 7F EB 96 D7 86 67 13 46 F9 13 3A 0E 5A 76 D3 12 4A 52 05 4A D5 C9 97 7D 02 9C EE 5D 00 A2 B2 DE 3C 40 5E 4F 82 DD C1 C9 F8 77 89 9F FE 96 84 4C E9 62 26 C4 0A D2 1C E2 7B EB 1C ED 9C 34 5C 44 47 CA 26 65 A1 B3 78 5C 99 71 43 BB 11 D2 DC 75 9E 55 B3 17 1B DA C1 9E EF 7E 55 84 4F 8F D3 A5 14 B9 4B 40 6F A2 61 41 3A E4 7A 5E 70 D1 94 1C C9 D1 F3 FB 5C 72 3C 7D 81 4D B9 16 E1 D4 4D 9A 06 CF F0 69 E8 7F 2B 3C F6 59 8B 90 00 A3 AA 75 DE 21 ED 83 0F 80 48 2E 40 97 C1 EA 33 CE 2D 81 94 53 20 87 E1 98 2A A3 85 89 18 76 D8 14 B6 8C D1 8D 73 84 24 90 3E F3 A4 95 6D 43 48 B8 2C 4B 49 8D 9E DB 4E 6D E2 AD 24 AD 97 99 48 EE 9E 8B 33 0C 44 1D 30 6D 24 62 D4 4E C1 B9 D7 2C D5 6D 28 96 3E 25 A0 FE FA D9 E3 D1 16 DC D0 C5 21 AC D0 F8 52 C2 D6 EB 84 7A 4C E6 3B 58 D0 D0 82 0F 49 D8 97 68 7B 64 E1 12 F2 B7 A6 D0 B3 01 03 05 0C 30 AE FD E8 4E C3 00 99 36 DD 7F 10 30 52 17 DC 1D 18 22 50 FA 4F 1A FE 82 A3 F8 3D 56 3B 4D CA D1 00 DC 8D C4 7C 1B 7B E1 A6 0F 32 A1 10 9B 28 A2 C0 BD 39 61 0D 49 22 31 15 AF 1A 33 29 DB B3 E0 65 AA 51 3C DE 4C 5D 22 B0 BF DE F4 89 50 C5 19 AC 95 E0 3E A1 42 60 58 8C 17 37 94 8C 68 83 98 35 3F 62 65 1E AC C2 B3 9F 56 77 D7 42 F5 FF 61 B1 F1 F2 10 F1 68 DB DF 87 5F 73 33 3E DF 5C 38 C4 E9 1C 65 2A 2D D4 1A 0C 83 FB 6C 91 31 C3 D0 6B 7D CB 95 BF 6E 6E 7C 3A 45 0F BD F2 3E 27 40 98 C1 9D 53 63 3A CF 7B 6F C9 D7 4F 79 FE 29 B0 DF 90 9F 65 51 94 56 16 76 1C 30 3A A8 B5 C2 FF 6B C0 0B 92 76 CF C2 00 3B A7 09 69 C4 55 1A 4E A1 0C 37 1E A8 A1 B1 43 01 7D 79 A5 99 5A BF 0C F6 45 8B 6F B4 26 FC 81 81 A4 FF 4A 55 C5 7B 5A 0F CD C9 C3 3C 3E CB 09 44 83 62 2A 3E 8B 14 A2 6B 11 55 C7 08 6D 8B D2 25 FE FE FF 36 4A 28 7E 66 1A FC 13 F7 70 83 69 9E D3 E5 20 E0 3A D5 3A 98 FF BA 6C DA 35 73 E5 C5 10 96 EA F4 75 CE 3E 12 97 62 5C 8C 81 71 F4 45 8C 7B AB 0F ED 53 5E 9A AF 0E A6 15 F4 5E B3 A2 D0 35 28 0A 2F 8A C4 2F 86 46 53 79 A8 0E 82 79 53 AF B7 37 A8 CC C2 9A D3 41 B4 C3 31 08 95 04 6F 99 EC CA 1E B9 19 67 9F 2D 5C E6 F1 FC BE EF F0 83 5B CD DB FE A1 DF 7B BB F0 3A A7 50 B8 C4 64 37 F2 DA 5C E0 79 86 9D F9 75 86 F5 2D D4 2B 4A 29 2E CF 9C 0B 96 AE C7 92 F2 91 65 35 71 37 31 33 FF 3D DD E8 5E CB 6D 4D E2 F3 49 E7 1F 89 3A F2 FA 42 A6 8F E1 9A 5B 02 E5 BE 78 1C 03 53 12 D9 12 90 6E 6F 98 0E AB 54 54 29 72 67 73 75 F5 FA 6A 63 16 4F F6 07 B2 6D 43 5B 90 3D 68 17 98 63 F0 2C 3B E9 CC 56 37 3E 8A 54 C7 B2 34 92 96 C8 5C 3D A7 A4 8B F7 7B D4 B5 A0 77 61 EB 7E D8 80 E9 F4 BF E1 94 99 71 BA 35 BC BD 28 05 F6 1F 57 2C C2 09 E4 BE 34 F6 A7 81 A5 A2 A7 9E 72 8A C6 FC 7E 51 6F F3 42 B3 80 37 63 30 88 4F 64 55 22 75 A7 A3 02 45 46 33 26 67 2F 56 FE 04 F5 60 48 C6 45 01 D6 0F FC 30 9E 99 76 FE F7 93 1C E6 71 EF 69 63 DC 01 5D 56 C3 08 2C 92 30 AE AF 70 72 53 3D DF A1 B1 9D BF E0 01 26 6D 8A 09 DB F2 42 70 25 E9 B5 95 01 F0 60 F7 5D 45 E0 74 87 00 FA 26 B9 2C 52 C8 F7 13 10 DD BB 1D FB 2E 23 D4 70 92 43 FC 4C A1 A5 98 40 DC 07 F4 32 54 8F 00 75 BF AF E9 84 0C 57 54 BE 5C FC CF 97 F4 8E 78 B5 94 93 9E 9A 9D 73 7B 3E 7D BC 36 43 06 BD 30 9F 47 9D EF EB 03 C0 9F CD E7 DB 9A 4F F1 D3 58 65 E6 B4 62 23 1F DF 5F A7 43 1C FE 3A 68 B5 D7 15 2B 02 1E 86 C6 4A 5A 51 BE A3 FF 81 BA 9A A5 27 EC DE 12 33 05 C4 71 B3 F2 B6 D6 88 77 82 C2 20 8A F2 FD 56 55 F9 EE 58 EB C1 26 A0 17 CB C0 0E 25 55 A1 17 22 B4 53 4C 2E F3 17 E8 11 06 60 2E FA 8E 81 12 72 89 C9 DF 32 21 5F 25 7F 59 4D 4A F9 31 F7 16 F0 78 5D 77 6E 44 B7 1D 86 36 E3 4D 5D B4 DF 15 F1 E3 81 B6 0F 37 60 8F 0A 2C 23 45 52 AE A4 44 B4 EE 28 DD 79 B9 AA C0 BB 62 FE 2A 10 05 54 16 3D E1 04 7B 37 0F DD 77 85 65 D8 83  [Binary data over 200 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 1781466620 = 50 4B 03 04 28 0C 19 52 FC 05 2F 6A 12 04 00 00 00 30 00 00 86 87 59 DE 0D 38 6F 5A 8D 9B 08 42 FE 93 3C D0 49 37 40 E3 B2 AF 97 4A 32 9C C8 EA C5 52 2F 50 DE E1 47 63 15 72 F2 70 08 0E 76 22 47 46 DF 9B 0C D8 04 1C 90 B5 DC D1 F7 F7 28 BC 2E DE 42 4A 05 87 0E D5 B9 41 05 4D 5B E6 2C C7 25 9B DB 67 23 69 D6 89 47 20 91 A3 8F 11 CB 36 2D F5 C2 66 1B 12 49 BE 7A E0 A8 AA A9 95 7C 82 4D EC 21 CF 14 8F 77 12 D6 85 8D E8 09 1B 43 F7 8E 39 22 38 CB 41 7E 70 19 F4 16 37 7D 80 53 AE 40 34 51 C7 03 E5 5F 64 30 D1 A6 61 73 27 01 85 49 61 7E 3F 6B 0A 3C A9 01 1F 73 2E 02 C9 97 36 F5 26 39 DD FF 33 C8 1D 8D 4B 20 2B 85 6C B0 62 F8 78 6B FF 78 F6 27 BD BA 61 E3 AC B5 52 75 F9 48 63 E9 08 27 81 F3 38 2B 71 72 DA 84 BD DF D9 CA 0A AE 09 70 7B E1 39 42 8F 5B 9C 1A E2 0B 9F 76 8C 79 2C 16 26 6E 59 EE 25 4A 9E C1 D5 42 F6 0B 05 9A 4E C1 97 41 DD F9 D8 B5 6E 45 91 8A EC 4C 76 7B F6 05 98 E7 55 4D 19 4F F3 3D 84 7C 9B CA DF 7C 2A 6F E1 8E E4 78 68 A1 88 7D 9F D2 0D B1 DF 6B E7 AF EC D2 E3 9A 69 BD 2C E1 5D 76 98 7B A4 7C 7D 66 D3 6B A9 1E AC 24 9D 85 37 F6 A4 12 2B AA 33 F1 97 44 68 0C 89 65 9F 2B AA FA 1F 3F 90 50 5C C0 F8 DE 16 5C F6 F1 BD A6 46 C9 AE 93 4D 1B D3 A9 BC 8C D7 25 0B 9B 88 82 5B 41 9A 44 DB 49 72 06 29 BA E8 42 37 E8 FC AF 33 D6 1F C7 D0 F0 1C F6 9F 84 3B 97 F1 8F A7 E1 8E 1D 01 CC F4 89 4A 43 45 CB 51 08 B6 A0 D6 58 47 6C 00 1A EA 38 F7 AB A6 25 73 D9 AB DA EA AA 37 72 13 12 79 53 1C B2 F2 9D 58 80 C0 82 5B 37 74 C4 BD 28 92 69 CF DC 69 EE 65 D4 78 D6 2F 1A 20 77 C6 42 C9 C0 F8 D3 8F 65 DB 01 0D 27 8F 28 58 9D 04 05 D1 74 17 C7 E6 B0 CC 6B 89 E0 E3 D4 07 A3 D6 02 BC B2 19 39 B8 C7 E2 A0 F8 CA CF C2 EE E6 D8 0E BD A5 20 47 60 3E 74 E9 FE 9C EA D1 4D 05 F6 6E BB 3C 6F 4F D5 1F 6A 0A AF 2C AC C2 3F B3 4A 09 B3 10 5A CA 18 45 88 A9 14 26 58 7B 50 46 15 3A 86 A7 50 33 AD B7 9C 24 AD FC 04 7C 47 54 FE C3 CB 13 44 55 01 F6 4A A5 1C A9 B4 39 9A 31 03 36 94 5B 5A DA 82 04 CA 4B 71 89 0F 72 A1 D5 BA 49 D3 F8 78 08 F6 41 9D B5 BA AA 0E 20 A2 10 38 6A 67 F7 07 13 2E 84 2E FF 52 1F 7F 1C AC 1E EC F7 99 42 7A EC 54 99 CB 96 73 18 09 EE BE 77 20 DA 0B DE 66 99 DA F2 2B 9B 7E A8 A6 0D A6 A2 AA 6A 1C BC B5 DE 6A 91 23 8D 18 78 B7 3A BE 9C 85 78 B4 1C 9E 0A BD FF 4B 43 93 B4 BF 3D 9C F7 0D 08 F1 ED 2D BD 79 71 5C 67 C0 E4 E7 2F 29 C5 E1 62 A3 FB 52 AC 08 74 4C 2C 8D 66 E2 82 F0 DF 0D 91 B3 6A 37 E4 E1 E8 AF 8B EC 23 56 CC BD FD 1F F6 87 80 48 C1 96 1C 57 06 C8 21 A6 11 85 CA 79 6D C8 39 02 1A BD EB 93 5A 8E 9E 9C 05 2A 4C 56 78 FA 29 A0 9B 0E D4 6C 5E D7 40 46 E8 15 83 DE ED DC E6 81 A4 69 1F BE 5C 44 28 55 72 38 BE 7E 1D E1 C1 D2 DF 88 69 5D 71 45 6A DC 7B 55 EC 3E C2 82 D7 A0 A1 55 91 A2 B2 D9 B0 B9 0F 71 BC 0A 73 89 82 17 BB 8D 89 28 33 C3 77 B1 7F 1A 8F 80 60 7A 5A 47 AE AB F2 AC 3A A9 5A 4D 3A BF 81 B6 2F 85 DA 68 FA AA 60 F0 FF 19 DC D8 9C 8F A0 D8 74 ED F4 7C 11 49 A9 03 95 66 51 BF 0C 4F F8 FB 74 8E B8 A5 ED 35 B7 86 CF 91 4D A6 D7 5B 63 E1 CB 7C 63 4F ED 82 67 55 D5 4D A8 A5 42 2A FD BB 52 E1 8B B2 FD 0A A0 91 52 85 96 0B 13 0D AD 52 09 F4 AD 75 96 FB A3 8A 86 9F B7 F1 69 30 15 A5 EC 6D 66 D7 00 01 3E 65 43 E2 FB 8B AD CB A8 98 90 1F 2C FF D6 98 6F AA 82 9F DA 79 14 06 86 D1 8F 31 41 BC CC 88 62 01 D1 2D F0 5D E5 ED 34 9A A0 E1 A3 57 78 EE  [Binary data over 200 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 3212083974 = 50 4B 03 04 E8 34 CB C2 06 83 74 BF B5 11 00 00 00 40 00 00 86 87 59 DE 0D 38 6F 5A 8D 9B 08 42 FE 93 3C D0 49 37 40 E3 B2 9F 97 4A 32 9C C8 EA C5 52 2F 50 DE E1 47 63 15 72 F2 70 08 0E 76 22 47 46 DF 9B 0C D8 04 1C 90 B5 DC D1 F7 F7 28 BC 2E DE 42 4A 05 87 0E D5 B9 41 05 4D 5B E6 2C C7 25 9B DB 67 23 69 D6 89 B3 61 CF 72 8F F0 B3 CA CB 48 3F 7D 3D FB 51 C4 98 FF BF F1 4D 7E 58 06 04 87 E6 B3 AD 5A 11 DB 96 EA 85 84 07 C6 97 A3 EE 06 35 5D 0A 5D 02 E2 2A E1 BA 4C 53 E1 88 F8 61 7C 14 F3 1A 63 36 7E 54 0A AA 01 B1 EB 67 68 43 52 7B 71 ED 92 78 F5 CA A8 89 5D FC E2 96 4A 95 8A 43 B8 21 BB A0 2F 84 BE E7 C5 01 C8 F4 00 2F 88 ED 46 35 04 21 27 E6 44 DB 9F 41 46 63 C7 27 96 34 7E 2E 97 A9 7B 21 5B 36 A7 40 D3 EF 37 1A 86 B2 C4 CE 68 3B 59 A6 ED A3 5F 86 A7 6D F0 E6 7A 4C C2 2A 46 2B D9 8A 63 E6 3A 97 A7 45 56 3F E7 CD FF 53 86 B8 BE 9C 0B 63 F4 88 9A 27 BC 24 90 8C 86 AC B4 47 B4 3B C5 47 12 3C F8 F6 59 0A 5C C3 83 3A EA 4E 25 0C 6D 65 19 13 22 C1 C4 02 6B 0A 3D 6C F9 58 EB AA 7D B2 58 E4 42 02 D1 69 AD D3 1F F1 59 F2 5C FC FF 0C D2 7A 29 7F B7 F8 35 A0 5E 9B B5 28 86 FA FC 6B AC 2E 10 03 CB 8C 46 81 85 A3 AD 18 5C AE 9E FE 9E 1C BE 79 C0 B9 63 78 A4 46 00 E0 26 91 38 D7 E0 C1 B5 25 2A 5E 35 A6 42 F9 D0 50 DE 29 49 24 9C 48 76 51 3F 18 63 87 29 7E 24 86 FF 36 05 EE FE D0 16 ED 95 30 68 6D B3 DA 00 52 53 C7 5E 29 9E 33 EC C4 CB 6C BA 85 EE 7F F3 57 2F BD DE 9E CE E4 6B 94 52 C6 C8 B3 44 23 E8 F4 81 21 86 C3 36 39 12 D5 32 16 6B B8 A9 CD 57 A4 45 3D 20 2C 57 99 25 E0 3F FF 40 5B 10 A1 CD 0E 8B EF 6F AC E1 D2 7C D7 52 70 A6 40 F4 7E 10 4F E8 CE 41 00 F0 38 04 E1 34 ED 37 DC 31 D7 68 0F 2C 72 D0 2D BE D8 EB 77 D0 8C A0 11 B1 3C 3E 34 35 1D 10 7D E3 84 3A DE 58 B4 9B AB 78 AC FC FB 34 97 9B CB DF 3F 22 26 BB D8 F8 8F 89 4C 3C 25 74 D1 91 60 56 D0 DC 43 0B AE D7 2B 9E 80 45 FE 43 2F FB 90 F5 DA 5E 33 0D 80 49 E6 24 03 88 55 99 AF 01 07 41 B1 C7 8D B6 EC B6 00 D6 4C 00 3B CA F4 5C 16 1B F6 A3 74 6A 16 05 5C 08 8B AD 43 3D 76 CF F9 8E 4D BB 73 D3 DA 9A 78 DC EF 3D 4C EB 3F 5B B3 55 73 59 87 F5 95 4A 12 F6 C1 66 89 B1 49 91 A4 3F 41 C3 0F CF D0 8E E6 AA CB A0 89 E2 BC 74 00 E5 D9 AF DA 38 33 BD AF 8D 29 58 48 93 C0 00 78 B9 2A 62 7B E0 FF A5 F4 56 22 E4 94 A8 27 E8 2F AD 84 37 CC CF 92 FF D1 9E DE DD C2 08 CB EA B4 D7 BE AE F4 F8 CD E9 45 43 DF 78 7C A3 7F E9 97 39 F5 E1 58 78 C7 2B FC 66 D8 94 6E E3 7C 25 60 A6 93 1B FD F7 80 B8 A7 A8 19 86 EC 01 11 51 3D 61 E8 E9 C6 21 E5 5D FB 32 55 21 61 96 01 97 8A 12 EB E4 10 54 B9 FE 76 0A EF 6E 47 EE 81 13 33 D9 CC 27 D7 C3 79 F9 E8 9C 6F 69 F7 AA 55 60 76 05 05 EB D8 E5 2B B4 31 BE 19 32 6A A1 58 4C 55 57 00 84 2F AB 93 E1 E3 7B FD 21 CB CC 6A E1 D9 7E 4F 3D 74 04 29 75 AF AF 59 E6 14 CE C8 D7 21 4A A5 18 E0 A6 5B BE 4A 10 00 04 08 BB A7 F8 10 C7 13 5B 3E 75 BE 88 F2 02 8C 11 0A 9E DF 36 D2 80 14 5A 24 81 A1 31 AF 02 A9 E6 3E 11 CA FE B1 8A 1E F4 17 55 47 80 CC 55 F6 A0 60 E9 76 9F F0 63 06 0B 49 78 A3 E9 C2 18 6F 63 7B C9 8A 16 49 41 0B 47 AD E1 38 91 18 3F 25 7A 40 CD E8 E3 B9 8A A7 05 E5 19 B9 04 FD 15 87 CC 33 83 DC 29 A7 E1 C7 54 AB A9 AC 13 FB 0B D4 C9 80 89 D4 9B A9 DD 3B FB 98 F8 56 58 30 D3 35 9A 46 DF C3 ED E4 94 87 1B 12 96 F8 BA 91 E9 C0 6F E0 2F 30 11 D0 43 3F A6 25 97 B5 38 6E 89 82 31 6D 3F CE 8D B0 6E A4 C5 A0 CA E1 74 A4 CD 41 AC D7 9C 90 92 1F 72 0C 4C C0 6F 47 22 58 C1 6A CC 20 F3 44 54 4F 1F 75 30 AC 47 30 B1 20 57 93 11 4E 09 3E 96 D6 C7 A9 A3 44 A8 D1 72 FA D5 0E 45 79 D2 3E CE 46 1E D1 9B F0 51 40 0E 3E 3A BE E2 02 C8 E7 37 EB 66 EE 41 BE 22 9A 89 36 DB 17 2B E4 79 E6 FE 21 AE C2 99 4E D8 55 6A 5C 1E D0 FA 10 74 2F 87 96 64 F2 7D 64 59 F8 CE 3B 36 FD E2 E9 F0 DD 8B B0 52 01 0D 44 5B 0B B2 17 4D 01 96 DE EF 0F 38 E5 D4 E5 DD 3A 0B BD BC D7 F8 18 9E 62 4F 39 6D 00 19 7A C1 DA EF B3 10 B1 57 B2 C1 5D EB C9 B5 EB 3D 25 F8 0B 29 E0 46 C3 60 8B 0A A2 00 82 93 89 6C 6A A7 41 AA 6A 6A F2 FE 7F FE 68 76 B4 86 0F 57 7B A2 74 AE CC 8E F6 22 4E F2 6D BF E8 7D 50 2F 22 56 5B 34 E6 79 E5 DA 43 CE C0 68 1D A2 7E 92 06 25 AB F9 7F 65 AA 2F 7A A6 5F 82 FF 2C 5B 26 A4 CF A9 5C 17 F8 A2 46 D8 4E 55 50 36 38 85 D2 ED 28 4D CE 5F EE A5 EB 8D 01 9F 85 F1 CC AE B6 27 91 96 E4 40 67 BF 8B 7A 9D 56 33 B0 AC CB 79 52 7C 91 33 18 9B 41 00 75 B5 CB 7E 91 90 C6 8F 0E 63 BF 68 6A E7 F5 08 34 D7 30 29 10 C5 43 23 5F D5 DA 2D 1A 61 E3 17 E2 F4 93 61 F3 04 78 03 B1 E4 DF 4A 65 C5 FE EA 96 17 7B C2 A1 78 E0 50 8E AF 81 42 38 8C BC 1D A0 BC AB A4 DF 9D 62 83 5B 22 F5 CA 34 8D 33 5C CA E7 0A B0 2F 71 1C 95 1F 41 D2 7D 76 F7 FF 5C 76 29 DD 37 21 AA 95 FA 90 64 B1 B5 95 72 C6 5D 72 11 54 8D 26 70 8D 53 19 64 E9 C4 0D 29 1A 3D 93 FE 63 C1 7E D0 2C A0 9C EE 13 4D DC 3F 6C B0 C3 7C AC 98 83 28 9D 43 76 47 6A 03 A8 72 BB C0 F3 1B 1B B8 08 05 B2 3D F9 85 93 AB 0B DA B5 23 40 BD A5 52 FC 20 97 FA DC F1 F8 83 DC B0 BD E0 9D FD BD B6 CB 8F 2D 09 46 C9 94 C0 A0 9A 45 85 25 87 3C DE 2B 26 39 5B AF C0 BE 80 64 42 47 0A 45 90 B2 A1 3D 14 E9 C7 14 14 E7 56 C5 C9 7D D9 FE F8 6F C5 54 32 4B 2C 5E 7C B1 9F B8 5C C8 42 8E 07 22 67 9E 68 CD 0B 0C E0 83 2F 96 60 C9 1F 68 A9 8C 09 A0 F8 05 6F 7E 58 45 02 EC B2 F0 89 57 5D 4F 42 F3 2C A9 F9 14 B8 5C A4 85 93 ED D4 DE F1 7C 04 6D 40 0F 59 06 8F 01 26 4E 98 82 D6 16 FF B4 D7 B7 AF 56 09 90 B3 43 1B 3E 2F B4 E8 86 BC 4C E3 4B 16 E0 22 A8 67 38 7D 66 DE 24 16 A6 16 7A 9E B1 30 98 04 3D 12 85 87 31 8B FB E0 1F 6A 00 1F BF 21 2E C0 B9 D2 0B C8 70 E7 42 30 D5 A6 4F 16 33 C6 65 8D D8 22 C2 FF D2 83 27 61 AF 18 11 22 FB 6F 74 81 47 20 E3 65 19 15 8B A8 20 F6 74 45 71 70 D7 D0 51 D7 40 0D 93 9F 46 41 7A 10 83 BA 1B 83 8F 24 C6 FB CA B2 2D CD E1 5F 83 BE 8D A6 64 15 16 DA 9A AF BF C6 97 D0 0D FC A2 4B 90 53 2D 73 11 17 36 58 6A 15 3C D9 A1 08 AE 84 A1 16 16 3C 99 E3 43 AE 83 D5 66 2D CB FC 26 32 C5 9E 20 4E DA AC A9 16 F6 66 BD 8E 1B BE 72 88 4A 93 F3 1E 8C D0 24 EF 14 38 3C 42 81 78 5E AE 11 F3 6F E0 EB 7C 1C E0 CD 7D D9 65 D5 2B 72 4A D7 27 96 8C B2 25 11 30 2B 5D 8F A1 42 12 AC 45 CA DE B7 AA 6D 51 A1 20 AB A6 06 DB C8 3C FB F3 1A 78 5E 46 50 94 72 9B 6D 2E 4B 33 FC 6C EE 3A 5E 49 62 94 E7 F8 54 34 B2 E7 C0 81 46 FD 73 36 C5 9B 18 7F 73 E6 38 66 74 D3 04 62 E9 37 C3 18 17 82 92 8D D3 8B DF B8 C6 6B 20 49 69 7C 76 82 BB FC 15 C2 DD 23 86 FE 5C 21 9A 32 40 CB 07 61 11 28 9F 68 89 33 C2 4A B6 F3 D9 34 19 70 26 7A 7F 85 6E 92 6C 2C C7 06 38 F7 1A A8 A7 E0 3D 39 3D 26 92 F6 7E BE 2C 0C 96 AD 2A 73 72 2B 66 99 16 A0 22 DA DB 43 D1 D1 90 70 E8 E4 FD 42 BF 99 2C 4C BD E1 27 EE 28 25 B7 71 82 66 22 7A 29 B5 E0 C1 B7 DA A1 96 23 A0 19 F1 AF 08 CC 9D C8 54 45 76 8E B0 71 08 57 1D ED A9 C6 7A 17 A5 C5 A1 29 EE 53 B7 02 34 C6 10 FE F7 68 3D 0D A1 AE 0B DA 77 0E B6 14 10 DE DF 5E BE B3 84 4F 48 B2 99 4E 57 43 F9 97 17 DC 69 7A A7 70 11 AA 36 BE 4B 1C 68 D1 41 06 21 84 EA 88 A9 77 DE 59 F0 2C F3 8D D6 51 18 47 78 85 5F 1C D4 0F B2 D4 41 3E 77 54 BE 76 5F 92 81 65 CA C3 14 18 67 DD 1A F0 63 0A 3F BA BC 78 1F B7 C6 36 7C A8 DA 47 91 B5 A5 B1 AC 2F F3 11 86 94 C0 2A 99 6B DE 2A A8 2F 7B 4E 68 81 CD 32 56 66 95 F9 F7 BA C9 4B 54 62 21 8E 0D 21 86 DE A5 1C 2C 33 96 B1 49 5E 0D 4E AA F1 87 D6 12 22 A1 B3 31 A6 91 F9 9F 1E 04 0A 27 51 F3 14 72 71 D1 7B 9C AB DB 17 77 28 FB 95 D2 1B 68 AF E5 A8 A9 95 F3 5E 5F 6C C0 71 A9 C0 CC 64 C3 E5 B2 4F 17 68 9E A1 59 35 66 04 C5 14 94 9E E0 DF 33 D3 33 30 FB 5B 50 BD 05 C4 64 62 09 BB F6 0C 4B CD A5 21 CD ED A9 7D BF 59 EE 18 6B 8F AC 2F A8 FE F4 E9 A5 D2 8B CF 44 7D E3 F9 1F CD 98 54 B8 7F A6 D7 C9 58 43 35 FA AC 30 09 9B E8 55 C2 75 CB 96 E9 8B 5D 5E F9 9C A1 86 1B 77 07 AE C6 18 C5 F6 56 77 7D E6 37 73 96 60 94 FD CC A4 F9 4C 16 C6 F3 BF 52 95 C8 E1 7F EE CD 91 5D 3A EA 06 75 06 2B 2B 0D 70 38 35 C3 45 28 D5 4D FD 7B 53 A0 52 5F A1 06 1B 25 D4 AA 84 5C 5F D1 E7 06 20 BE 53 11 B5 B3 C8 28 C6 E4 F2 43 78 ED AA FE 10 01 A7 3C FB D4 E9 AE 61 2C 79 F2 C3 8D DA 17 2D 60 C1 CE B3 43 EE EC 07 65 30 18 AF 8B 37 0E C6 11 5C E0 C4 C0 F1 59 D6 27 7B 1E 24 64 CF A3 29 70 1A 8F 37 5C 6D 45 D7 78 EE 13 37 75 AA E0 B9 E6 BD 7F B5 47 45 AA 48 F8 8A 32 6B C6 58 91 A5 70 C3 93 D8 C2 43 4F 78 A0 3E 06 51 F8 6A 39 14 43 F0 BA 02 8C D7 DB 0F 0D BB 90 56 B8 53 54 D7 81 1B 20 0C 23 3B 32 D6 40 9F AA B4 9D 8F 1C 89 A1 2A 2C C4 F8 6C 7D FB BB D6 AD 9B 18 65 46 14 11 A4 41 67 CD 12 D9 09 2B B5 30 6F 72 4D 89 47 7A 0C 3D F8 E0 EC BC 0C 68 59 B0 05 88 4B 0D CE 10 9B 5D F8 BA DE 08 9B F8 A5 1A 9C 67 7D 59 B6 8D FE ED C9 33 CC EF 11 5E 2A 16 E5 75 42 7F D4 81 AA 50 B0 58 64 0F E2 CE 81 A4 7D 2D 80 66 CB 22 09 24 E6 8B 12 99 3D F8 38 07 4B E1 6D AB EA 63 53 CB 20 89 57 B9 AA 6F 45 BC CF D4 4E D0 42 3F C5 01 00 83 EF 80 39 BC 76 21 58 2D 45 D5 8F 04 B1 2E 8A BC 34 95 01 AA D5 6A A1 01 D3 11 CB 9E 34 7D 9C E5 C0 5D 36 58 7B 27 42 80 E1 84 8F C4 54 9E 91 19 76 E3 13 F1 F8 17 78 4F D1 A3 52 28 2B 70 E2 32 31 76 86 1A F1 7A 36 38 57 69 9C C0 1B E4 06 E3 70 F7 B3 8D 14 66 CB 1A B1 07 BB 3B CB F3 AA 6A EF CF D8 5B 0D 82 9A 72 5C 72 73 28 88 D7 F2 18 F7 49 11 ED 2C C1 77 F5 91 91 2C 26 60 18 38 B0 3F BC EF 50 FD 84 B4 27 06 A6 0E 88 45 81 A2 8B 0A 35 33 D4 F1 BF 12 E2 BB E4 91 0A E8 34 72 BC 91 50 B6 A1 38 20 6D B3 AE 0C BE B6 A6 1E 9A 41 52 CF CA C3 DE 9C A0 42 B8 B3 A8 69 24 9A 89 FD 67 EF 2C E1 06 CE 6F 93 4B 22 44 B9 B3 25 A4 B6 AE BA 22 46 EC A9 52 DF 55 72 F0 19 84 33 F8 63 CF 2B D6 D1 E6 3B 9D 4E 36 F5 EF 3B 19 27 7C 3D 65 BA BE 63 F9 51 D3 DF 20 0B 7D BD 0F 28 4A C5 96 2D 43 CE AB A6 9B DF C4 03 86 70 8A 58 51 12 C9 05 F5 06 BC 04 79 CB 67 F6 14 41 3A 02 F6 7E 92 81 65 51 F0 56 D3 66 BC 5F 45 3C AF 6F 44 BF D3 31 9F 40 39 48 C4 D2 26 46 EC C7 40 D1 E3 85 34 EB 35 62 64 4C 26 37 07 47 96 AD AF A6 F6 38 3B E4 92 23 BA 2E 95 12 20 5F 7A 22 28 11 6E 6F 4C 1C 80 E2 77 38 FB AB 3B F4 3C 3E 06 02 CA BB 70 CC D9 97 A2 D0 2B 70 AB 82 E8 22 1D 49 A4 DA BE CA 60 5F 4D AD A1 B6 8D 02 B3 32 29 58 7C 7C DB 97 36 07 9E 32 71 E2 BE 76 58 30 16 7E 2E C5 98 3F B3 08 AE E7 7D 88 8B CA 46 71 5A BF 19 9F 04 F2 9E BC 09 F0 BE F1 7C 09 EA E0 17 10 4C 5F E3 C5 DE 26 1B 78 E0 CA 1E 91 83 C7 96 98 0C E2 74 23 35 09 A2 B0 11 60 38 86 F3 EF 91 01 F1 56 6B 77 9A 12 FA E7 98 C1 1E B8 08 BE A9 15 DF C9 C0 8E B4 49 70 75 77 9F 38 86 FA 93 0D BA 81 7C 5D AF 4B FE 1A D8 15 39 E8 D4 F5 93 7C EA E6 A2 C9 DF CC 37 81 49 01 A4 95 5E 3A CC 50 01 B5 43 F3 AC 62 20 14 6D 6E 79 E2 9F 60 10 C7 EC 2B 04 66 67 32 2B BC 8B 6B CB E7 C0 0A CC 8E 65 63 A5 D4 73 5C DB 9B AF 68 54 75 A5 D3 54 24 81 67 88 5C 3F 6A EF BF 95 18 4D B8 33 B3 32 93 E0 AB A1 AD 02 EC 23 2D 47 6F E1 DA A4 29 00 71 8C 04 D7 18 2B A2 A3 E7 79 BB 52 18 62 38 D2 0B 10 CE 9F C5 01 FF 1F F3 C3 17 87 6A C8 4D 51 74 D3 C6 25 3E 49 5E E9 7C BB 9F B4 1F 26 25 24 F9 5C C1 26 7F 3B F9 EB 00 33 C7 85 3E 0F 1B 64 E5 0B 7C DD 2A 9D 74 32 A5 09 6C 2F 01 45 E0 F1 06 11 F3 E5 05 D2 9A 45 7A D0 93 20 72 20 82 9E 2B CF A2 41 19 C2 9F FF E1 DC 7C 16 80 59 2A DE E8 EA 06 60 5D 90 C9 53 29 09 52 59 9F 80 48 3E 3A 85 40 F3 A2 F3 7C 7C 8F CB A1 71 2E 9F 5D 09 70 BF 4B 38 E7 E4 0D FC BC 97 07 35 C5 25 31 8C B1 60 09 90 68 C5 18 D9 02 2F BD D5 DC CD 8E 62 37 35 B9 AF A3 7F 8C 19 26 B8 7D D6 BE B9 B9 64 4B 62 D9 7E 19 63 27 6A 67 A3 DE 28 D7 71 69 14 89 31 73 A0 67 47 DF 96 71 42 13 16 0E 7E DA C7 9E 43 08 81 E8 94 6A 9B B4 7B D2 88 BE CB 9B DC 5B 74 6F 0A FA F3 D4 C0 E8 C5 05 51 59 0D 28 2A C2 16 17 6F 56 F4 4B A8 F2 06 28 62 E6 E8 04 94 59 7C A6 4A 60 2F A9 96 10 43 84 87 68 7A FC 6A 0F B8 66 ED 2C 9F 0F 38 14 BC D6 3E 7D 2F 78 E6 8F 02 C4 54 13 80 12 E3 42 86 1C 78 2A 6F 88 4E FD 5B 31 7C 8B CE C5 61 67 A4 CE D8 0B 0B 1C 14 57 22 5D 8D 40 4C 08 23 87 BB 99 C6 0E 1A 18 AA 5D 63 84 0B 0A 9D FF F4 87 20 26 3A 9C F5 52 9E E1 DA CB 35 B0 0E 66 43 C5 34 99 7B D8 4F 0F 32 E8 F5 CF 1A 0E 22 3B 95 85 57 9B 61 3E EF E4 37 CB D2 C7 3F 5A 39 03 6D FE D4 C5 9E 5C E9 B0 91 87 26 3F BE E3 79 ED 43 2D 15 BA DA D2 C8 A2 18 CF 31 45 A5 99 F6 82 E7 D8 BC 1D FC 56 4C 39 17 1B 3B 85 4A 89 24 9C 61 8D 63 51 E0 BF 58 E6 6E E1 2C CF 78 47 E5 13 DC BD 92 33 CA 33 3C 54 FC 69 97 0D 7C DA 32 81 88 9C 46 27 C2 C9 DE D2 10 43 9F 8A 21 EF F8 0A 54 39 37 CD F6 76 33 47 14 55 46 FF F9 42 0A 68 39 A0 BA C0 5E CC 3C F2 8C E3 61 DF 23 AC A4 6B E5 38 85 7A 07 FF 12 67 68 86 AE D7 C5 C1 6A DB A4 C9 E3 02 21 73 35 73 55 FE BF 5B A4 53 A1 67 8A DC 17 71 E8 25 09 61 73 C2 4C 50 6D 2C 78 B8 B9 D0 96 64 E6 A9 69 17 54 AC 5F 05 FE 6D C7 92 40 6F E5 3E 8F 4C E6 C6 56 20 F6 67 8A DD 5C DD 8F 15 26 0B 2C D6 AF 99 65 38 65 85 9E BC 17 08 A7 E6 A2 E1 13 6C 5A 3D 90 76 41 81 AE C9 D6 D7 03 3E 73 94 D9 D6 D4 0D 0F DD 4C 8A 88 76 23 3B F5 60 96 27 A0 6C 1F C1 7A 7B 7D 69 39 BF A9 B0 A7 9B 73 0C 3B CF 4C 20 F8 3F B4 E5 73 E1 BC 5D 32 C6 32 32 F9 0C 08 8F 10 1C 7C A9 4B CA 69 B0 36 7B 92 49 ED 5F A4 8B 9E 21 95 39 95 CC D1 B0 59 2D 85 17 CE 5F 2D 6C AB 48 E7 2C 9D F2 BC F1 F5 59 42 60 01 96 71 5D E4 7E 7A D0 F3 DC BF F9 68 D0 31 4C 66 E9 0A 63 1E B4 63 08 E0 A3 0E AB 71 47 BB 9A 37 57 00 C3 64 6E 67 86 2E E5 C1 FC F0 3F 02 52 E0 7A 0B F2 BD 20 17 A9 49 D6 BD 02 33 FD 9A AA 2D EA 09 71 9A B3 88 BB 9C DC AC 09 15 7A 63 5B 6A 18 28 EB B3 A0 22 B6 3B 2B DD 75 A4 51 6B B8 74 F9 D6 1F D2 5B 1B 97 C8 C2 0B 71 44 FF 88 59 3D 25 CA 28 62 FA C9 25 BE A8 86 9F 1B EA 6A 2C 6B 2F D3 E8 10 A4 4F 8F 78 87 5E 74 23 25 A5 16 F8 BC 21 2D F0 B4 C9 42 04 4E EE 6D C7 44 12 96 71 3B E7 3F 7A 73 0C D6 0A 3F 45 45 D5 05 0E 3D B5 2B 51 C4 80 6C 2C 3F D7 7E C7 3A 5D E9 92 40 F3 6D F1 63 3E 7F B3 52 0A 64 FD AD 15 7D 73 72 1C CF 28 24 AD 4C 79 7C 91 14 1D 78 13 F0 43 3D F8 D8 44 07 D2 B4 80 7A AE A3 71 09 3B BA AC 8C B1 68 34 A3 CB BC 76 E8 C3 23 DA ED CB A3 35 50 73 38 6F B5 E9 9F 0B F2 40 4E E1 14 FD 47 63 98 17 6D 8B 5E E1 96 DA C5 0F FA 41 0F 8C E3 5D A4 59 B0 00 DD 47 81 F3 04 7D A7 74 44 05 A5 FA 87 72 58 AF B5 56 C0 4B D7 C6 DE E3 42 43 4D F4 86 84 B0 62 BB 74 A7 1F 5F 70 80 9C 88 18 CE 52 2F 47 93 20 FD A1 E4 79 E5 D2 3F E4 E8 5A 81 2B 56 14 6B 98 BA F0 C4 4A D6 D3 45 2C 45 A8 F1 6D AF 7D BF 4B 80 4A 59 AB E6 AF ED 1B BF 65 FA 18 C9 0F 91 EA  [Binary data over 200 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89969DE8-1280-4920-9B44-9C3958458121}: DhcpNameServer = 192.168.4.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B34D42C6-68EB-4E24-855E-58506F5252C2}: NameServer = 192.168.4.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Programme\Stardock\Fences\FencesMenu.dll (Stardock)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - H:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ef74e082-ec70-11e1-898b-bc5ff43ad264}\Shell - "" = AutoRun
O33 - MountPoints2\{ef74e082-ec70-11e1-898b-bc5ff43ad264}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{ef74e082-ec70-11e1-898b-bc5ff43ad264}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{ef74e082-ec70-11e1-898b-bc5ff43ad264}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.26 16:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.07.26 16:17:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013.07.26 16:12:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.07.26 14:46:26 | 000,000,000 | ---D | C] -- C:\Users\Norbert\AppData\Roaming\mirkes.de
[2013.07.26 14:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\mirkes.de
[2013.07.26 14:43:10 | 000,000,000 | ---D | C] -- C:\Users\Norbert\Desktop\8 gb
[2013.07.20 16:29:21 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.07.03 12:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.07.03 12:31:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2013.07.03 12:30:32 | 020,553,576 | ---- | C] (Simply Super Software                                       ) -- C:\Program Files\trjsetup687.exe
[2013.06.28 18:43:29 | 000,000,000 | ---D | C] -- C:\Users\Norbert\AppData\Roaming\NVIDIA
[2013.06.27 20:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.06.27 20:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.06.27 20:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.06.27 19:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.26 18:07:12 | 000,029,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.26 18:07:12 | 000,029,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.26 18:05:12 | 000,712,666 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.07.26 18:05:12 | 000,665,198 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.26 18:05:12 | 000,154,602 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.07.26 18:05:12 | 000,126,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.07.26 18:04:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3428010751-2619372767-2291058075-1000UA.job
[2013.07.26 18:00:39 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013.07.26 18:00:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.26 18:00:13 | 2412,437,504 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.25 18:55:38 | 000,007,609 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Resmon.ResmonCfg
[2013.07.25 17:53:31 | 000,000,132 | ---- | M] () -- C:\Users\Norbert\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013.07.25 14:45:50 | 000,000,294 | ---- | M] () -- C:\Users\Norbert\Documents\cc_20130725_144546.reg
[2013.07.25 14:44:48 | 000,000,448 | ---- | M] () -- C:\Users\Norbert\Documents\cc_20130725_144114.reg
[2013.07.25 13:04:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3428010751-2619372767-2291058075-1000Core.job
[2013.07.25 11:08:27 | 000,000,228 | ---- | M] () -- C:\Windows\tasks\CDHArchiv.job
[2013.07.24 15:24:45 | 000,000,262 | ---- | M] () -- C:\Windows\hpbafd.ini
[2013.07.23 20:19:02 | 000,811,162 | ---- | M] () -- C:\Users\Norbert\Desktop\AKJN.cdr
[2013.07.20 18:13:25 | 000,001,038 | ---- | M] () -- C:\Users\Norbert\Documents\cc_20130720_181321.reg
[2013.07.18 15:37:24 | 000,689,273 | ---- | M] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz1EPS.eps
[2013.07.18 15:35:55 | 000,548,298 | ---- | M] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz1E.pdf
[2013.07.18 15:34:14 | 001,024,388 | ---- | M] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz1X.pdf
[2013.07.18 15:33:22 | 000,847,022 | ---- | M] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz1.pdf
[2013.07.18 15:29:14 | 002,714,905 | ---- | M] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz1.ai
[2013.07.18 15:27:32 | 002,710,456 | ---- | M] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz.ai
[2013.07.18 15:26:35 | 001,307,848 | ---- | M] () -- C:\Users\Norbert\Desktop\Vorderseite2.cdr
[2013.07.18 15:25:17 | 004,744,878 | ---- | M] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz.eps
[2013.07.18 15:05:10 | 001,317,204 | ---- | M] () -- C:\Users\Norbert\Desktop\Sicherungskopie_von_Vorderseite2.cdr
[2013.07.18 15:04:30 | 001,639,604 | ---- | M] () -- C:\Users\Norbert\Desktop\Vorderseite1.cdr
[2013.07.18 15:02:24 | 000,589,708 | ---- | M] () -- C:\Users\Norbert\Desktop\UnterkartonKurve.cdr
[2013.07.18 14:27:23 | 000,847,012 | ---- | M] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz.pdf
[2013.07.18 14:27:08 | 000,592,354 | ---- | M] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307Unterkarton_Rz.pdf
[2013.07.18 14:26:55 | 000,398,371 | ---- | M] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307_Control.pdf
[2013.07.18 11:25:16 | 000,003,190 | ---- | M] () -- C:\Users\Norbert\Desktop\Grafik1export.ai
[2013.07.18 11:24:43 | 000,003,186 | ---- | M] () -- C:\Users\Norbert\Desktop\Grafik1.ai
[2013.07.17 15:34:42 | 000,250,886 | ---- | M] () -- C:\Users\Norbert\Desktop\FMGC_ logo seul.pdf
[2013.07.17 15:34:30 | 000,672,570 | ---- | M] () -- C:\Users\Norbert\Desktop\FMGC_ logo seul.eps
[2013.07.17 15:34:19 | 000,235,662 | ---- | M] () -- C:\Users\Norbert\Desktop\FMGC_ logo seul.ai
[2013.07.17 15:06:23 | 001,259,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.07.16 16:31:39 | 000,126,560 | ---- | M] () -- C:\Windows\FontData.fdb
[2013.07.16 16:17:00 | 000,141,796 | ---- | M] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307TitelBd_Typofarbe.pdf
[2013.07.15 15:13:55 | 000,002,002 | -H-- | M] () -- C:\Users\Norbert\Documents\Default.rdp
[2013.07.13 18:29:42 | 000,001,105 | ---- | M] () -- C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
[2013.07.13 15:15:26 | 000,001,698 | ---- | M] () -- C:\Users\Norbert\Documents\cc_20130713_151459.reg
[2013.07.12 19:37:42 | 000,083,372 | ---- | M] () -- C:\Users\Norbert\Desktop\StAc_Brotbox2013_120x73_x3.cdr
[2013.07.12 19:32:55 | 001,541,302 | ---- | M] () -- C:\Users\Norbert\Desktop\StAc_Brotbox2013_120x73_x3.pdf
[2013.07.11 12:54:27 | 000,039,510 | ---- | M] () -- C:\Users\Norbert\Desktop\Unbenannt-1w.cdr
[2013.07.11 12:09:53 | 001,247,506 | ---- | M] () -- C:\Users\Norbert\Desktop\KV1.cdr
[2013.07.11 12:07:03 | 000,042,794 | ---- | M] () -- C:\Users\Norbert\Desktop\Unbenannt-5.cdr
[2013.07.11 11:58:32 | 002,241,059 | ---- | M] () -- C:\Users\Norbert\Desktop\Unbenannt-4.jpg
[2013.07.10 19:15:10 | 000,000,537 | -H-- | M] () -- C:\Windows\System32\GelSprinter GX 7000.CAC
[2013.07.10 12:10:33 | 003,991,401 | ---- | M] () -- C:\Users\Norbert\Desktop\Wiedem5105a.jpg
[2013.07.09 08:25:48 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.05 19:33:35 | 000,013,554 | ---- | M] () -- C:\Users\Norbert\Documents\cc_20130705_193317.reg
[2013.07.05 19:23:07 | 033,829,376 | ---- | M] () -- C:\Users\Norbert\Desktop\Firmenbroschuere1.pdf
[2013.07.04 17:41:27 | 002,309,838 | ---- | M] () -- C:\Users\Norbert\Desktop\IMGP6469.jpg
[2013.07.04 10:29:19 | 000,000,907 | ---- | M] () -- C:\Program Files\Programme - Verknüpfung.lnk
[2013.07.03 12:30:32 | 020,553,576 | ---- | M] (Simply Super Software                                       ) -- C:\Program Files\trjsetup687.exe
[2013.07.02 19:57:52 | 000,000,000 | ---- | M] () -- C:\Users\Norbert\windowsupdate.exe
[2013.07.02 15:54:00 | 000,212,657 | ---- | M] () -- C:\Users\Norbert\Desktop\Reiniger.pdf
[2013.07.02 15:17:41 | 000,794,912 | ---- | M] () -- C:\Users\Norbert\Desktop\BK-Logo-mit-Claim.cdr
[2013.07.02 15:16:54 | 000,375,362 | ---- | M] () -- C:\Users\Norbert\Desktop\BK-Logo-mit-Claim_1.cdr
[2013.07.02 14:42:50 | 000,830,924 | ---- | M] () -- C:\Users\Norbert\Desktop\BK-Logo-mit-Claim1gelb.jpg
[2013.07.02 14:31:24 | 000,671,229 | ---- | M] () -- C:\Users\Norbert\Desktop\BK-Logo-mit-Claim1.jpg
[2013.07.02 14:23:07 | 001,496,768 | ---- | M] () -- C:\Users\Norbert\Desktop\BK-Logo-mit-Claim.eps
[2013.07.02 14:22:03 | 003,432,049 | ---- | M] () -- C:\Users\Norbert\Desktop\BK-Logo-mit-Claim.pdf
[2013.06.29 16:15:16 | 095,023,320 | ---- | M] () -- C:\ProgramData\mjqwf.pad
[2013.06.27 11:26:19 | 000,346,331 | ---- | M] () -- C:\Users\Norbert\Desktop\Buller Einschaltseite.pdf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.25 18:55:38 | 000,007,609 | ---- | C] () -- C:\Users\Norbert\AppData\Local\Resmon.ResmonCfg
[2013.07.25 14:45:48 | 000,000,294 | ---- | C] () -- C:\Users\Norbert\Documents\cc_20130725_144546.reg
[2013.07.25 14:43:25 | 000,000,448 | ---- | C] () -- C:\Users\Norbert\Documents\cc_20130725_144114.reg
[2013.07.23 17:14:00 | 000,811,162 | ---- | C] () -- C:\Users\Norbert\Desktop\AKJN.cdr
[2013.07.20 18:13:22 | 000,001,038 | ---- | C] () -- C:\Users\Norbert\Documents\cc_20130720_181321.reg
[2013.07.20 16:29:21 | 000,196,608 | ---- | C] () -- C:\ProgramData\b9nii.dat
[2013.07.18 15:37:23 | 000,689,273 | ---- | C] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz1EPS.eps
[2013.07.18 15:35:54 | 000,548,298 | ---- | C] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz1E.pdf
[2013.07.18 15:34:11 | 001,024,388 | ---- | C] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz1X.pdf
[2013.07.18 15:33:22 | 000,847,022 | ---- | C] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz1.pdf
[2013.07.18 15:29:11 | 002,714,905 | ---- | C] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz1.ai
[2013.07.18 15:27:30 | 002,710,456 | ---- | C] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz.ai
[2013.07.18 15:26:35 | 001,317,204 | ---- | C] () -- C:\Users\Norbert\Desktop\Sicherungskopie_von_Vorderseite2.cdr
[2013.07.18 15:25:13 | 004,744,878 | ---- | C] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz.eps
[2013.07.18 15:05:07 | 001,307,848 | ---- | C] () -- C:\Users\Norbert\Desktop\Vorderseite2.cdr
[2013.07.18 15:04:30 | 001,639,604 | ---- | C] () -- C:\Users\Norbert\Desktop\Vorderseite1.cdr
[2013.07.18 15:02:24 | 000,589,708 | ---- | C] () -- C:\Users\Norbert\Desktop\UnterkartonKurve.cdr
[2013.07.18 14:27:23 | 000,847,012 | ---- | C] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz.pdf
[2013.07.18 14:27:08 | 000,592,354 | ---- | C] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307Unterkarton_Rz.pdf
[2013.07.18 14:25:00 | 000,398,371 | ---- | C] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307_Control.pdf
[2013.07.18 11:25:14 | 000,003,190 | ---- | C] () -- C:\Users\Norbert\Desktop\Grafik1export.ai
[2013.07.18 11:24:39 | 000,003,186 | ---- | C] () -- C:\Users\Norbert\Desktop\Grafik1.ai
[2013.07.17 15:34:39 | 000,250,886 | ---- | C] () -- C:\Users\Norbert\Desktop\FMGC_ logo seul.pdf
[2013.07.17 15:34:27 | 000,672,570 | ---- | C] () -- C:\Users\Norbert\Desktop\FMGC_ logo seul.eps
[2013.07.17 15:34:15 | 000,235,662 | ---- | C] () -- C:\Users\Norbert\Desktop\FMGC_ logo seul.ai
[2013.07.16 16:17:00 | 000,141,796 | ---- | C] () -- C:\Users\Norbert\Desktop\BiPr_Tischkal1307TitelBd_Typofarbe.pdf
[2013.07.13 18:29:42 | 000,001,105 | ---- | C] () -- C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
[2013.07.13 15:15:02 | 000,001,698 | ---- | C] () -- C:\Users\Norbert\Documents\cc_20130713_151459.reg
[2013.07.12 19:37:42 | 000,083,372 | ---- | C] () -- C:\Users\Norbert\Desktop\StAc_Brotbox2013_120x73_x3.cdr
[2013.07.12 19:32:55 | 001,541,302 | ---- | C] () -- C:\Users\Norbert\Desktop\StAc_Brotbox2013_120x73_x3.pdf
[2013.07.11 12:54:22 | 000,039,510 | ---- | C] () -- C:\Users\Norbert\Desktop\Unbenannt-1w.cdr
[2013.07.11 12:09:53 | 001,247,506 | ---- | C] () -- C:\Users\Norbert\Desktop\KV1.cdr
[2013.07.11 12:07:03 | 000,042,794 | ---- | C] () -- C:\Users\Norbert\Desktop\Unbenannt-5.cdr
[2013.07.11 11:58:26 | 002,241,059 | ---- | C] () -- C:\Users\Norbert\Desktop\Unbenannt-4.jpg
[2013.07.10 12:10:30 | 003,991,401 | ---- | C] () -- C:\Users\Norbert\Desktop\Wiedem5105a.jpg
[2013.07.05 19:33:20 | 000,013,554 | ---- | C] () -- C:\Users\Norbert\Documents\cc_20130705_193317.reg
[2013.07.05 19:22:47 | 033,829,376 | ---- | C] () -- C:\Users\Norbert\Desktop\Firmenbroschuere1.pdf
[2013.07.04 17:41:25 | 002,309,838 | ---- | C] () -- C:\Users\Norbert\Desktop\IMGP6469.jpg
[2013.07.04 10:29:19 | 000,000,907 | ---- | C] () -- C:\Program Files\Programme - Verknüpfung.lnk
[2013.07.02 19:57:52 | 000,000,000 | ---- | C] () -- C:\Users\Norbert\windowsupdate.exe
[2013.07.02 15:54:00 | 000,212,657 | ---- | C] () -- C:\Users\Norbert\Desktop\Reiniger.pdf
[2013.07.02 15:13:31 | 000,375,362 | ---- | C] () -- C:\Users\Norbert\Desktop\BK-Logo-mit-Claim_1.cdr
[2013.07.02 14:45:44 | 000,794,912 | ---- | C] () -- C:\Users\Norbert\Desktop\BK-Logo-mit-Claim.cdr
[2013.07.02 14:42:47 | 000,830,924 | ---- | C] () -- C:\Users\Norbert\Desktop\BK-Logo-mit-Claim1gelb.jpg
[2013.07.02 14:31:17 | 000,671,229 | ---- | C] () -- C:\Users\Norbert\Desktop\BK-Logo-mit-Claim1.jpg
[2013.07.02 14:23:06 | 001,496,768 | ---- | C] () -- C:\Users\Norbert\Desktop\BK-Logo-mit-Claim.eps
[2013.07.02 14:22:03 | 003,432,049 | ---- | C] () -- C:\Users\Norbert\Desktop\BK-Logo-mit-Claim.pdf
[2013.06.29 16:14:32 | 095,023,320 | ---- | C] () -- C:\ProgramData\mjqwf.pad
[2013.06.27 11:26:18 | 000,346,331 | ---- | C] () -- C:\Users\Norbert\Desktop\Buller Einschaltseite.pdf
[2013.06.23 17:22:16 | 095,023,320 | ---- | C] () -- C:\ProgramData\jejvo.pad
[2013.05.18 19:50:51 | 000,600,403 | ---- | C] () -- C:\Users\Norbert\6029309.exe
[2013.05.12 19:57:25 | 000,011,776 | ---- | C] () -- C:\Users\Norbert\2f539dpvqv5xt.exe
[2013.05.12 19:38:50 | 000,011,776 | ---- | C] () -- C:\Users\Norbert\dt2lf3vtcjeoc.exe
[2013.05.12 19:22:07 | 000,011,776 | ---- | C] () -- C:\Users\Norbert\tha9bx10soome.exe
[2013.05.12 19:21:52 | 000,011,776 | ---- | C] () -- C:\Users\Norbert\qn6c62m15xx71.exe
[2013.05.12 19:21:35 | 000,006,075 | ---- | C] () -- C:\Program Files\PUVDOZb5.dat
[2013.05.12 19:21:33 | 000,011,776 | ---- | C] () -- C:\Users\Norbert\7yz12gie5suc1.exe
[2013.05.10 20:34:14 | 000,010,240 | ---- | C] () -- C:\Users\Norbert\wcry02lb1a04w.exe
[2013.05.10 20:33:38 | 000,010,240 | ---- | C] () -- C:\Users\Norbert\qow7m7yo8m9ey.exe
[2013.05.10 20:33:27 | 000,005,562 | ---- | C] () -- C:\Program Files\STSHMVba.dat
[2013.05.10 20:33:26 | 000,010,240 | ---- | C] () -- C:\Users\Norbert\ubsz5zfnwigk2.exe
[2013.04.23 21:18:08 | 095,023,320 | ---- | C] () -- C:\ProgramData\7ot97.pad
[2013.04.23 20:30:32 | 095,023,320 | ---- | C] () -- C:\ProgramData\lej2ir.pad
[2013.04.12 13:39:48 | 000,000,132 | ---- | C] () -- C:\Users\Norbert\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2013.03.30 17:41:55 | 000,000,004 | ---- | C] () -- C:\Users\Norbert\AppData\Roaming\AltShell.ini
[2013.03.23 13:44:46 | 000,000,094 | ---- | C] () -- C:\Windows\fnerr.dat
[2013.03.17 21:10:58 | 095,023,320 | ---- | C] () -- C:\ProgramData\9003546.pad
[2013.03.13 20:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2013.02.26 21:23:36 | 095,023,320 | ---- | C] () -- C:\ProgramData\2249601.pad
[2013.02.13 16:00:36 | 000,000,095 | ---- | C] () -- C:\Users\Norbert\AppData\Local\fusioncache.dat
[2013.02.13 10:49:17 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\IMPLODE.DLL
[2013.02.13 10:49:05 | 000,061,440 | ---- | C] () -- C:\Windows\System32\U25STORE.DLL
[2013.02.13 10:49:05 | 000,059,904 | ---- | C] () -- C:\Windows\System32\U25TOTAL.DLL
[2013.02.13 10:49:05 | 000,040,960 | ---- | C] () -- C:\Windows\System32\u2lbar.dll
[2012.12.05 11:02:58 | 000,207,872 | ---- | C] () -- C:\Windows\System32\PATCHW32.DLL
[2012.10.25 12:17:53 | 000,053,248 | ---- | C] () -- C:\Windows\exitwx.exe
[2012.10.19 16:27:00 | 000,525,824 | ---- | C] () -- C:\Program Files\fonts.exe
[2012.10.02 16:14:02 | 000,047,713 | ---- | C] () -- C:\Windows\System32\drivers\HCDisk.sys
[2012.10.02 16:12:34 | 000,006,144 | ---- | C] () -- C:\Windows\System32\drivers\sioctl.sys
[2012.09.13 18:23:12 | 000,000,262 | ---- | C] () -- C:\Windows\hpbafd.ini
[2012.08.25 13:15:39 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.08.24 12:42:12 | 000,000,132 | ---- | C] () -- C:\Users\Norbert\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.08.24 08:46:03 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.08.23 14:22:41 | 000,959,683 | ---- | C] () -- C:\Windows\System32\RCDAD140.DLL
[2012.08.23 14:22:41 | 000,034,816 | ---- | C] ( ) -- C:\Windows\System32\RC00C140.dll
[2012.08.23 14:22:41 | 000,000,148 | ---- | C] () -- C:\Windows\ricdb.ini
[2012.08.23 14:22:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\RPCS.ini
[2012.08.23 11:37:51 | 000,000,401 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.08.23 09:22:13 | 000,712,666 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.08.23 09:22:13 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.08.23 09:22:13 | 000,154,602 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.08.23 09:22:13 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012.08.22 17:43:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.22 17:36:13 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012.08.22 17:35:47 | 002,261,764 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat
[2012.07.28 03:30:54 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.07.28 03:30:54 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.07.27 22:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.04.12 21:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.03.25 21:14:22 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Bauvq
[2012.08.23 12:11:21 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Bitstream
[2012.08.23 15:35:44 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Canon
[2013.02.13 16:01:46 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\CDH GmbH
[2012.08.24 19:26:32 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013.03.08 21:27:52 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Cuoz
[2012.10.19 16:09:32 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\DownloadAcceleratorPackages
[2013.04.12 20:05:50 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Eqwado
[2013.03.08 21:27:52 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Hocuor
[2013.03.14 13:52:27 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Hyekci
[2012.08.23 12:18:01 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\IcoFX
[2013.04.12 20:05:50 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Keno
[2013.06.13 14:21:31 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\mbams
[2013.07.26 14:46:26 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\mirkes.de
[2013.04.07 19:42:59 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Mofug
[2013.04.12 20:05:50 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Neinka
[2013.05.03 11:24:20 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Ohqego
[2013.04.10 19:42:57 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Ohxyy
[2013.03.08 20:53:19 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Poekn
[2013.05.10 20:33:27 | 000,000,000 | RHSD | M] -- C:\Users\Norbert\AppData\Roaming\Ppugfuy
[2013.06.03 13:41:59 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Pypi
[2013.07.27 03:14:00 | 000,000,000 | RHSD | M] -- C:\Users\Norbert\AppData\Roaming\Qsrmpsz
[2013.03.08 21:27:52 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Rubo
[2012.08.24 18:52:09 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.08.23 11:27:47 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Stardock
[2012.12.05 11:42:34 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\TeamViewer
[2013.03.08 20:53:19 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Tukiu
[2013.05.17 20:29:36 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Uheci
[2013.07.05 13:35:39 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Ukty
[2013.03.27 12:27:58 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Uvygty
[2013.04.12 11:17:07 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Viak
[2012.08.23 11:42:13 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Windows Home Server
[2013.06.23 18:34:56 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\winlogon
[2012.08.23 10:47:19 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Winsplit Revolution
 
========== Purity Check ==========
 
 

< End of report >
         

--- --- ---

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

First
FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2013
Ran by Norbert (administrator) on 29-07-2013 08:53:21
Running from C:\Users\Norbert\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Electronics for Imaging, Inc.) C:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
(Electronics for Imaging, Inc.) C:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Server.exe
(Electronics For Imaging) C:\Program Files\Fiery\Applications3\Fiery Bridge\x86\MailboxSyncService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\Norbert\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSTrayApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Fred's Software Company) C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Printkey.exe
(CDH GmbH) C:\CDH_CRM\TAPI2Base.exe
(Google Inc.) C:\Users\Norbert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Norbert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Norbert\AppData\Local\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Users\Norbert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Norbert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Norbert\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Users\Norbert\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252136 2011-05-04] (Sun Microsystems, Inc.)
HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-14] (CANON INC.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [Google Update] - C:\Users\Norbert\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-22] (Google Inc.)
HKCU\...\Run: [ISUSPM Startup] - c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKCU\...\Run: [Ythoeliky] - C:\Users\Norbert\AppData\Roaming\Tukiu\moyxh.exe [241456 2012-12-05] ()
MountPoints2: {ef74e082-ec70-11e1-898b-bc5ff43ad264} - E:\SETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CRM Customer Relationship Management.lnk
ShortcutTarget: CRM Customer Relationship Management.lnk -> C:\Windows\Installer\{10D722C0-C717-4D19-BDA0-105C5DD51A2A}\_294823.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EFI ES-1000.lnk
ShortcutTarget: EFI ES-1000.lnk -> C:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Notifier.exe (Electronics for Imaging, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk
ShortcutTarget: Windows Home Server.lnk -> C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)
Startup: C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Printkey.exe (Fred's Software Company)
Startup: C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - %programfiles%\Internet Explorer\iexplore.exe
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{B34D42C6-68EB-4E24-855E-58506F5252C2}: [NameServer]192.168.4.1

FireFox:
========
FF ProfilePath: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\0wkjrii8.default
FF user.js: detected! => C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\0wkjrii8.default\user.js
FF Homepage: about:home
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3242337&SearchSource=2&q=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Norbert\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Norbert\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\0wkjrii8.default\searchplugins\conduit.xml
FF Extension: gTranslator - C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\0wkjrii8.default\Extensions\jyboy.yy@gmail.com
FF Extension: translator - C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\0wkjrii8.default\Extensions\translator@zoli.bod.xpi
FF Extension: No Name - C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\0wkjrii8.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Norbert\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Norbert\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Norbert\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 7) - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Norbert\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Extension: (Google Docs) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Gmail) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-08-06] (Advanced Micro Devices, Inc.)
R2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [239472 2011-01-10] (Microsoft Corporation)
R2 EFI ES1000; C:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe [11776 2009-10-19] (Electronics for Imaging, Inc.)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [97136 2011-01-10] (Microsoft Corporation)
R2 Fiery Bridge Mailbox Synchronization; C:\Program Files\Fiery\Applications3\Fiery Bridge\x86\MailboxSyncService.exe [114688 2011-05-27] (Electronics For Imaging)
S3 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [376688 2011-01-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [356864 2010-09-27] (SafeNet Inc.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [15656 2011-05-10] (Windows (R) Win 7 DDK provider)
S3 AVEO; C:\Windows\System32\DRIVERS\dcnt.sys [240896 2012-05-31] (UVC)
R3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [44928 2011-07-29] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [64256 2011-07-29] (Etron Technology Inc)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 SIoctl; c:\windows\system32\drivers\sioctl.sys [6144 2008-04-25] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-29 08:52 - 2013-07-29 08:52 - 01221130 _____ (Farbar) C:\Users\Norbert\Downloads\FRST.exe
2013-07-29 08:49 - 2013-07-29 08:51 - 563934504 _____ (Microsoft Corporation) C:\Users\Norbert\Downloads\windows6.1-KB976932-X86.exe
2013-07-26 20:09 - 2013-07-26 20:09 - 00000298 _____ C:\Windows\PFRO.log
2013-07-26 19:37 - 2013-07-26 18:30 - 00377856 _____ C:\Users\Norbert\Desktop\gmer_2.1.19163.exe
2013-07-26 19:27 - 2013-07-26 19:27 - 00524394 _____ C:\Users\Norbert\Desktop\GMER.log
2013-07-26 18:30 - 2013-07-26 18:30 - 00377856 _____ C:\Users\Norbert\Downloads\gmer_2.1.19163.exe
2013-07-26 16:19 - 2013-07-27 03:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-26 16:17 - 2013-07-27 03:50 - 00000000 ____D C:\Windows\system32\MRT
2013-07-26 14:46 - 2013-07-26 14:46 - 00000000 ____D C:\Users\Norbert\AppData\Roaming\mirkes.de
2013-07-26 14:46 - 2013-07-26 14:46 - 00000000 ____D C:\Program Files\mirkes.de
2013-07-26 14:43 - 2013-07-27 03:13 - 00000000 ____D C:\Users\Norbert\Desktop\8 gb
2013-07-26 08:26 - 2013-07-29 08:47 - 00000616 _____ C:\Windows\setupact.log
2013-07-26 08:26 - 2013-07-26 08:26 - 00000000 _____ C:\Windows\setuperr.log
2013-07-25 18:55 - 2013-07-25 18:55 - 00007609 _____ C:\Users\Norbert\AppData\Local\Resmon.ResmonCfg
2013-07-25 14:45 - 2013-07-25 14:45 - 00000294 _____ C:\Users\Norbert\Documents\cc_20130725_144546.reg
2013-07-25 14:43 - 2013-07-25 14:44 - 00000448 _____ C:\Users\Norbert\Documents\cc_20130725_144114.reg
2013-07-23 17:14 - 2013-07-23 20:19 - 00811162 _____ C:\Users\Norbert\Desktop\AKJN.cdr
2013-07-20 18:13 - 2013-07-20 18:13 - 00001038 _____ C:\Users\Norbert\Documents\cc_20130720_181321.reg
2013-07-18 15:37 - 2013-07-18 15:37 - 00689273 _____ C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz1EPS.eps
2013-07-18 15:29 - 2013-07-18 15:29 - 02714905 _____ C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz1.ai
2013-07-18 15:27 - 2013-07-18 15:27 - 02710456 _____ C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz.ai
2013-07-18 15:26 - 2013-07-18 15:05 - 01317204 _____ C:\Users\Norbert\Desktop\Sicherungskopie_von_Vorderseite2.cdr
2013-07-18 15:25 - 2013-07-18 15:25 - 04744878 _____ C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz.eps
2013-07-18 15:05 - 2013-07-18 15:26 - 01307848 _____ C:\Users\Norbert\Desktop\Vorderseite2.cdr
2013-07-18 15:04 - 2013-07-18 15:04 - 01639604 _____ C:\Users\Norbert\Desktop\Vorderseite1.cdr
2013-07-18 15:02 - 2013-07-18 15:02 - 00589708 _____ C:\Users\Norbert\Desktop\UnterkartonKurve.cdr
2013-07-18 11:25 - 2013-07-18 11:25 - 00003190 _____ C:\Users\Norbert\Desktop\Grafik1export.ai
2013-07-18 11:24 - 2013-07-18 11:24 - 00003186 _____ C:\Users\Norbert\Desktop\Grafik1.ai
2013-07-17 15:34 - 2013-07-17 15:34 - 00672570 _____ C:\Users\Norbert\Desktop\FMGC_ logo seul.eps
2013-07-17 15:34 - 2013-07-17 15:34 - 00235662 _____ C:\Users\Norbert\Desktop\FMGC_ logo seul.ai
2013-07-14 20:07 - 2013-07-27 11:03 - 00985087 _____ C:\Windows\WindowsUpdate.log
2013-07-13 15:15 - 2013-07-13 15:15 - 00001698 _____ C:\Users\Norbert\Documents\cc_20130713_151459.reg
2013-07-12 21:15 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 21:15 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 21:15 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 21:15 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 21:15 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 21:15 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 21:15 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 21:15 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 21:15 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 21:15 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 21:15 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 21:15 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 21:15 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 21:15 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 21:15 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 21:15 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 19:37 - 2013-07-12 19:37 - 00083372 _____ C:\Users\Norbert\Desktop\StAc_Brotbox2013_120x73_x3.cdr
2013-07-12 08:30 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 08:30 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 08:30 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 08:30 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 12:54 - 2013-07-11 12:54 - 00039510 _____ C:\Users\Norbert\Desktop\Unbenannt-1w.cdr
2013-07-11 12:09 - 2013-07-11 12:09 - 01247506 _____ C:\Users\Norbert\Desktop\KV1.cdr
2013-07-11 12:07 - 2013-07-11 12:07 - 00042794 _____ C:\Users\Norbert\Desktop\Unbenannt-5.cdr
2013-07-05 19:33 - 2013-07-05 19:33 - 00013554 _____ C:\Users\Norbert\Documents\cc_20130705_193317.reg
2013-07-05 13:06 - 2013-07-05 13:06 - 00000000 _____ C:\Users\Norbert\Desktop\Textdokument.txt
2013-07-04 10:29 - 2013-07-04 10:29 - 00000907 _____ C:\Program Files\Programme - Verknüpfung.lnk
2013-07-03 12:31 - 2013-07-04 10:37 - 00000000 ____D C:\Program Files\Trojan Remover
2013-07-03 12:30 - 2013-07-03 12:30 - 20553576 _____ (Simply Super Software                                       ) C:\Program Files\trjsetup687.exe
2013-07-02 19:57 - 2013-07-02 19:57 - 00000000 _____ C:\Users\Norbert\windowsupdate.exe
2013-07-02 15:13 - 2013-07-02 15:16 - 00375362 _____ C:\Users\Norbert\Desktop\BK-Logo-mit-Claim_1.cdr
2013-07-02 14:45 - 2013-07-02 15:17 - 00794912 _____ C:\Users\Norbert\Desktop\BK-Logo-mit-Claim.cdr
2013-07-02 14:23 - 2013-07-02 14:23 - 01496768 _____ C:\Users\Norbert\Desktop\BK-Logo-mit-Claim.eps
2013-06-29 16:14 - 2013-06-29 16:15 - 95023320 ____T C:\ProgramData\mjqwf.pad
110

==================== One Month Modified Files and Folders =======

2013-07-29 08:52 - 2013-07-29 08:52 - 01221130 _____ (Farbar) C:\Users\Norbert\Downloads\FRST.exe
2013-07-29 08:51 - 2013-07-29 08:49 - 563934504 _____ (Microsoft Corporation) C:\Users\Norbert\Downloads\windows6.1-KB976932-X86.exe
2013-07-29 08:51 - 2013-07-14 20:07 - 00985087 _____ C:\Windows\WindowsUpdate.log
2013-07-29 08:51 - 2012-08-22 17:36 - 01655728 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-29 08:47 - 2013-07-26 08:26 - 00000616 _____ C:\Windows\setupact.log
2013-07-29 08:47 - 2013-02-13 14:18 - 00000000 ____D C:\CDH_CRM
2013-07-29 08:47 - 2012-08-22 18:09 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2013-07-29 08:47 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-27 11:04 - 2012-08-22 17:56 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3428010751-2619372767-2291058075-1000UA.job
2013-07-27 11:00 - 2013-02-22 19:12 - 00000228 _____ C:\Windows\Tasks\CDHArchiv.job
2013-07-27 03:54 - 2009-07-14 06:34 - 00029728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-27 03:54 - 2009-07-14 06:34 - 00029728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-27 03:52 - 2013-07-26 16:17 - 00000000 ____D C:\Windows\system32\MRT
2013-07-27 03:14 - 2013-05-12 19:21 - 00000000 _RSHD C:\Users\Norbert\AppData\Roaming\Qsrmpsz
2013-07-27 03:14 - 2012-08-23 09:22 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-07-27 03:14 - 2012-08-22 17:32 - 00000000 ____D C:\Users\Norbert
2013-07-27 03:14 - 2009-07-14 06:56 - 00000000 ____D C:\Windows\system32\WCN
2013-07-27 03:14 - 2009-07-14 06:56 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2013-07-27 03:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-07-27 03:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-07-27 03:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\com
2013-07-27 03:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-07-27 03:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\L2Schemas
2013-07-27 03:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-07-27 03:13 - 2013-07-26 16:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-27 03:13 - 2013-07-26 14:43 - 00000000 ____D C:\Users\Norbert\Desktop\8 gb
2013-07-27 03:13 - 2013-05-12 19:21 - 00000000 _RSHD C:\Program Files\Oxtf
2013-07-27 03:13 - 2012-08-22 18:33 - 00000000 ____D C:\Program Files\DirecType Suite 3.0
2013-07-27 03:13 - 2012-08-22 17:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-27 03:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-07-27 03:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-26 20:09 - 2013-07-26 20:09 - 00000298 _____ C:\Windows\PFRO.log
2013-07-26 20:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Vss
2013-07-26 19:27 - 2013-07-26 19:27 - 00524394 _____ C:\Users\Norbert\Desktop\GMER.log
2013-07-26 18:30 - 2013-07-26 19:37 - 00377856 _____ C:\Users\Norbert\Desktop\gmer_2.1.19163.exe
2013-07-26 18:30 - 2013-07-26 18:30 - 00377856 _____ C:\Users\Norbert\Downloads\gmer_2.1.19163.exe
2013-07-26 14:46 - 2013-07-26 14:46 - 00000000 ____D C:\Users\Norbert\AppData\Roaming\mirkes.de
2013-07-26 14:46 - 2013-07-26 14:46 - 00000000 ____D C:\Program Files\mirkes.de
2013-07-26 08:26 - 2013-07-26 08:26 - 00000000 _____ C:\Windows\setuperr.log
2013-07-25 18:55 - 2013-07-25 18:55 - 00007609 _____ C:\Users\Norbert\AppData\Local\Resmon.ResmonCfg
2013-07-25 17:53 - 2012-08-24 12:42 - 00000132 _____ C:\Users\Norbert\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-07-25 14:45 - 2013-07-25 14:45 - 00000294 _____ C:\Users\Norbert\Documents\cc_20130725_144546.reg
2013-07-25 14:44 - 2013-07-25 14:43 - 00000448 _____ C:\Users\Norbert\Documents\cc_20130725_144114.reg
2013-07-25 13:04 - 2012-08-22 17:56 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3428010751-2619372767-2291058075-1000Core.job
2013-07-24 15:24 - 2012-09-13 18:23 - 00000262 _____ C:\Windows\hpbafd.ini
2013-07-23 20:19 - 2013-07-23 17:14 - 00811162 _____ C:\Users\Norbert\Desktop\AKJN.cdr
2013-07-20 18:13 - 2013-07-20 18:13 - 00001038 _____ C:\Users\Norbert\Documents\cc_20130720_181321.reg
2013-07-18 15:37 - 2013-07-18 15:37 - 00689273 _____ C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz1EPS.eps
2013-07-18 15:29 - 2013-07-18 15:29 - 02714905 _____ C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz1.ai
2013-07-18 15:27 - 2013-07-18 15:27 - 02710456 _____ C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz.ai
2013-07-18 15:26 - 2013-07-18 15:05 - 01307848 _____ C:\Users\Norbert\Desktop\Vorderseite2.cdr
2013-07-18 15:25 - 2013-07-18 15:25 - 04744878 _____ C:\Users\Norbert\Desktop\BiPr_Tischkal1307Titel_Rz.eps
2013-07-18 15:05 - 2013-07-18 15:26 - 01317204 _____ C:\Users\Norbert\Desktop\Sicherungskopie_von_Vorderseite2.cdr
2013-07-18 15:04 - 2013-07-18 15:04 - 01639604 _____ C:\Users\Norbert\Desktop\Vorderseite1.cdr
2013-07-18 15:02 - 2013-07-18 15:02 - 00589708 _____ C:\Users\Norbert\Desktop\UnterkartonKurve.cdr
2013-07-18 11:25 - 2013-07-18 11:25 - 00003190 _____ C:\Users\Norbert\Desktop\Grafik1export.ai
2013-07-18 11:24 - 2013-07-18 11:24 - 00003186 _____ C:\Users\Norbert\Desktop\Grafik1.ai
2013-07-17 15:34 - 2013-07-17 15:34 - 00672570 _____ C:\Users\Norbert\Desktop\FMGC_ logo seul.eps
2013-07-17 15:34 - 2013-07-17 15:34 - 00235662 _____ C:\Users\Norbert\Desktop\FMGC_ logo seul.ai
2013-07-17 15:06 - 2009-07-14 06:33 - 01259544 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-16 16:31 - 2013-03-27 12:31 - 00126560 _____ C:\Windows\FontData.fdb
2013-07-16 16:31 - 2012-08-22 17:44 - 00226936 _____ C:\Users\Norbert\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-15 15:13 - 2012-08-23 13:52 - 00002002 ____H C:\Users\Norbert\Documents\Default.rdp
2013-07-15 08:28 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-13 15:15 - 2013-07-13 15:15 - 00001698 _____ C:\Users\Norbert\Documents\cc_20130713_151459.reg
2013-07-13 13:44 - 2012-08-23 09:22 - 00000000 ____D C:\Windows\PANTHER
2013-07-13 12:39 - 2009-07-14 09:50 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 12:39 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 19:37 - 2013-07-12 19:37 - 00083372 _____ C:\Users\Norbert\Desktop\StAc_Brotbox2013_120x73_x3.cdr
2013-07-11 12:54 - 2013-07-11 12:54 - 00039510 _____ C:\Users\Norbert\Desktop\Unbenannt-1w.cdr
2013-07-11 12:09 - 2013-07-11 12:09 - 01247506 _____ C:\Users\Norbert\Desktop\KV1.cdr
2013-07-11 12:07 - 2013-07-11 12:07 - 00042794 _____ C:\Users\Norbert\Desktop\Unbenannt-5.cdr
2013-07-10 19:15 - 2012-10-25 16:10 - 00000537 ____H C:\Windows\system32\GelSprinter GX 7000.CAC
2013-07-09 08:25 - 2012-10-24 10:42 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-08 11:24 - 2012-09-28 09:07 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-08 11:24 - 2012-09-28 09:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-05 19:33 - 2013-07-05 19:33 - 00013554 _____ C:\Users\Norbert\Documents\cc_20130705_193317.reg
2013-07-05 13:35 - 2013-05-17 20:29 - 00000000 ____D C:\Users\Norbert\AppData\Roaming\Ukty
2013-07-05 13:06 - 2013-07-05 13:06 - 00000000 _____ C:\Users\Norbert\Desktop\Textdokument.txt
2013-07-04 10:37 - 2013-07-03 12:31 - 00000000 ____D C:\Program Files\Trojan Remover
2013-07-04 10:29 - 2013-07-04 10:29 - 00000907 _____ C:\Program Files\Programme - Verknüpfung.lnk
2013-07-03 12:30 - 2013-07-03 12:30 - 20553576 _____ (Simply Super Software                                       ) C:\Program Files\trjsetup687.exe
2013-07-02 19:57 - 2013-07-02 19:57 - 00000000 _____ C:\Users\Norbert\windowsupdate.exe
2013-07-02 15:17 - 2013-07-02 14:45 - 00794912 _____ C:\Users\Norbert\Desktop\BK-Logo-mit-Claim.cdr
2013-07-02 15:16 - 2013-07-02 15:13 - 00375362 _____ C:\Users\Norbert\Desktop\BK-Logo-mit-Claim_1.cdr
2013-07-02 14:23 - 2013-07-02 14:23 - 01496768 _____ C:\Users\Norbert\Desktop\BK-Logo-mit-Claim.eps
2013-06-29 16:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Globalization
2013-06-29 16:15 - 2013-06-29 16:14 - 95023320 ____T C:\ProgramData\mjqwf.pad
2013-06-29 16:14 - 2013-04-23 20:30 - 00000000 _____ C:\ProgramData\as98213.txt
2013-06-29 15:34 - 2012-08-23 10:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3428010751-2619372767-2291058075-1000\$5125c551c61d624e782d26fdc09f1a94

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$5125c551c61d624e782d26fdc09f1a94

Files to move or delete:
====================
C:\ProgramData\2249601.pad
C:\ProgramData\7ot97.pad
C:\ProgramData\9003546.pad
C:\ProgramData\jejvo.pad
C:\ProgramData\lej2ir.pad
C:\ProgramData\mjqwf.pad
C:\Users\Norbert\2f539dpvqv5xt.exe
C:\Users\Norbert\6029309.exe
C:\Users\Norbert\7yz12gie5suc1.exe
C:\Users\Norbert\dt2lf3vtcjeoc.exe
C:\Users\Norbert\qn6c62m15xx71.exe
C:\Users\Norbert\qow7m7yo8m9ey.exe
C:\Users\Norbert\tha9bx10soome.exe
C:\Users\Norbert\ubsz5zfnwigk2.exe
C:\Users\Norbert\wcry02lb1a04w.exe
C:\Users\Norbert\windowsupdate.exe
C:\Users\Norbert\AppData\Roaming\AltShell.ini
C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-26 08:44

==================== End Of Log ============================
         

--- --- ---

--- --- ---


FRST Additions Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-07-2013
Ran by Norbert at 2013-07-29 08:54:10
Running from C:\Users\Norbert\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.0.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Community Help (Version: 3.4.980)
Adobe Content Viewer (Version: 1.4.0)
Adobe Creative Suite 5.5 Master Collection (Version: 5.5)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.149)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader 9 (Version: 9.0.0)
Adobe Widget Browser (Version: 2.0 Build 230)
Adobe Widget Browser (Version: 2.0.230)
AGFEO TK-ServiceProvider3 (x86) (Version: 3.0.12)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0806.1213.19931)
AMD Media Foundation Decoders (Version: 1.0.70727.2219)
AMD USB Filter Driver (Version: 1.0.14.91)
AMD VISION Engine Control Center (Version: 2012.0806.1213.19931)
Apple Application Support (Version: 2.3.3)
Apple Software Update (Version: 2.1.3.127)
ASRock App Charger v1.0.5
ATI AVIVO Codecs (Version: 11.6.0.10524)
Bonjour (Version: 3.0.0.10)
Canon PhotoRecord (Version: 02.02.00013)
Canon Utilities Easy-PrintToolBox
CanoScan LiDE 90
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0806.1213.19931)
Catalyst Control Center InstallProxy (Version: 2012.0806.1213.19931)
Catalyst Control Center Localization All (Version: 2012.0806.1213.19931)
CCC Help Chinese Standard (Version: 2012.0806.1212.19931)
CCC Help Chinese Traditional (Version: 2012.0806.1212.19931)
CCC Help Czech (Version: 2012.0806.1212.19931)
CCC Help Danish (Version: 2012.0806.1212.19931)
CCC Help Dutch (Version: 2012.0806.1212.19931)
CCC Help English (Version: 2012.0806.1212.19931)
CCC Help Finnish (Version: 2012.0806.1212.19931)
CCC Help French (Version: 2012.0806.1212.19931)
CCC Help German (Version: 2012.0806.1212.19931)
CCC Help Greek (Version: 2012.0806.1212.19931)
CCC Help Hungarian (Version: 2012.0806.1212.19931)
CCC Help Italian (Version: 2012.0806.1212.19931)
CCC Help Japanese (Version: 2012.0806.1212.19931)
CCC Help Korean (Version: 2012.0806.1212.19931)
CCC Help Norwegian (Version: 2012.0806.1212.19931)
CCC Help Polish (Version: 2012.0806.1212.19931)
CCC Help Portuguese (Version: 2012.0806.1212.19931)
CCC Help Russian (Version: 2012.0806.1212.19931)
CCC Help Spanish (Version: 2012.0806.1212.19931)
CCC Help Swedish (Version: 2012.0806.1212.19931)
CCC Help Thai (Version: 2012.0806.1212.19931)
CCC Help Turkish (Version: 2012.0806.1212.19931)
ccc-utility (Version: 2012.0806.1213.19931)
CCleaner (Version: 3.21)
CDH CRM-System Version 3.104 (Version: 3.104)
Corel Graphics - Windows Shell Extension (Version: 16.0.0.707)
Corel Graphics - Windows Shell Extension (Version: 16.0.707)
CorelDRAW Graphics Suite X3
CorelDRAW Graphics Suite X3 (Version: 13.2)
CorelDRAW Graphics Suite X6 - BR (Version: 16.0)
CorelDRAW Graphics Suite X6 - Capture (Version: 16.0)
CorelDRAW Graphics Suite X6 - Common (Version: 16.0)
CorelDRAW Graphics Suite X6 - Connect (Version: 16.0)
CorelDRAW Graphics Suite X6 - Custom Data (Version: 16.0)
CorelDRAW Graphics Suite X6 - DE (Version: 16.0)
CorelDRAW Graphics Suite X6 - Draw (Version: 16.0)
CorelDRAW Graphics Suite X6 - EN (Version: 16.0)
CorelDRAW Graphics Suite X6 - ES (Version: 16.0)
CorelDRAW Graphics Suite X6 - Filters (Version: 16.0)
CorelDRAW Graphics Suite X6 - FontNav (Version: 16.0)
CorelDRAW Graphics Suite X6 - FR (Version: 16.0)
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0)
CorelDRAW Graphics Suite X6 - IT (Version: 16.0)
CorelDRAW Graphics Suite X6 - NL (Version: 16.0)
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (Version: 16.0)
CorelDRAW Graphics Suite X6 - Photozoom Plugin (Version: 16.0)
CorelDRAW Graphics Suite X6 - Redist (Version: 16.0)
CorelDRAW Graphics Suite X6 - Setup Files (Version: 16.0)
CorelDRAW Graphics Suite X6 - VBA (Version: 16.0)
CorelDRAW Graphics Suite X6 - VideoBrowser (Version: 16.0)
CorelDRAW Graphics Suite X6 - VSTA (Version: 16.0)
CorelDRAW Graphics Suite X6 - Writing Tools (Version: 16.0)
CorelDRAW Graphics Suite X6 (Version: 16.0)
CorelDRAW Graphics Suite X6 (Version: 16.0.0.707)
CRM Customer Relationship Management (Version: 1.0.0)
Crystal Reports XI Client Setup (Version: 1.0.0.0)
DE (Version: 13.1)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirecType® Version 3.0
Driver Genius Professional Edition (Version: 11.0)
EPSON-Drucker-Software
Etron USB3.0 Host Controller (Version: 0.104)
Fences
Fences (Version: 1.0)
Fiery User Software-5.3.1.10c (Version: 5.0)
FontNav (Version: 5.0)
Google Chrome (HKCU Version: 28.0.1500.72)
HeloCut 4.66 (Version: 4.66)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (Version: 1)
HydraVision (Version: 4.2.206.0)
iCloud (Version: 2.1.2.8)
Java Auto Updater (Version: 2.1.5.1)
Java(TM) 6 Update 37 (Version: 6.0.370)
Java(TM) 7 (Version: 7.0.0)
Jet-Pilot Demo (C:\JetPilot Demo) (Version: 5.01.00)
K-Lite Codec Pack 9.1.0 (Full) (Version: 9.1.0)
Kronen-Design 1.77
Lookeen Version 8.0.0.4802 (Version: 8.0.0.4802)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.285.6)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual Basic for Applications 7.1 (x86) (Version: 7.1.00.00)
Microsoft Visual Basic for Applications 7.1 (x86) English (Version: 7.1.0.0)
Microsoft Visual Basic for Applications 7.1 (x86) German (Version: 7.1.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (Version: 9.0.30729)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Grafiktreiber 307.83 (Version: 307.83)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Systemsteuerung 307.83 (Version: 307.83)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
PDF Settings CS5 (Version: 10.0)
PowerDriver R GX7000 (Version: 3.3.4.2398)
PxMergeModule (Version: 1.00.0000)
Realtek Ethernet Controller Driver (Version: 7.44.421.2011)
Skype Click to Call (Version: 6.3.11079)
Skype™ 5.10 (Version: 5.10.116)
StreamTransport version: 1.0.2.2171
Tinypic 3.18 (Version: Tinypic 3.18)
TinyPicPro 3.18 (Version: TinyPicPro 3.18)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update Manager (Version: 4.60)
Windows Home Server-Connector (Version: 6.0.3436.0)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Fotogalerie (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
 

==================== Restore Points  =========================

10-03-2012 02:00:41 Windows Update
11-03-2012 15:53:09 Windows Update
12-03-2012 13:38:52 Windows Update
19-04-2012 18:53:39 Windows Update
14-05-2012 15:03:03 Windows Update
10-04-2013 09:35:46 Windows Update
02-05-2013 19:04:06 Windows Update
26-07-2013 06:51:13 Geplanter Prüfpunkt
26-07-2013 06:51:36 Sprachpaketdeinstallation
26-07-2013 12:39:04 Windows Update
26-07-2013 14:11:23 Windows Update
26-07-2013 16:11:31 Windows Update
27-07-2013 01:00:50 Windows Update
27-07-2013 01:50:42 Windows Update
28-07-2013 01:00:23 Windows Update
29-07-2013 01:00:23 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2013-05-29 18:13 - 00001332 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 activate.adobe.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobe-dns-5.adobe.com
127.0.0.1 activate.adobe.de
127.0.0.1 practivate.adobe.de
127.0.0.1 ereg.adobe.de
127.0.0.1 activate.wip3.adobe.de
127.0.0.1 wip3.adobe.de

There are 14 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {15B86582-A3A1-4BA6-B5E3-31837834758D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-08] (Adobe Systems Incorporated)
Task: {4222B9AA-8919-430D-B20B-ED6A34B987CD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3428010751-2619372767-2291058075-1000UA => C:\Users\Norbert\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22] (Google Inc.)
Task: {70A8EF51-34ED-4D42-B868-F096BC29ED3A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {7C4C94EF-D5BD-4C11-BE16-D99455E9538F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe No File
Task: {8F447F32-41F4-4F3F-B99A-4198EAAF1891} - System32\Tasks\CDHArchiv => C:\CDH\CDHArchiv.exe [2013-04-04] (CDH)
Task: {9E2F8D45-4371-4812-8DF0-12741FBC688D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3428010751-2619372767-2291058075-1000Core => C:\Users\Norbert\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22] (Google Inc.)
Task: {A5382EBD-D918-4445-9930-B664990B30EE} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {B3A99A87-D131-4172-9A52-EFEA43038D1C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B97F5CE7-81E3-42E5-BABA-C7943FFB6CEC} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {BCE5D7FB-D949-4F2B-9D18-2059542934B3} - System32\Tasks\AdobeAAMUpdater-1.0-Norbert-PC-Norbert => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {DA8590CA-834F-4A83-8B07-0DA6A1666046} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\CDHArchiv.job => C:\CDH\CDHArchiv.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3428010751-2619372767-2291058075-1000Core.job => C:\Users\Norbert\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3428010751-2619372767-2291058075-1000UA.job => C:\Users\Norbert\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/27/2013 11:03:59 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x501fef69
Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e00b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002bdc
ID des fehlerhaften Prozesses: 0x810
Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0
Pfad der fehlerhaften Anwendung: Fuel.Service.exe1
Pfad des fehlerhaften Moduls: Fuel.Service.exe2
Berichtskennung: Fuel.Service.exe3

Error: (07/26/2013 08:39:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x501fef69
Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e00b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002bdc
ID des fehlerhaften Prozesses: 0x814
Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0
Pfad der fehlerhaften Anwendung: Fuel.Service.exe1
Pfad des fehlerhaften Moduls: Fuel.Service.exe2
Berichtskennung: Fuel.Service.exe3

Error: (07/26/2013 08:36:56 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x501fef69
Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e00b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002bdc
ID des fehlerhaften Prozesses: 0x804
Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0
Pfad der fehlerhaften Anwendung: Fuel.Service.exe1
Pfad des fehlerhaften Moduls: Fuel.Service.exe2
Berichtskennung: Fuel.Service.exe3

Error: (07/26/2013 08:08:13 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x501fef69
Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e00b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002bdc
ID des fehlerhaften Prozesses: 0x808
Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0
Pfad der fehlerhaften Anwendung: Fuel.Service.exe1
Pfad des fehlerhaften Moduls: Fuel.Service.exe2
Berichtskennung: Fuel.Service.exe3

Error: (07/26/2013 06:26:24 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x501fef69
Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e00b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002bdc
ID des fehlerhaften Prozesses: 0x484
Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0
Pfad der fehlerhaften Anwendung: Fuel.Service.exe1
Pfad des fehlerhaften Moduls: Fuel.Service.exe2
Berichtskennung: Fuel.Service.exe3

Error: (07/26/2013 06:16:07 PM) (Source: Application Hang) (User: )
Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 8f8

Startzeit: 01ce8a1b2d32b33b

Endzeit: 3

Anwendungspfad: C:\Users\Norbert\Downloads\OTL.exe

Berichts-ID: ab4a6b9d-f60e-11e2-b237-bc5ff43ad264

Error: (07/26/2013 06:10:50 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: msseces.exe, Version: 4.2.223.0, Zeitstempel: 0x51020999
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f01b
ID des fehlerhaften Prozesses: 0x130c
Startzeit der fehlerhaften Anwendung: 0xmsseces.exe0
Pfad der fehlerhaften Anwendung: msseces.exe1
Pfad des fehlerhaften Moduls: msseces.exe2
Berichtskennung: msseces.exe3

Error: (07/26/2013 06:02:56 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_TapiSrv, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000c380b
ID des fehlerhaften Prozesses: 0x5a0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_TapiSrv0
Pfad der fehlerhaften Anwendung: svchost.exe_TapiSrv1
Pfad des fehlerhaften Moduls: svchost.exe_TapiSrv2
Berichtskennung: svchost.exe_TapiSrv3

Error: (07/26/2013 05:32:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x501fef69
Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e00b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002bdc
ID des fehlerhaften Prozesses: 0x4fc
Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0
Pfad der fehlerhaften Anwendung: Fuel.Service.exe1
Pfad des fehlerhaften Moduls: Fuel.Service.exe2
Berichtskennung: Fuel.Service.exe3

Error: (07/26/2013 05:29:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_TapiSrv, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000c380b
ID des fehlerhaften Prozesses: 0x584
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_TapiSrv0
Pfad der fehlerhaften Anwendung: svchost.exe_TapiSrv1
Pfad des fehlerhaften Moduls: svchost.exe_TapiSrv2
Berichtskennung: svchost.exe_TapiSrv3


System errors:
=============
Error: (07/27/2013 11:03:59 AM) (Source: Service Control Manager) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/27/2013 04:33:52 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (07/27/2013 04:33:49 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (07/27/2013 04:33:47 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (07/27/2013 04:33:44 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (07/27/2013 04:33:42 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (07/27/2013 04:33:39 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (07/27/2013 04:33:36 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (07/27/2013 04:33:34 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (07/27/2013 04:33:31 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.


Microsoft Office Sessions:
=========================
Error: (07/27/2013 11:03:59 AM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.0501fef69Device.dll4.1.0.04f55e00bc000000500002bdc81001ce8a6b32e54af6C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll78df9f35-f69b-11e2-a765-bc5ff43ad264

Error: (07/26/2013 08:39:30 PM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.0501fef69Device.dll4.1.0.04f55e00bc000000500002bdc81401ce8a2f5de178b8C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dllb4c633ae-f622-11e2-ac60-bc5ff43ad264

Error: (07/26/2013 08:36:56 PM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.0501fef69Device.dll4.1.0.04f55e00bc000000500002bdc80401ce8a2b4a627639C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll58da4ebc-f622-11e2-b27e-bc5ff43ad264

Error: (07/26/2013 08:08:13 PM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.0501fef69Device.dll4.1.0.04f55e00bc000000500002bdc80801ce8a1d11ca55c9C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll55ab7445-f61e-11e2-ac06-bc5ff43ad264

Error: (07/26/2013 06:26:24 PM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.0501fef69Device.dll4.1.0.04f55e00bc000000500002bdc48401ce8a1946fe7909C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll1c5b52f8-f610-11e2-b237-bc5ff43ad264

Error: (07/26/2013 06:16:07 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.08f801ce8a1b2d32b33b3C:\Users\Norbert\Downloads\OTL.exeab4a6b9d-f60e-11e2-b237-bc5ff43ad264

Error: (07/26/2013 06:10:50 PM) (Source: Application Error)(User: )
Description: msseces.exe4.2.223.051020999unknown0.0.0.000000000c00000050001f01b130c01ce8a1ab1997c6eC:\Program Files\Microsoft Security Client\msseces.exeunknownf0091bb2-f60d-11e2-b237-bc5ff43ad264

Error: (07/26/2013 06:02:56 PM) (Source: Application Error)(User: )
Description: svchost.exe_TapiSrv6.1.7600.163854a5bc100ntdll.dll6.1.7601.177254ec49b60c0000374000c380b5a001ce8a1945969be2C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dlld53c1582-f60c-11e2-b237-bc5ff43ad264

Error: (07/26/2013 05:32:30 PM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.0501fef69Device.dll4.1.0.04f55e00bc000000500002bdc4fc01ce8a14c882aaecC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll9520df10-f608-11e2-a73a-bc5ff43ad264

Error: (07/26/2013 05:29:37 PM) (Source: Application Error)(User: )
Description: svchost.exe_TapiSrv6.1.7600.163854a5bc100ntdll.dll6.1.7601.177254ec49b60c0000374000c380b58401ce8a14c616cb2aC:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll2e1b1b69-f608-11e2-a73a-bc5ff43ad264


CodeIntegrity Errors:
===================================
  Date: 2013-07-24 13:52:38.342
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\aWindowsSchrott\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-24 13:52:38.248
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\aWindowsSchrott\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-24 13:52:38.155
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\aWindowsSchrott\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-24 13:52:37.983
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\aWindowsSchrott\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-24 13:40:25.168
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\aWindowsSchrott\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-24 13:40:25.074
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\aWindowsSchrott\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-24 13:40:24.981
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\aWindowsSchrott\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-24 13:40:24.809
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\aWindowsSchrott\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-24 13:37:37.603
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\aWindowsSchrott\Windows\System32\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-24 13:37:37.510
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\aWindowsSchrott\Windows\System32\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 61%
Total physical RAM: 3067.57 MB
Available physical RAM: 1184.61 MB
Total Pagefile: 6133.44 MB
Available Pagefile: 4041.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:30.1 GB) NTFS
Drive d: (Volume) (Fixed) (Total:465.76 GB) (Free:206.41 GB) NTFS
Drive e: (Kundendaten) (Fixed) (Total:100 GB) (Free:22.09 GB) NTFS
Drive f: () (Fixed) (Total:161.38 GB) (Free:95.59 GB) NTFS
Drive g: (Programme) (Fixed) (Total:80 GB) (Free:40.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (Alte_g_win7_neu) (Fixed) (Total:454.49 GB) (Free:352.66 GB) NTFS
Drive q: () (Removable) (Total:3.69 GB) (Free:3.61 GB) FAT32
Drive w: (DATA) (Network) (Total:911.5 GB) (Free:154.26 GB) NTFS
Drive x: (Volume) (Network) (Total:2048 GB) (Free:1868.03 GB) NTFS
Drive y: () (Network) (Total:1862.92 GB) (Free:1532.77 GB) NTFS
Drive z: (DATA) (Network) (Total:911.5 GB) (Free:154.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 0163E084)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 74640ED0)
Partition 1: (Active) - (Size=80 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=161 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=454 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C22CFCE7)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================
         

--- --- ---

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop

• Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-07-27.01 - Norbert 29.07.2013  10:14:08.1.8 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3068.1611 [GMT 2:00]
ausgeführt von:: c:\users\Norbert\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\2249601.pad
c:\programdata\7ot97.pad
c:\programdata\9003546.pad
c:\programdata\jejvo.pad
c:\programdata\lej2ir.pad
c:\programdata\mjqwf.pad
c:\users\Norbert\2f539dpvqv5xt.exe
c:\users\Norbert\6029309.exe
c:\users\Norbert\7yz12gie5suc1.exe
c:\users\Norbert\AppData\Local\assembly\tmp
c:\users\Norbert\AppData\Local\assembly\tmp\B7L1GGJ8\AddinExpress.MSO.2005.DLL
c:\users\Norbert\AppData\Roaming\Cuoz
c:\users\Norbert\AppData\Roaming\Cuoz\qytie.usk
c:\users\Norbert\AppData\Roaming\Hocuor
c:\users\Norbert\AppData\Roaming\Hocuor\ahor.exe
c:\users\Norbert\AppData\Roaming\Hyekci
c:\users\Norbert\AppData\Roaming\Hyekci\cane.hyy
c:\users\Norbert\AppData\Roaming\Hyekci\cane.tmp
c:\users\Norbert\AppData\Roaming\Keno
c:\users\Norbert\AppData\Roaming\Keno\akwyy.vyh
c:\users\Norbert\AppData\Roaming\mbams\protectbytes.bat
c:\users\Norbert\AppData\Roaming\Microsoft\Windows\Recent\HomePage.url
c:\users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
c:\users\Norbert\AppData\Roaming\Neinka
c:\users\Norbert\AppData\Roaming\Neinka\emle.exe
c:\users\Norbert\AppData\Roaming\Tukiu
c:\users\Norbert\AppData\Roaming\Tukiu\moyxh.exe
c:\users\Norbert\AppData\Roaming\Winlogon
c:\users\Norbert\AppData\Roaming\Winlogon\API.class
c:\users\Norbert\AppData\Roaming\Winlogon\chp.exe
c:\users\Norbert\AppData\Roaming\Winlogon\diablo121016.cl
c:\users\Norbert\AppData\Roaming\Winlogon\diablo121016Cedarv2w64l4.bin
c:\users\Norbert\AppData\Roaming\Winlogon\diakgcn121016.cl
c:\users\Norbert\AppData\Roaming\Winlogon\libblkmaker-0.1-0.dll
c:\users\Norbert\AppData\Roaming\Winlogon\libblkmaker_jansson-0.1-0.dll
c:\users\Norbert\AppData\Roaming\Winlogon\libcurl-4.dll
c:\users\Norbert\AppData\Roaming\Winlogon\libjansson-4.dll
c:\users\Norbert\AppData\Roaming\Winlogon\libusb-1.0.dll
c:\users\Norbert\AppData\Roaming\Winlogon\miner.php
c:\users\Norbert\AppData\Roaming\Winlogon\pdcurses.dll
c:\users\Norbert\AppData\Roaming\Winlogon\phatk121016.cl
c:\users\Norbert\AppData\Roaming\Winlogon\poclbm121016.cl
c:\users\Norbert\AppData\Roaming\Winlogon\pthreadGC2.dll
c:\users\Norbert\AppData\Roaming\Winlogon\scrypt121016.cl
c:\users\Norbert\AppData\Roaming\Winlogon\scvhost.exe
c:\users\Norbert\AppData\Roaming\Winlogon\zlib1.dll
c:\users\Norbert\dt2lf3vtcjeoc.exe
c:\users\Norbert\qn6c62m15xx71.exe
c:\users\Norbert\qow7m7yo8m9ey.exe
c:\users\Norbert\tha9bx10soome.exe
c:\users\Norbert\ubsz5zfnwigk2.exe
c:\users\Norbert\wcry02lb1a04w.exe
c:\users\Norbert\WindowsUpdate.exe
c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\SET5C04.tmp
H:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-28 bis 2013-07-29  ))))))))))))))))))))))))))))))
.
.
2013-07-29 08:23 . 2013-07-29 08:23	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-07-29 08:23 . 2013-07-29 08:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-29 08:15 . 2013-07-29 08:15	60872	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{86B37F3F-FACE-40A2-B1F4-B3FC7168C4CC}\offreg.dll
2013-07-29 08:12 . 2013-07-29 08:12	29904	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{86B37F3F-FACE-40A2-B1F4-B3FC7168C4CC}\MpKslaf50ecfe.sys
2013-07-29 07:52 . 2013-07-29 07:52	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2013-07-29 06:57 . 2013-07-02 06:54	7143960	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{86B37F3F-FACE-40A2-B1F4-B3FC7168C4CC}\mpengine.dll
2013-07-29 06:53 . 2013-07-29 06:53	--------	d-----w-	C:\FRST
2013-07-26 16:11 . 2013-07-02 06:54	7143960	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-26 14:19 . 2013-07-27 01:13	--------	d-----w-	c:\program files\Microsoft Silverlight
2013-07-26 14:17 . 2013-07-27 01:52	--------	d-----w-	c:\windows\system32\MRT
2013-07-26 12:46 . 2013-07-26 12:46	--------	d-----w-	c:\users\Norbert\AppData\Roaming\mirkes.de
2013-07-26 12:46 . 2013-07-26 12:46	--------	d-----w-	c:\program files\mirkes.de
2013-07-17 06:34 . 2013-07-17 06:34	698504	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50AE33B8-4EC3-4934-A7DA-7D5878421695}\gapaengine.dll
2013-07-12 06:30 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\system32\DWrite.dll
2013-07-12 06:30 . 2013-06-05 03:05	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-07-12 06:30 . 2013-06-04 04:53	509440	----a-w-	c:\windows\system32\qedit.dll
2013-07-12 06:30 . 2013-05-06 04:56	1620480	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-12 06:30 . 2013-04-10 05:04	1221632	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2013-07-12 06:30 . 2013-04-10 05:03	936448	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 06:30 . 2013-04-10 05:03	988672	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2013-07-12 06:30 . 2013-04-10 05:03	969216	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2013-07-12 06:30 . 2013-05-27 04:57	680960	----a-w-	c:\program files\Windows Defender\MpSvc.dll
2013-07-12 06:30 . 2013-05-27 04:57	392704	----a-w-	c:\program files\Windows Defender\MpClient.dll
2013-07-12 06:30 . 2013-05-27 04:57	224768	----a-w-	c:\program files\Windows Defender\MpCommu.dll
2013-07-03 10:31 . 2013-07-04 08:37	--------	d-----w-	c:\program files\Trojan Remover
2013-07-03 10:30 . 2013-07-03 10:30	20553576	----a-w-	c:\program files\trjsetup687.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-08 09:24 . 2012-09-28 07:07	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-07-08 09:24 . 2012-09-28 07:07	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-21 14:14 . 2012-10-02 14:09	724464	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-18 01:02 . 2013-06-18 01:02	745472	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-18 01:02 . 2013-06-18 01:02	185344	----a-w-	c:\windows\system32\elshyph.dll
2013-06-18 01:02 . 2013-06-18 01:02	523264	----a-w-	c:\windows\system32\vbscript.dll
2013-06-18 01:02 . 2013-06-18 01:02	158720	----a-w-	c:\windows\system32\msls31.dll
2013-06-18 01:02 . 2013-06-18 01:02	150528	----a-w-	c:\windows\system32\iexpress.exe
2013-06-18 01:02 . 2013-06-18 01:02	138752	----a-w-	c:\windows\system32\wextract.exe
2013-06-18 01:02 . 2013-06-18 01:02	137216	----a-w-	c:\windows\system32\ieUnatt.exe
2013-06-18 01:02 . 2013-06-18 01:02	12800	----a-w-	c:\windows\system32\mshta.exe
2013-06-18 01:02 . 2013-06-18 01:02	73728	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-06-18 01:02 . 2013-06-18 01:02	719360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-06-18 01:02 . 2013-06-18 01:02	61952	----a-w-	c:\windows\system32\tdc.ocx
2013-06-18 01:02 . 2013-06-18 01:02	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-06-18 01:02 . 2013-06-18 01:02	38400	----a-w-	c:\windows\system32\imgutil.dll
2013-06-18 01:02 . 2013-06-18 01:02	361984	----a-w-	c:\windows\system32\html.iec
2013-06-18 01:02 . 2013-06-18 01:02	1441280	----a-w-	c:\windows\system32\inetcpl.cpl
2013-06-18 01:02 . 2013-06-18 01:02	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-06-18 01:02 . 2013-06-18 01:02	23040	----a-w-	c:\windows\system32\licmgr10.dll
2013-06-18 01:01 . 2013-06-18 01:01	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-18 01:01 . 2013-06-18 01:01	906240	----a-w-	c:\windows\system32\FntCache.dll
2013-06-18 01:01 . 2013-06-18 01:01	604160	----a-w-	c:\windows\system32\d3d10level9.dll
2013-06-18 01:01 . 2013-06-18 01:01	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-18 01:01 . 2013-06-18 01:01	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-18 01:01 . 2013-06-18 01:01	417792	----a-w-	c:\windows\system32\WMPhoto.dll
2013-06-18 01:01 . 2013-06-18 01:01	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-18 01:01 . 2013-06-18 01:01	364544	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-06-18 01:01 . 2013-06-18 01:01	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-18 01:01 . 2013-06-18 01:01	3419136	----a-w-	c:\windows\system32\d2d1.dll
2013-06-18 01:01 . 2013-06-18 01:01	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-18 01:01 . 2013-06-18 01:01	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-18 01:01 . 2013-06-18 01:01	293376	----a-w-	c:\windows\system32\dxgi.dll
2013-06-18 01:01 . 2013-06-18 01:01	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-18 01:01 . 2013-06-18 01:01	249856	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-06-18 01:01 . 2013-06-18 01:01	2284544	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-06-18 01:01 . 2013-06-18 01:01	220160	----a-w-	c:\windows\system32\d3d10core.dll
2013-06-18 01:01 . 2013-06-18 01:01	207872	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-06-18 01:01 . 2013-06-18 01:01	1988096	----a-w-	c:\windows\system32\d3d10warp.dll
2013-06-18 01:01 . 2013-06-18 01:01	187392	----a-w-	c:\windows\system32\UIAnimation.dll
2013-06-18 01:01 . 2013-06-18 01:01	161792	----a-w-	c:\windows\system32\d3d10_1.dll
2013-06-18 01:01 . 2013-06-18 01:01	1504768	----a-w-	c:\windows\system32\d3d11.dll
2013-06-18 01:01 . 2013-06-18 01:01	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-06-18 01:01 . 2013-06-18 01:01	1158144	----a-w-	c:\windows\system32\XpsPrint.dll
2013-06-18 01:01 . 2013-06-18 01:01	1080832	----a-w-	c:\windows\system32\d3d10.dll
2013-06-18 01:01 . 2013-06-18 01:01	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-13 04:45 . 2013-06-12 19:40	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 19:40	1160192	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-12 19:40	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-12 19:40	903168	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 19:40	43008	----a-w-	c:\windows\system32\certenc.dll
2013-05-08 05:38 . 2013-06-12 19:40	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-12 19:40	3968872	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06 . 2013-06-12 19:40	3913576	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-02 15:28 . 2012-08-22 16:06	238872	------w-	c:\windows\system32\MpSigStub.exe
2012-10-19 14:27 . 2012-10-19 14:27	525824	----a-w-	c:\program files\fonts.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
.
c:\users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Printkey.exe [2012-8-6 589824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CRM Customer Relationship Management.lnk - c:\windows\Installer\{10D722C0-C717-4D19-BDA0-105C5DD51A2A}\_294823.exe [2013-2-13 3774]
EFI ES-1000.lnk - c:\program files\Common Files\EFI\EFI ES-1000 Service\ES1000Notifier.exe [2012-8-23 2138112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"3518887414"= 504b0304d545f260f6f5bdd19817000000500000868759de0d386f5a8d9b0842fe933cd0493740e3b2af974a329cc8eac5522f50dee147631572f270080e76224746df9b0cd8041c90b5dcd1f7f728bc2ede424a05870ed5b941054d5be62cc7259bdb672369d689472091a38f11cb36a626c1661b1249be7ae0a8aaa99564a17fec91d70c6f6e09633690c90a5d6edadf197f04b7ebd62e2e8de283cae5afe7b454b2ac360f39222027057a6392b865a459b4226cdeeb326af925c622e128060c1ea014c3ff116d8e857c3c8c6fbc146b282712fef6062f3178e12ce90d2b20c22cf0148f85e3e42ba172bebdccae41867c7ce4da604555e656e32734cf19c3f6005bdb527655bff8dd6b4ed164521e668776f280d05bd73f7b31f260068ac73431cc67ed049e208825c47b48e011c4abb454260eb0409028551dc81c135b7f711486fe728596322fcc503f630b0105115982356b08a7978aac5acf15ee78d28f0b0307041ce87767eb09f350d03368f40bc33ba1ebf83bf4d41ccb98c579e2f3b749fd6ce6d5cda0137403afcbf6a00c3eb02e206e2399fb589947199133ab396a31b60635faa70837c64653e7f8dc8d70c542467060af2ade5421dea7a5fc425d5a8bb629d9172f077b4059dabf5c135eb35b17d51acbc9dc28c245065881ae4317f97d38c7f674e3acff7006921f271eb5b45b2d83c4273f43ec38c185134cb383bbfc5ebc2a3d8e8012dcbc54ea24a5c0c6ad790b2161e042f3451807aa33197d0e5df7cfd29c03d0845da58be2c6a30f888188e5f07026ae95e23b503aff5a900f350644e0c3406fe07e2e05c724ed274d16d36edb55d87568073db4ff41aad04efc38c19d9e53f54264884f4f02e71c6206dafe15374818cf81ba88bc0760fac67f130778102e2b975ea5bd8cd5c5f9d0649482d22d3cadd549599ce75899d64ee8e764a77646936a0cdeaa8021e1cfc28361f1d861407fa0976bafb721d56c9f08c95a8c39704d73e14ee4bdedf8aee26f55dcb1d68290db8f34cbfef0dbda02d08aeec0af62b275e845903149f6a9869cfcf561a69d96b30584a345a71837712e6e759245e78f3a8e6c61c1a30539a45dc07431772db9645e3fa69f08572537b0cfdcf81eb68f028e683ae4ebc5f0458cfd684bd09c0fcb7a8cad62a6ca706fefe4dbcdfb8f5b07415be06b2ab1777201230758adce59b7e1c5750986b804cfc5a1c63eecaeb375dbfa2b3993e77ac45f82129bbb1c0a44c07294163f54eeb0b9cc9fc2c69df6d75963ac380cd45a4b903a4628a146d359fdb50fcd17ae520bda536cbe3e24abf76fe88762a515164fb974322893df47621244008d2cce47123ef4061d500c34e91c92d39cec4b0242ef02755dc3af0f2e8c49537a31718da38ee77f355165ba35264e1e5d1841721b015c733c202f885aab60c8ac42f05ffcb21fb26f55b423fba8aeb86accc2d03784afb9db84ca6a4f8e02d5bc958e5cc780fe41bc27cc06b1288a0006ef9570175bd1d096c559c220c988ca68229748cf76bd365bdc5519c43643d893d55421d1a172ccf9046b8f47ecde9da9c18a4ae36eee52a061387168ba1da17acdb8371193e56477c2828331cb30a190ccac83b3400efa09b459366b713159e5e66ca6480949496312347e77bc0a0c0edd7b53332be1fd071cae053ae000d970a8c43c01b79e483f4b7b25ff4c0fd3106552755a66c3c891ac718123abcf09a5b627b24ece1c68094971919daeaf593e8d48e4023605f29618bce48e4575aed673d2529d4617e47f1fc96da8054dac4d256ef4711558e1385ccae528aa6d34f5aed285bd43b11bdc7ea48420c34e9a8a6d20b66a050c5fd92c39ed7885748e530e643fd2d04d61f04d360da7e00d1a9e92edbb8eb58b89ef6fc199d0cfa1366b9af18839b2bbdd9caad11f754d8a4eb27e8f0e5c1a9bf6ec7f4ef45f520211bce014afd4df03e903013adf9941b4712fd0abe2d5be2556c8df18094f0c58cca0ff0917cfa0a8fe23a14215fcf19992f838c1e90857f587902ee38d411f1ef14164199128b922cdac7121c12f7621c27a27c64f4381121d07ee84f2df7a2d0b9928e7cab5f98cd362ea40b41b3c5c7663fdc487dab43b5d276e6502a0d98787653f618855cf74aaec6960ac867aa4710db2910dec73d246cc881fcfe93ae5813032a4bcff0c0bac11f765813192839e02e44e3c0214a50b728f4a843f128281ef84055425de9f958200536d0760ff2fa61a08d2b701425254df9909d66c1dd521b266a1285d92685f5d2728d8271dfb3389fd4e797c9ee12598de6c6e3de0832999095916c1f78ce97d5522aea55355055da410c17692093df4382c014161ab09b646d7340a2b6679b9f33ab88ac3b72f65d45205215ff861be841ad7a3512a083278915de55b6bf93714b7071d0b3f81deec68ec8cdcc9c734c5c551ff412f31ef8b16a05dbc4b688d3a2e6096701fce6835824eeb74b980abe1e3d6446e1ee986566f07794fc444742ca937b833d5df760b627c1aecb9d1854e19c50dd654ec4a0498f605bc26aefd420188249c7b9802cf6db6399ea7785f20f76b97f3502a17e82fcd7af7c8962ff0dd701944747aee8f87660ce6d2e8bb69ddeacdd743e841a4adf6291d891372016787cc17b812495ed0ed41f028b246f138f14c11cc6b1d6963ce57855d48bc48bf30aae9e6316c56f072a690f75a42361865cfc411b25775f658973970e0a970e09c5ef99a738d245fdec7052d51b849411b8de4b12e2f9413bf2caac14e7f361ef1b6307c9ef696d04e7aba8c3a810efd3ccdc3fa56eb7da3d6e1ceef4471578485c300613248301c3d6a3ab3954fbd1bc74c09bbc1cbf028350f62ba745b9180e8551fa6fb5aa7b61efdff444ff43679df3a2f221e226556abb92f0c65a62e08f0dc1595c30e8db6785df77bc4e28ed25f102e54b7febedeb40082d466dd5e44ae4fb6421afe5e522e6f813bd6505c535c8411df3057be980efdcd4a5cd470c1e13e95fc95d2b623418268dc767889809483cfa94741610557f4cfc45482c1ade6f61672603b5848d7565b23c7f6a446176e3d0103b767acfe36f7e011dd92ab2fb708d6b3c539165fa0d800b0891a72646bc98b605a175f7342f1df1a9ae4463b4b1d2f0b00b58334ecded92995d88ddb72a5a086aef3cf5d9402df4a58e45984e18ffd93ce6a56b769a836e24abb88ad1123f9ce1ce2f86d30da8b8030f4da8ac5a77db781a2f0ffa1024ae62b13466c949680aab919143b66e1d08caaa453ae50b5a422fae0fba2ef48be9b57940c5df4e27661622e7befeb61d64992c93e9e7ad687592193b727f3fd5db5e153f75f9188b358dcbf8aff86b018c462015409bfb9b235b958a4ef96fab0aaa2343a6033d2aed6d81dde4325762db2b35e52d278f14cadb7226dedcb990e5906d0eda7fc16baa5fd78df8671ba25e63d16057698fd67c52404ffe01fc976caa174c42a5f919ed5af558c26bcff66322694eb9238218b8b820d2ba8942b56a009b91794e9ff31a39d56348fdfd268ed5f38e856ad03528c2f6ba1b21ae1feb1d960aadf035f10f878f2e84957cb7447e30990fbcdc52bbec463a0308e27cb4d46d837ccb5e6f3a34873b855a75123566db34759dfcb99b1397d4a4e62864d146288b54aa545204679762e6d302983676ddb7433e9789591c93544de110783426337a74bda680d8d25b19738512fdd4034b8d5836f38c677f05e4eb4ffdaaa06dca0c1d2d7dfa7ff5bd649522859e6871388d17e02926a285082c10f82ef16b71088b0c636978aabaf2e6f5b1a7f23b5a653991724d2203a235401f1288c187fc17df3689178cf67acb99119c59f8d77fe540b4f792262f9a4a44f972093280675c1490f5f401820233fe8f340c46b5041869e5cee18ff56d34a71455697e0d5eae2e3644f6c5cd6380a340ccd23e90c7475ebbe4c2ea341b60c610c9ebd646aed7bdc5b76e419af732b15634ae0701a3016f0afc596b0b60fa095bf14a096ce16804e395dc8c9b91b116cf9dc1120450689abd289b2ba4f69c2ba2a9ee151e47c841d1189a05834bd092415fe827e15bd637552be426f73f2d2f637c5fc47da11f2edb61e2e809aa16a1dfb40ce58060db75613bc320dd188c602dc3431676907e2c4ccd82426dd3b218ea01af93af6eb121b0a32e3dc4d6b1a88adc6928b86e7416b25b474ae12b396a8dc57d3883c63af88035079217750c7e7b73caf7bd2d1ada5b04313b9f25b0907026f8be2f441d7a3b0f2ded0c24aade8546e2a82dc6b02a2979c70801e4a6adc95458956cb4020ee7a01ccd5ac3ed4178e4e2614bcb743c6fa8d008592e12cfa4243bce16e0b618ef8f136dbd62a6643b7151336d1ae2761653b826521586de89f85c5930a6173b10771c23e126f179573f42287e2661f2449dd79eda7ffedf9d702dba31cb9b6aecf1bcf5d6ea4db0988351d81fbe38919fe8fc60ecb547e0ac646e6f4db4194d21c2e84b0dcca75837315e39784045cb76d2fb85d3c43388de930318b6c49f75c04e26f99772a38482e15aba052f6b41ff4a66c0322fa04d05501c50986dcde4f811fdf4d7fbb4192ff3daebe31955b90251d004c43c0f764985592535cfba073eee54f779d5bfaed2090320d685df25e78e93017af47a117629b207734a341572db44790e7de8f247fe3d5ecde57ff82f82d93007ca2a9c9a35ac9ba1741167bc53f54c4d56ee725bce9a8aa8793547bf08d7234311b1307a04b6dd77b3a3e60fc131f24efad9ac3227b185ce5c83e696041ac62a5553e2168b64c5fc66b96d344843a9c79e194d80c9ca7ef54bc3ee87f4692fb5f66fc76031c9f04b05164c001d1fce8335f067a2e2ed14ec9e61fad9d65a3568bd130c0d9464d319fdc5cb74582b6c90d2bf27f2b12a8aeccaff48517e5478a27e235a57ea09e1b9e69c1a3feaa9420df37c22b113c80bbb3395b6eefc5f6acda96a82f1098995897cb2db2f164e8979c71aba8f42ee76e00ccd9966e2c0f22d9d49bce98dc7ab844530ea7c47ba7c81ba1d85ca930a9f97cd1be289a1621c75558068edd4be3f0ebdc5e054f54f5549a90c48196e0d2175d2a21fb460354641ae8acb5d789236f3e37a4a686eaddc5b441db62ccbeb0f43abb3b3a71c2178a9aa260c0e89c3fa85c34d7cda6d8fc4cbeff583575524c69940d9f516b2d4ef61424540eb4f94945aa391591aa5fcaa4d41ae44aa87ab91b244e79a68a2a17c10ed728162a33c5e6a2d27ae7f20bf27717e5ed6c8de4094d891b8cd70b245e784b2c0465871c134fbd1523ab4c4ebdc646acbd41e4e2c211322dea33802f36d1a25fd0bad40e88df8c2fe431b8a677a4738aeed34c58b12ffa75cd2279de5cf842be6e1447307f91ff497be98dee1a6e0348775be1916107be78f705b72906f473193d7a8e131edee21affad809e2f3b84092b690ddf56213bb92e45d8818f4aaf4f81635ff5e1681a60e3805daedf237e3dfe2f729b86b4c0bcc4830d5469a985e2824462f0d0c13f27c4583a2fe9ced050408528dcb88f90e7bb0259fec554d048ab0dbcfe95e06bacc6419ccfb060c9bdc43bef22b0decbe185128c3dd1d487cc58bf72c89a9bc168477ce8fa421e69f9bd02b7a0caf54ea28e562f459845d8518a992938289ea6462be16eba8555713ca826376af8a6b9a123e301565b6f4ba59fcfd2f70173270eb7f296d266b72f33da1dd0cf9e621e11252b9e712a20d4c9dedecf6af70829d3ec2e1308004fac981cf5cf040aa4c9f87314884299f9a7a2ca2f529b57ee10c748133c3175f0f7de45a9f9528586ad228f68abae03dacfba9036f73038043de0a148494289068106a014739abc1f87524343de281059f1e64c7bc90d0538e879b7ffac568c79dd051a0a9c9a2e737699d249691acca169d6b856e3fc7d98cb2630ff6fbe3b3538f918f93a50e15feba0590cdddd199e5119288312fedab83f792ee0e9dbd85781ab493bfe7e5b91e42f9be3a795d3b7d459e3b791cb30ef99631225ba955efb0e8599b117235469fdd25e9175c29498a939169c7d779b9f0e792442b21b92cb07b53fc51496be4baebc7f99eb9ad6696734ef1b1d8c2af7425c0df2af4a2063bb2a0664e3f286b2c8b4942835e58a30ae4e73f5bb98b312b1316ca3012e25979e7389cac56e6492ff78a2baab81af069a4e86b435c5f2bf709dbcc549f6cb1d24e72f78c699583f32d46fe0ce4a1d2cccb3db5d05b7433c70f09abfcc869f6059c7569dd9ef7c34968bcf15f6c6f082367401e8c2214f03aa494fbbfa061b2704e5bb0cb81ac77805292f6d235ee7ef5df1fd7745c6f8c60c03f753bd1f4bbd46f272987cc652b03f585386adc55dafb6b4e33f51d9b241c3ad7ef6f86416744bed7cd8c94303d116c76bbbff86e870ed2ad3cadc6d5f4df77f647e7c1b19d3045fe6c0c180fdd58f9f7f86fb7843c59004877aeb7f193f23ac1d59511956de7da2a9936f16d76312b6e4834f21edc6b25117ceabf2bde8623f3d2a049f890f4d1cb9572c47e6a807e6fc530f5dcd5a53bfcb96baf242c060e31f5dac87f5893c10a3f1180585758ca235c7e4f374c508b2570fed46eb045caab26096190016e55b45581bb9d9662bd46a04a0b6203761a063acacc70318b9298bdb5a34055fb369a203fa6559218a00339d7faeae0f86cdac1364dedcbd49c3a98b4aade6131d996ebd38374188343e2e43db2acd06f909fe52da9e60edcf70279a1a0754adf82b2e229422b4f184352c1dfec3f1b48f54112874373f60bc59ddbea34c6da436195ae0e1f1ec652c2b2ea5624867b85a2825f225e8f5063c528ba55940b0371f86dffdb924714f2cb762c052982738616778379171bcd1c750e9fe2f232e267feb96d786671346f9133a0e5a76d3124a52054ad5c9977d029cee5d00a2b2de3c405e4f82ddc1c9f877899ffe96844ce96226c40ad21ce27beb1ced9c345c4447ca2665a1b3785c997143bb11d2dc759e55b3171bdac19eef7e55844f8fd3a514b94b406fa261413ae47a5e70d1941cc9d1f3fb5c723c7d814db916e1d44d9a06cff069e87f2b3cf6598b9000a3aa75de21ed830f80482e4097c1ea33ce2d8194532087e1982aa385891876d814b68cd18d738424903ef3a4956d4348b82c4b498d9edb4e6de2ad24ad979948ee9e8b330c441d306d2462d44ec1b9d72cd56d28963e25a0fefad9e3d116dcd0c521acd0f852c2d6eb847a4ce63b58d0d0820f49d897687b64e112f2b7a6d0b30103050c30aefde84ec3009936dd7f10305217dc1d182250fa4f1afe82a3f83d563b4dcad100dc8dc47c1b7be1a60f32a1109b28a2c0bd39610d49223115af1a3329dbb3e065aa513cde4c5d22b0bfdef48950c519ac95e03ea14260588c1737948c688398353f62651eacc2b39f5677d742f5ff61b1f1f210f168dbdf875f73333edf5c38c4e91c652a2dd41a0c83fb6c9131c3d06b7dcb95bf6e6e7c3a450fbdf23e274098c19d53633acf7b6fc9d74f79fe29b0df909f6551945616761c303aa8b5c2ff6bc00b9276cfc2003ba70969c4551a4ea10c371ea8a1b143017d79a5995abf0cf6458b6fb426fc8181a4ff4a55c57b5a0fcdc9c33c3ecb094483622a3e8b14a26b1155c7086d8bd225fefeff364a287e661afc13f77083699ed3e520e03ad53a98ffba6cda3573e5c51096eaf475ce3e1297625c8c8171f4458c7bab0fed535e9aaf0ea615f45eb3a2d035280a2f8ac42f86465379a80e827953afb737a8ccc29ad341b4c3310895046f99ecca1eb919679f2d5ce6f1fcbeeff0835bcddbfea1df7bbbf03aa750b8c46437f2da5ce079869df97586f52dd42b4a292ecf9c0b96aec792f291653571373133ff3ddde85ecb6d4de2f349e71f893af2fa42a68fe19a5b02e5be781c035312d912906e6f980eab54542972677375f5fa6a63164ff607b26d435b903d68179863f02c3be9cc56373e8a54c7b2349296c85c3da7a48bf77bd4b5a07761eb7ed880e9f4bfe1949971ba35bcbd2805f61f572cc209e4be34f6a781a5a2a79e728ac6fc7e516ff342b380376330884f64552275a7a30245463326672f56fe04f56048c64501d60ffc309e9976fef7931ce671ef6963dc015d56c3082c9230aeaf7072533ddfa1b19dbfe001266d8a09dbf2427025e9b59501f060f75d45e0748700fa26b92c52c8f71310ddbb1dfb2e23d4709243fc4ca1a59840dc07f432548f0075bfafe9840c5754be5cfccf97f48e78b594939e9a9d737b3e7dbc364306bd309f479defeb03c09fcde7db9a4ff1d35865e6b462231fdf5fa7431cfe3a68b5d7152b021e86c64a5a51bea3ff81ba9aa527ecde123305c471b3f2b6d6887782c2208af2fd5655f9ee58ebc126a017cbc00e2555a11722b4534c2ef317e81106602efa8e81127289c9df32215f257f594d4af931f716f0785d776e44b71d8636e34d5db4df15f1e381b60f37608f0a2c234552aea444b4ee28dd79b9aac0bb62fe2a100554163de1047b370fdd778565d883
"1781466620"= 504b0304280c1952fc052f6a1204000000300000868759de0d386f5a8d9b0842fe933cd0493740e3b2af974a329cc8eac5522f50dee147631572f270080e76224746df9b0cd8041c90b5dcd1f7f728bc2ede424a05870ed5b941054d5be62cc7259bdb672369d689472091a38f11cb362df5c2661b1249be7ae0a8aaa9957c824dec21cf148f7712d6858de8091b43f78e392238cb417e7019f416377d8053ae403451c703e55f6430d1a6617327018549617e3f6b0a3ca9011f732e02c99736f52639ddff33c81d8d4b202b856cb062f8786bff78f627bdba61e3acb55275f94863e9082781f3382b7172da84bddfd9ca0aae09707be139428f5b9c1ae20b9f768c792c16266e59ee254a9ec1d542f60b059a4ec19741ddf9d8b56e45918aec4c767bf60598e7554d194ff33d847c9bcadf7c2a6fe18ee47868a1887d9fd20db1df6be7afecd2e39a69bd2ce15d76987ba47c7d66d36ba91eac249d8537f6a4122baa33f19744680c89659f2baafa1f3f90505cc0f8de165cf6f1bda646c9ae934d1bd3a9bc8cd7250b9b88825b419a44db49720629bae84237e8fcaf33d61fc7d0f01cf69f843b97f18fa7e18e1d01ccf4894a4345cb5108b6a0d658476c001aea38f7aba62573d9abdaeaaa3772131279531cb2f29d5880c0825b3774c4bd289269cfdc69ee65d478d62f1a2077c642c9c0f8d38f65db010d278f28589d0405d17417c7e6b0cc6b89e0e3d407a3d602bcb21939b8c7e2a0f8cacfc2eee6d80ebda52047603e74e9fe9cead14d05f66ebb3c6f4fd51f6a0aaf2cacc23fb34a09b3105aca184588a91426587b5046153a86a75033adb79c24adfc047c4754fec3cb13445501f64aa51ca9b4399a310336945b5ada8204ca4b71890f72a1d5ba49d3f87808f6419db5baaa0e20a210386a67f707132e842eff521f7f1cac1eecf799427aec5499cb96731809eebe7720da0bde6699daf22b9b7ea8a60da6a2aa6a1cbcb5de6a91238d1878b73abe9c8578b41c9e0abdff4b4393b4bf3d9cf70d08f1ed2dbd79715c67c0e4e72f29c5e162a3fb52ac08744c2c8d66e282f0df0d91b36a37e4e1e8af8bec2356ccbdfd1ff6878048c1961c5706c821a61185ca796dc839021abdeb935a8e9e9c052a4c5678fa29a09b0ed46c5ed74046e81583deeddce681a4691fbe5c4428557238be7e1de1c1d2df88695d71456adc7b55ec3ec282d7a0a15591a2b2d9b0b90f71bc0a73898217bb8d892833c377b17f1a8f80607a5a47aeabf2ac3aa95a4d3abf81b62f85da68faaa60f0ff19dcd89c8fa0d874edf47c1149a903956651bf0c4ff8fb748eb8a5ed35b786cf914da6d75b63e1cb7c634fed826755d54da8a5422afdbb52e18bb2fd0aa0915285960b130dad5209f4ad7596fba38a869fb7f1693015a5ec6d66d700013e6543e2fb8badcba898901f2cffd6986faa829fda79140686d18f3141bccc886201d12df05de5ed349aa0e1a35778ee
"3212083974"= 504b0304e834cbc2068374bfb511000000400000868759de0d386f5a8d9b0842fe933cd0493740e3b29f974a329cc8eac5522f50dee147631572f270080e76224746df9b0cd8041c90b5dcd1f7f728bc2ede424a05870ed5b941054d5be62cc7259bdb672369d689b361cf728ff0b3cacb483f7d3dfb51c498ffbff14d7e58060487e6b3ad5a11db96ea858407c697a3ee06355d0a5d02e22ae1ba4c53e188f8617c14f31a63367e540aaa01b1eb676843527b71ed9278f5caa8895dfce2964a958a43b821bba02f84bee7c501c8f4002f88ed4635042127e644db9f414663c72796347e2e97a97b215b36a740d3ef371a86b2c4ce683b59a6eda35f86a76df0e67a4cc22a462bd98a63e63a97a745563fe7cdff5386b8be9c0b63f4889a27bc24908c86acb447b43bc547123cf8f6590a5cc3833aea4e250c6d65191322c1c4026b0a3d6cf958ebaa7db258e44202d169add31ff159f25cfcff0cd27a297fb7f835a05e9bb52886fafc6bac2e1003cb8c468185a3ad185cae9efe9e1cbe79c0b96378a44600e0269138d7e0c1b5252a5e35a642f9d050de2949249c4876513f186387297e2486ff3605eefed016ed9530686db3da005253c75e299e33ecc4cb6cba85ee7ff3572fbdde9ecee46b9452c6c8b34423e8f4812186c3363912d532166bb8a9cd57a4453d202c579925e03fff405b10a1cd0e8bef6face1d27cd75270a640f47e104fe8ce4100f03804e134ed37dc31d7680f2c72d02dbed8eb77d08ca011b13c3e34351d107de3843ade58b49bab78acfcfb34979bcbdf3f2226bbd8f88f894c3c2574d1916056d0dc430baed72b9e8045fe432ffb90f5da5e330d8049e62403885599af010741b1c78db6ecb600d64c003bcaf45c161bf6a3746a16055c088bad433d76cff98e4dbb73d3da9a78dcef3d4ceb3f5bb355735987f5954a12f6c16689b14991a43f41c30fcfd08ee6aacba089e2bc7400e5d9afda3833bdaf8d29584893c00078b92a627be0ffa5f45622e494a827e82fad8437cccf92ffd19ededdc208cbeab4d7beaef4f8cde94543df787ca37fe99739f5e15878c72bfc66d8946ee37c2560a6931bfdf780b8a7a81986ec0111513d61e8e9c621e55dfb325521619601978a12ebe41054b9fe760aef6e47ee811333d9cc27d7c379f9e89c6f69f7aa5560760505ebd8e52bb431be19326aa1584c555700842fab93e1e37bfd21cbcc6ae1d97e4f3d74042975afaf59e614cec8d7214aa518e0a65bbe4a10000408bba7f810c7135b3e75be88f2028c110a9edf36d280145a2481a131af02a9e63e11cafeb18a1ef417554780cc55f6a060e9769ff063060b4978a3e9c2186f637bc98a1649410b47ade13891183f257a40cde8e3b98aa705e519b904fd1587cc3383dc29a7e1c754aba9ac13fb0bd4c98089d49ba9dd3bfb98f8565830d3359a46dfc3ede494871b1296f8ba91e9c06fe02f3011d0433fa62597b5386e8982316d3fce8db06ea4c5a0cae174a4cd41acd79c90921f720c4cc06f472258c16acc20f344544f1f7530ac4730b1205793114e093e96d6c7a9a344a8d172fad50e4579d23ece461ed19bf051400e3e3abee202c8e737eb66ee41be229a8936db172be479e6fe21aec2994ed8556a5c1ed0fa10742f879664f27d6459f8ce3b36fde2e9f0dd8bb052010d445b0bb2174d0196deef0f38e5d4e5dd3a0bbdbcd7f8189e624f396d00197ac1daefb310b157b2c15debc9b5eb3d25f80b29e046c3608b0aa2008293896c6aa741aa6a6af2fe7ffe6876b4860f577ba274aecc8ef6224ef26dbfe87d502f22565b34e679e5da43cec0681da27e920625abf97f65aa2f7aa65f82ff2c5b26a4cfa95c17f8a246d84e5550363885d2ed284dce5feea5eb8d019f85f1ccaeb6279196e44067bf8b7a9d5633b0accb79527c9133189b410075b5cb7e9190c68f0e63bf686ae7f50834d7302910c543235fd5da2d1a61e317e2f49361f3047803b1e4df4a65c5feea96177bc2a178e0508eaf8142388cbc1da0bcaba4df9d62835b22f5ca348d335ccae70ab02f711c951f41d27d76f7ff5c7629dd3721aa95fa9064b1b59572c65d7211548d26708d531964e9c40d291a3d93fe63c17ed02ca09cee134ddc3f6cb0c37cac9883289d4376476a03a872bbc0f31b1bb80805b23df98593ab0bdab52340bda552fc2097fadcf1f883dcb0bde09dfdbdb6cb8f2d0946c994c0a09a458525873cde2b26395bafc0be806442470a4590b2a13d14e9c71414e756c5c97dd9fef86fc554324b2c5e7cb19fb85cc8428e0722679e68cd0b0ce0832f9660c91f68a98c09a0f8056f7e584502ecb2f089575d4f42f32ca9f914b85ca48593edd4def17c046d400f59068f01264e9882d616ffb4d7b7af560990b3431b3e2fb4e886bc4ce34b16e022a867387d66de2416a6167a9eb13098043d128587318bfbe01f6a001fbf212ec0b9d20bc870e74230d5a64f1633c6658dd822c2ffd2832761af181122fb6f74814720e36519158ba820f674457170d7d051d7400d939f46417a1083ba1b838f24c6fbcab22dcde15f83be8da6641516da9aafbfc697d00dfca24b90532d73111736586a153cd9a108ae84a116163c99e343ae83d5662dcbfc2632c59e204edaaca916f666bd8e1bbe72884a93f31e8cd024ef14383c4281785eae11f36fe0eb7c1ce0cd7dd965d52b724ad727968cb22511302b5d8fa14212ac45cadeb7aa6d51a120aba606dbc83cfbf31a785e465094729b6d2e4b33fc6cee3a5e496294e7f85434b2e7c08146fd7336c59b187f73e6386674d30462e937c3181782928dd38bdfb8c66b2049697c7682bbfc15c2dd2386fe5c219a3240cb076111289f688933c24ab6f3d9341970267a7f856e926c2cc70638f71aa8a7e03d393d2692f67ebe2c0c96ad2a73722b669916a022dadb43d1d19070e8e4fd42bf992c4cbde127ee2825b7718266227a29b5e0c1b7daa19623a019f1af08cc9dc85445768eb07108571deda9c67a17a5c5a129ee53b70234c610fef7683d0da1ae0bda770eb61410dedf5ebeb3844f48b2994e5743f99717dc697aa77011aa36be4b1c68d141062184ea88a977de59f02cf38dd651184778855f1cd40fb2d4413e7754be765f928165cac3141867dd1af0630a3fbabc781fb7c6367ca8da4791b5a5b1ac2ff3118694c02a996bde2aa82f7b4e6881cd32566695f9f7bac94b5462218e0d2186dea51c2c3396b1495e0d4eaaf187d61222a1b331a691f99f1e040a2751f3147271d17b9cabdb177728fb95d21b68afe5a8a995f35e5f6cc071a9c0cc64c3e5b24f17689ea159356604c514949ee0df33d33330fb5b50bd05c4646209bbf60c4bcda521cdeda97dbf59ee186b8fac2fa8fef4e9a5d28bcf447de3f91fcd9854b87fa6d7c9584335faac30099be855c275cb96e98b5d5ef99ca1861b7707aec618c5f656777de63773966094fdcca4f94c16c6f3bf5295c8e17feecd915d3aea0675062b2b0d703835c34528d54dfd7b53a0525fa1061b25d4aa845c5fd1e70620be5311b5b3c828c6e4f24378edaafe1001a73cfbd4e9ae612c79f2c38dda172d60c1ceb343eeec07653018af8b370ec6115ce0c4c0f159d6277b1e2464cfa329701a8f375c6d45d778ee133775aae0b9e6bd7fb54745aa48f88a326bc65891a570c393d8c2434f78a03e0651f86a391443f0ba028cd7db0f0dbb9056b85354d7811b200c233b32d6409faab49d8f1c89a12a2cc4f86c7dfbbbd6ad9b1865461411a44167cd12d9092bb5306f724d89477a0c3df8e0ecbc0c6859b005884b0dce109b5df8bade089bf8a51a9c677d59b68dfeedc933ccef115e2a16e575427fd481aa50b058640fe2ce81a47d2d8066cb220924e68b12993df838074be16dabea6353cb208957b9aa6f45bccfd44ed0423fc5010083ef8039bc7621582d45d58f04b12e8abc349501aad56aa101d311cb9e347d9ce5c05d36587b274280e1848fc4549e911976e313f1f817784fd1a352282b70e2323176861af17a363857699cc01be406e370f7b38d1466cb1ab107bb3bcbf3aa6aefcfd85b0d829a725c72732888d7f218f74911ed2cc177f591912c26601838b03fbcef50fd84b42706a60e884581a28b0a3533d4f1bf12e2bbe4910ae83472bc9150b6a138206db3ae0cbeb6a61e9a4152cfcac3de9ca042b8b3a869249a89fd67ef2ce106ce6f934b2244b9b325a4b6aeba2246eca952df5572f0198433f863cf2bd6d1e63b9d4e36f5ef3b19277c3d65babe63f951d3df200b7dbd0f284ac5962d43ceaba69bdfc40386708a585112c905f506bc0479cb67f614413a02f67e92816551f056d366bc5f453caf6f44bfd3319f403948c4d22646ecc740d1e38534eb3562644c2637074796adafa6f6383be49223ba2e9512205f7a2228116e6f4c1c80e27738fbab3bf43c3e0602cabb70ccd997a2d02b70ab82e8221d49a4dabeca605f4dada1b68d02b33229587c7cdb9736079e3271e2be765830167e2ec5983fb308aee77d888bca46715abf199f04f29ebc09f0bef17c09eae017104c5fe3c5de261b78e0ca1e9183c796980ce274233509a2b011603886f3ef9101f1566b779a12fae798c11eb808bea915dfc9c08eb4497075779f3886fa930dba817c5daf4bfe1ad81539e8d4f5937ceae6a2c9dfcc37814901a4955e3acc5001b543f3ac6220146d6e79e29f6010c7ec2b046667322bbc8b6bcbe7c00acc8e6563a5d4735cdb9baf685475a5d354248167885c3f6aefbf95184db833b33293e0aba1ad02ec232d476fe1daa42900718c04d7182ba2a3e779bb52186238d20b10ce9fc501ff1ff3c317876ac84d5174d3c6253e495ee97cbb9fb41f262524f95cc1267f3bf9eb0033c7853e0f1b64e50b7cdd2a9d7432a5096c2f0145e0f10611f3e505d29a457ad093207220829e2bcfa24119c29fffe1dc7c1680592adee8ea06605d90c953290952599f80483e3a8540f3a2f37c7c8fcba1712e9f5d0970bf4b38e7e40dfcbc970735c525318cb160099068c518d9022fbdd5dccd8e623735b9afa37f8c1926b87dd6beb9b9644b62d97e1963276a67a3de28d7716914893173a06747df96714213160e7edac79e430881e8946a9bb47bd288becb9bdc5b746f0afaf3d4c0e8c50551590d282ac216176f56f44ba8f2062862e6e80494597ca64a602fa99610438487687afc6a0fb866ed2c9f0f3814bcd63e7d2f78e68f02c454138012e342861c782a6f884efd5b317c8bcec56167a4ced80b0b1c1457225d8d404c082387bb99c60e1a18aa5d63840b0a9dfff48720263a9cf5529ee1dacb35b00e6643c534997bd84f0f32e8f5cf1a0e223b9585579b613eefe437cbd2c73f5a39036dfed4c59e5ce9b09187263fbee379ed432d15badad2c8a218cf3145a599f682e7d8bc1dfc564c39171b3b854a89249c618d6351e0bf58e66ee12ccf7847e513dcbd9233ca333c54fc69970d7cda3281889c4627c2c9ded210439f8a21eff80a543937cdf6763347145546fff9420a6839a0bac05ecc3cf28ce361df23aca46be538857a07ff12676886aed7c5c16adba4c9e3022173357355febf5ba453a1678adc1771e825096173c24c506d2c78b8b9d09664e6a9691754ac5f05fe6dc792406fe53e8f4ce6c65620f6678add5cdd8f15260b2cd6af99653865859ebc1708a7e6a2e1136c5a3d90764181aec9d6d7033e7394d9d6d40d0fdd4c8a8876233bf5609627a06c1fc17a7b7d6939bfa9b0a79b730c3bcf4c20f83fb4e573e1bc5d32c63232f90c088f101c7ca94bca69b0367b9249ed5fa48b9e21953995ccd1b0592d8517ce5f2d6cab48e72c9df2bcf1f55942600196715de47e7ad0f3dcbff968d0314c66e90a631eb46308e0a30eab7147bb9a375700c3646e67862ee5c1fcf03f0252e07a0bf2bd2017a949d6bd0233fd9aaa2dea09719ab388bb9cdcac09157a635b6a1828ebb3a022b63b2bdd75a4516bb874f9d61fd25b1b97c8c20b7144ff88593d25ca2862fac925bea8869f1bea6a2c6b2fd3e810a44f8f78875e742325a516f8bc212df0b4c942044eee6dc7441296713be73f7a730cd60a3f4545d5050e3db52b51c4806c2c3fd77ec73a5de99240f36df1633e7fb3520a64fdad157d73721ccf2824ad4c797c91141d7813f0433df8d84407d2b4807aaea371093bbaac8cb16834a3cbbc76e8c323daedcba3355073386fb5e99f0bf2404ee114fd476398176d8b5ee196dac50ffa410f8ce35da459b000dd4781f3047da7744405a5fa877258afb556c04bd7c6dee342434df48684b062bb74a71f5f70809c8818ce522f479320fda1e479e5d23fe4e85a812b56146b98baf0c44ad6d3452c45a8f16daf7dbf4b804a59abe6afed1bbf65fa18c90f91ea
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Fiery Command WorkStation 5.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Fiery Command WorkStation 5.lnk
backup=c:\windows\pss\Fiery Command WorkStation 5.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33	17418928	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-08-06 11:44	642216	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37	517096	----a-w-	c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-03-30 100880]
R3 AVEO;UVC Driver;c:\windows\system32\DRIVERS\dcnt.sys [2012-05-31 240896]
R3 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt32.sys [2009-11-17 24664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
R3 SIoctl;SIoctl;c:\windows\system32\drivers\sioctl.sys [2008-04-25 6144]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 15656]
S1 MpKslaf50ecfe;MpKslaf50ecfe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{86B37F3F-FACE-40A2-B1F4-B3FC7168C4CC}\MpKslaf50ecfe.sys [2013-07-29 29904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 217600]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 291840]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-03-05 45184]
S2 arXfrSvc;TV-Archiv-Übertragungsdienst für Windows Media Center;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 239472]
S2 EFI ES1000;EFI ES1000;c:\program files\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe [2009-10-19 11776]
S2 esClient;Windows Media Center-Clientdienst;c:\program files\Windows Home Server\esClient.exe [2011-01-10 97136]
S2 Fiery Bridge Mailbox Synchronization;Fiery Bridge Mailbox Synchronization;c:\program files\Fiery\Applications3\Fiery Bridge\x86\MailboxSyncService.exe [2011-05-27 114688]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
S2 WHSConnector;Windows Home Server-Connectordienst;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 376688]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS [2011-11-04 39696]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 44928]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 64256]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-07-29 40776]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-04-21 381032]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 31288]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MPKSLAF50ECFE
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-28 09:24]
.
2013-07-27 c:\windows\Tasks\CDHArchiv.job
- c:\cdh\CDHArchiv.exe [2013-04-24 14:41]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3428010751-2619372767-2291058075-1000Core.job
- c:\users\Norbert\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 15:56]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3428010751-2619372767-2291058075-1000UA.job
- c:\users\Norbert\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 15:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{B34D42C6-68EB-4E24-855E-58506F5252C2}: NameServer = 192.168.4.1
FF - ProfilePath - c:\users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\0wkjrii8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3242337&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- Dateityp-Verknüpfung -------
.
txtfile="c:\program files\Oxtf\Oxtf.exe" %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Ythoeliky - c:\users\Norbert\AppData\Roaming\Tukiu\moyxh.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
MSConfigStartUp-mbams - c:\users\Norbert\AppData\Roaming\mbams\protectbytes.bat
MSConfigStartUp-VirtualCloneDrive - c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
MSConfigStartUp-Ythoeliky - c:\users\Norbert\AppData\Roaming\Tukiu\moyxh.exe
AddRemove-_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-29  10:44:12
ComboFix-quarantined-files.txt  2013-07-29 08:44
.
Vor Suchlauf: 20 Verzeichnis(se), 35.037.036.544 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 34.806.747.136 Bytes frei
.
- - End Of File - - 1435EF8AE04F0146A431EDAFA09AE2F6
         

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.