| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner Mediyes.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
01.11.2013, 16:36
| #1 |
 |  Trojaner Mediyes.Gen Danke für den schnellen Support! Der Trojaner liegt laut AntiVir auf der Betriebssystem-Festplatte C im Windows Ordner -> WinSxS Ordner unter Temp -> Pending Renames. Angezeigt werden mittlerweile sogar schon 3.  Code:
ATTFilter OTL Extras logfile created on: 01.11.2013 15:59:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Plogmaker\Desktop
Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16384)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,94 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 74,41% Memory free
3,06 Gb Paging File | 2,23 Gb Available in Paging File | 72,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 6,07 Gb Free Space | 31,09% Space Free | Partition Type: NTFS
Drive D: | 53,71 Gb Total Space | 47,41 Gb Free Space | 88,27% Space Free | Partition Type: NTFS
Computer Name: PLOGMAKER-PC | User Name: Plogmaker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4000362387-2536209437-911832370-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Programme\Mircosoft Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Mircosoft Office 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B6AFDC4-34B8-47EA-8E1E-617AB58A6B16}" = protocol=17 | dir=in | app=d:\programme\mircosoft office 2010\office14\groove.exe |
"{11C83D57-98F1-4E59-87E9-E9E8334F52FF}" = dir=out | name=@{microsoft.bingnews_3.0.1.174_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{166ABB59-8373-4D60-9891-DD5C1B5B3D92}" = dir=out | name=@{microsoft.bingweather_3.0.1.174_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{2DF2E2B0-A588-4810-90EB-4C394CAB983F}" = dir=in | name=junipernetworks.junospulsevpn |
"{331D3F10-92E3-4211-9259-CAF9D02FCE86}" = dir=out | name=junipernetworks.junospulsevpn |
"{3B04FFF1-2925-4177-BBC3-FA2F0B5E9D7F}" = dir=out | name=@{microsoft.bingtravel_3.0.1.174_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{4DEF5975-E288-4512-96DA-8659AA10E693}" = dir=out | name=@{microsoft.bingfinance_3.0.1.174_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{5E8C5D79-A5AB-4B86-9FBF-6D7C502A7964}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{823BDBF1-EEC8-44AA-8EA7-48E461359FC9}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.4.9600.16384_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{83041EC6-823F-4C7F-AF33-7667C3BA333B}" = dir=out | name=@{microsoft.bingsports_3.0.1.174_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{835E0E77-65D1-4FAA-AA5E-AC67565A94FB}" = dir=out | name=sonicwall.mobileconnect |
"{86940B63-0BAC-4B00-AF34-F405090DBD85}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.4.9600.16384_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{8ED24AF7-10C4-40DD-A935-EB4E328C3903}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{93CE3F64-A50A-426A-8AE1-5C2F6E6303BB}" = dir=out | name=@{microsoft.zunemusic_2.2.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{94CAF971-469E-4786-A8CB-729DC908A8A5}" = dir=out | name=skype |
"{A9080F4C-BE69-49F6-87CD-FAE444526D27}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{AD22EED2-562C-4011-BE06-0C267663CEDC}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{AF4CD98F-A6B6-4B1C-8D65-661A94CE0BDE}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{AFD39BD9-D48B-4C9B-A747-6B3C6ED22ABA}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.177_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{C13E76C5-0EBC-4895-B1B2-E549D64BE0B2}" = dir=out | name=@{microsoft.bingmaps_2.0.2009.2356_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{C1E051F7-162B-4B85-AAEF-0A49755A2729}" = dir=in | name=skype |
"{C6182E4B-10FC-4083-A766-458080D68E73}" = dir=in | name=f5.vpn.client |
"{C6F6A92E-65D7-4236-8805-9F27A817E581}" = dir=out | name=@{microsoft.xboxlivegames_2.0.20.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{D26A9000-E866-47F7-A91F-05A451B4DBB3}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{D9379575-C6AF-453C-945D-F68C38F3C12D}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.176_x86__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{DA3629B9-5DA4-4B7E-B593-B1F2925315D8}" = protocol=6 | dir=in | app=d:\programme\mircosoft office 2010\office14\groove.exe |
"{E20BB53A-3BDC-460D-BAEE-FFDC117AB485}" = dir=in | name=sonicwall.mobileconnect |
"{E6A4BE21-4183-455E-8C07-84C78011B261}" = dir=out | name=checkpoint.vpn |
"{F00BCC2B-E07C-4056-B096-855E45C1979C}" = dir=out | name=@{microsoft.zunevideo_2.2.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{FA35BA80-EA4B-48FD-9FEF-74E9E0B3FEC7}" = dir=in | name=checkpoint.vpn |
"{FE5EA256-AD54-4FD8-B211-1263089653FF}" = dir=out | name=f5.vpn.client |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.04) - Deutsch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"Mozilla Firefox 25.0 (x86 de)" = Mozilla Firefox 25.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.10.2013 05:23:02 | Computer Name = WIN-J3CT28APSCC | Source = Software Protection Platform Service | ID = 8200
Description = Lizenzerwerb-Fehlerdetails. hr=0x80072EE7
Error - 29.10.2013 05:23:02 | Computer Name = WIN-J3CT28APSCC | Source = Software Protection Platform Service | ID = 1014
Description = Fehler beim Erwerb der Endbenutzerlizenz. hr=0x80072EE7 SKU-ID=8da2dfae-e4f5-4e6a-9272-96f8470e033e
Error - 29.10.2013 05:23:02 | Computer Name = WIN-J3CT28APSCC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0x80072EE7
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8da2dfae-e4f5-4e6a-9272-96f8470e033e;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
Error - 29.10.2013 05:23:52 | Computer Name = WIN-J3CT28APSCC | Source = Software Protection Platform Service | ID = 8200
Description = Lizenzerwerb-Fehlerdetails. hr=0x80072EE7
Error - 29.10.2013 05:23:52 | Computer Name = WIN-J3CT28APSCC | Source = Software Protection Platform Service | ID = 1014
Description = Fehler beim Erwerb der Endbenutzerlizenz. hr=0x80072EE7 SKU-ID=8da2dfae-e4f5-4e6a-9272-96f8470e033e
Error - 29.10.2013 05:42:44 | Computer Name = WIN-J3CT28APSCC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0xC004E028
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8da2dfae-e4f5-4e6a-9272-96f8470e033e;NotificationInterval=1440;Trigger=NetworkAvailable
[ System Events ]
Error - 29.10.2013 09:19:04 | Computer Name = Plogmaker-PC | Source = DCOM | ID = 10010
Description =
Error - 31.10.2013 10:23:22 | Computer Name = Plogmaker-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 31.10.2013 10:23:22 | Computer Name = Plogmaker-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 31.10.2013 10:23:22 | Computer Name = Plogmaker-PC | Source = DCOM | ID = 10005
Description =
Error - 31.10.2013 12:25:09 | Computer Name = Plogmaker-PC | Source = DCOM | ID = 10010
Description =
Error - 31.10.2013 12:25:39 | Computer Name = Plogmaker-PC | Source = DCOM | ID = 10010
Description =
Error - 31.10.2013 12:31:48 | Computer Name = Plogmaker-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070005 fehlgeschlagen: Update für Windows 8.1 (KB2883200)
Error - 01.11.2013 10:42:05 | Computer Name = Plogmaker-PC | Source = DCOM | ID = 10010
Description =
Error - 01.11.2013 10:42:36 | Computer Name = Plogmaker-PC | Source = DCOM | ID = 10010
Description =
Error - 01.11.2013 10:45:35 | Computer Name = Plogmaker-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070005 fehlgeschlagen: Update für Windows 8.1 (KB2883200)
< End of report >
|
|
01.11.2013, 17:17
| #2 | |
| /// TB-Ausbilder   | Trojaner Mediyes.Gen Servus,
__________________Zitat:
|
|
01.11.2013, 17:37
| #3 |
| | Trojaner Mediyes.Gen Da hätte ich auch selbst drauf kommen können
__________________ Entschuldige !  |
|
01.11.2013, 17:43
| #4 |
| /// TB-Ausbilder | Trojaner Mediyes.Gen Servus, ich seh da kein Mediyes... könnte ein Fehlalarm von Avira sein. Wir schauen trotzdem mal drüber: Schritt 1 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 2 Downloade dir HitmanPro (32 Bit) auf deinen Desktop.
Bitte poste mit deiner nächsten Antwort
|
|
02.11.2013, 09:26
| #5 |
| | Trojaner Mediyes.Gen Erledigt. Sehr dubiose Seiten, die Hitman da ausspuckt. Code:
ATTFilter HitmanPro 3.7.8.208
www.hitmanpro.com
Computer name . . . . : PLOGMAKER-PC
Windows . . . . . . . : 6.3.0.9600.X86/1
User name . . . . . . : Plogmaker-PC\Plogmaker
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-11-02 08:56:37
Scan mode . . . . . . : Normal
Scan duration . . . . : 1m 39s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 8
Objects scanned . . . : 738.563
Files scanned . . . . : 8.081
Remnants scanned . . : 221.027 files / 509.455 keys
Cookies _____________________________________________________________________
C:\Users\Plogmaker\AppData\Local\Microsoft\Windows\INetCookies\N8FXA33M.txt
C:\Users\Plogmaker\AppData\Roaming\Mozilla\Firefox\Profiles\3bywemg4.default\cookies.sqlite:atdmt.com
C:\Users\Plogmaker\AppData\Roaming\Mozilla\Firefox\Profiles\3bywemg4.default\cookies.sqlite:c1.atdmt.com
C:\Users\Plogmaker\AppData\Roaming\Mozilla\Firefox\Profiles\3bywemg4.default\cookies.sqlite:doubleclick.net
C:\Users\Plogmaker\AppData\Roaming\Mozilla\Firefox\Profiles\3bywemg4.default\cookies.sqlite:porno-himmel.com
C:\Users\Plogmaker\AppData\Roaming\Mozilla\Firefox\Profiles\3bywemg4.default\cookies.sqlite:sunporno.com
C:\Users\Plogmaker\AppData\Roaming\Mozilla\Firefox\Profiles\3bywemg4.default\cookies.sqlite:www.oldiepornos.net
C:\Users\Plogmaker\AppData\Roaming\Mozilla\Firefox\Profiles\3bywemg4.default\cookies.sqlite:www.sunporno.com
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.02.03 Windows 8 x86 NTFS Internet Explorer 11.0.9600.16384 Plogmaker :: PLOGMAKER-PC [Administrator] 02.11.2013 09:01:31 mbam-log-2013-11-02 (09-01-31).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 186428 Laufzeit: 7 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Plogmaker\AppData\Local\Temp\OCS\ocs_v7f.exe (PUP.Optional.DownloadSponsor.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
02.11.2013, 14:47
| #6 |
| /// TB-Ausbilder | Trojaner Mediyes.Gen Servus, Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
|
03.11.2013, 11:43
| #7 |
| | Trojaner Mediyes.Gen Erledigt. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by Plogmaker at 2013-11-03 11:40:37
Running from C:\Users\Plogmaker\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04)
Avira Free Antivirus (Version: 14.0.0.411)
AVM FRITZ!WLAN
CCleaner (Version: 4.07)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 25.0 (x86 de) (Version: 25.0)
Mozilla Maintenance Service (Version: 25.0)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
WinRAR 5.00 (32-Bit) (Version: 5.00.0)
==================== Restore Points =========================
==================== Hosts content: ==========================
2013-08-22 07:13 - 2013-08-22 07:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {0CEFCC4D-0C1E-4AC9-A767-BB3077F84A77} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {30825811-6208-4B2B-BEE1-49C719C19B48} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\Windows\System32\oobe\setupsqm.exe [2013-08-22] (Microsoft Corporation)
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => C:\Windows\System32\AppXDeploymentClient.dll [2013-08-22] (Microsoft Corporation)
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A2C3B2DE-C90D-4AEC-A780-AE6CBC028E51} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E0A47E6E-91F0-4924-AAC2-BF9435895EC9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-29] (Adobe Systems Incorporated)
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-04-04 01:09 - 2013-04-04 01:09 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker => ""="Service"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/29/2013 10:42:44 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004E028
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8da2dfae-e4f5-4e6a-9272-96f8470e033e;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (10/29/2013 10:23:52 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Erwerb der Endbenutzerlizenz. hr=0x80072EE7
SKU-ID=8da2dfae-e4f5-4e6a-9272-96f8470e033e
Error: (10/29/2013 10:23:52 AM) (Source: Software Protection Platform Service) (User: )
Description: Lizenzerwerb-Fehlerdetails.
hr=0x80072EE7
Error: (10/29/2013 10:23:02 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x80072EE7
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8da2dfae-e4f5-4e6a-9272-96f8470e033e;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
Error: (10/29/2013 10:23:02 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Erwerb der Endbenutzerlizenz. hr=0x80072EE7
SKU-ID=8da2dfae-e4f5-4e6a-9272-96f8470e033e
Error: (10/29/2013 10:23:02 AM) (Source: Software Protection Platform Service) (User: )
Description: Lizenzerwerb-Fehlerdetails.
hr=0x80072EE7
System errors:
=============
Error: (11/03/2013 11:37:40 AM) (Source: DCOM) (User: Plogmaker-PC)
Description: 1053WSearchNicht verfügbar{9E175B68-F52A-11D8-B9A5-505054503030}
Error: (11/03/2013 11:37:40 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/03/2013 11:37:40 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (11/01/2013 04:45:00 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (11/01/2013 03:45:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: Update für Windows 8.1 (KB2883200)
Error: (11/01/2013 03:42:36 PM) (Source: DCOM) (User: Plogmaker-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (11/01/2013 03:42:05 PM) (Source: DCOM) (User: Plogmaker-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (10/31/2013 05:31:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: Update für Windows 8.1 (KB2883200)
Error: (10/31/2013 05:25:39 PM) (Source: DCOM) (User: Plogmaker-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (10/31/2013 05:25:09 PM) (Source: DCOM) (User: Plogmaker-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Microsoft Office Sessions:
=========================
Error: (10/29/2013 10:42:44 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004E028RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8da2dfae-e4f5-4e6a-9272-96f8470e033e;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (10/29/2013 10:23:52 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EE78da2dfae-e4f5-4e6a-9272-96f8470e033e
Error: (10/29/2013 10:23:52 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EE700010001(0x00000000, 10:23:52:802 - https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail)
00020001(0x00000000, 10:23:52:802)
00030001(0x00000000, 10:23:52:802 - https://activation-v2.sls.microsoft.com)
00030002(0x00000000, 10:23:52:802 - 0)
00040001(0x00000000, 10:23:52:802 - https://activation-v2.sls.microsoft.com)
00040002(0x00000000, 10:23:52:818 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 10:23:52:818 - 0, 1)
00040006(0x00000001, 10:23:52:818 - 0, https://activation-v2.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 10:23:52:818 - 0)
00020008(0x80072EE7, 10:23:52:834 - SOAPAction: "hxxp://microsoft.com/SL/ProductActivationService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema" xmlns:soapenc="hxxp://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>ProductActivation</TokenType><RequestType>hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xmlns:q1="hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[1]"><TokenEntry><Name>PublishLicense</Name><Value>+0gG8S7UoJTVq+4YaEdp0KncX8uhzw4x1z2CMAEmcosMbyX84PWhd+szBBBNHCdurGlty9dsee3ieNWqgzswJOuUMYF6Vbd2I31x5tYGAyRL3fByi+PUFVhQ+ey46YisYC6LeX5DL9FnzBB1GDMzQOpnCiCkc7TfNhJFxJCMJt0DJM9/vjC2iprQimb2ICCgrym3uOOzDbnOcX2uAfs3yEiEWxcIYi7gSZoQKC4LCtFjQoYg92ZZVerCJu9ClaBybaeDAYPrbh3smGnQSyxVkrPxvMu96m+fQDyhjqz2uIcz+O4a5WxMxjV5ugq1Bvtc+eBwkgvao20JD8cAOerj6Rz+9IwPc1V8NoP/1A08FWkjIBP82TRhfNKIH1ZQhVKEYNJ2pe7yBzvGiVDB0vBkzv3J2LmBHWM7ripjzOTrC2qDUjd+9T6mVFsDcDZuMPXYiamWWLfuC9xDpH7P0CxVFvVmzI3DSK3ctoAfnaplCz7PrKqRnBx+OJyUTA9F3KqWivtkrclIZF+HXzHcR2TbiaMcTu1hkBkCKiU6tWINcafZX7KoTIpUzNP09cefJrA6jhtYYVRAqtPU9eNfjd6kQwf+msvdcO+p8+gS8mcGmbpSkD7OA2VqGrI9pG3gfMk6eHAcLbUMgMEMERJTfYPMRh9b0c0vKce/+mGx/Eu1sASmkEITe6uOMw/DJexEmPpqtwNuaPRMYyK90fMvxPV/PDxDZpQ3X3NXYqPStnu03bRy/znmNwH5fSPasNBZg/IO4z6gum0ey7uLBSgmDp5zAofwroDXe51Kdn+DGMUIrGmk8i/ISmNc1e/FFcLecPIObeBI0ijwm3lnfGSFZWE5L+hq2LJK7AtTMWpVUaQySyTv7SIIJtrP2t8DJCF6gStdruLv+hpnwCGHBjciD+Vdvbn5nA+X2XfmycOnSe7fK87xMmcVNXxlRE0AYcFfQRWGDbSwi7ja9JUlrALyBdVceYFMnol1j8Dg7smqok70/iF7++SltYTmAaikd99DMj8sCzyl9W0LTxcIT7qUxEbys2WJg/NS+sWx3frGJ9OWEX4PBd7kmGC3fJqpAnmas07D+2jxFCBEC6TiwFdkBaY0+ZNNBRvrLwJNE89Juan4aYT8fKYFA/Cc/fuGtYCMGdg1Kimgj3otVyeJ0dnWlwwNEsAxV2rewmX2x8qADAC3tYkLBNYn00m/Hlk/iFBjyJ6p2MMbOPQh/yecx7HHgJ1MxtxRLu98n+7ac25l6x3c1qktnJWgfvF7/r5qHc6K4SmOaaAgjLqOgOdaLxtNibaR40433wSvGmv4/16fwkNPQtCE7i3jqzYpB1WNJNs83MnDFDWWX1HdyMWk42Pm5Yn0jbTYtZJSeeZwso84YJE/NJke5ZG+P8emEKILRFcjBChktbOYqzTHZUEKhTElre9cZ676OKgzIS7v8s56i2Am0hGdYo32s834Ipk+td4UGtsD3YJKKI6ENCiR50qmbnfilo8Xj8Z8qZVIGrd25Oos4XDdV6imcGRbMW60NDqHhJwRGJ2WiQGcreVjiyqWJQyCs3e0W55uurhYMG5KXVp+lzEkEz0XmvVzqvvMoywBTA7ZPlsXXrmCc9pVlBAK822ch71S5RXBnV8DpRO/WwrShoxJBTOqRoJwsLfUICDCc27hHSZ/FujcZG+ZCfHB2x4C7h0Sn3IsA/W11lk8oFVgSKC3O8PBRlEoyeK2kBokudgoFAz001YoQ47eAdO23TO756IO8a1wy8VC5v5eQlErs2LJu5toCIxlOwwCIWTZrsvnratpR5K5gWWmtXAeYiJfi0xOFhcszeH7TfGU7evrP42juWLPoUZ0M7pYayPeoZ0qjq8DjfwrsmV9Ea0HjKdMFp1MFffbqDfgU13Q+GSneXHLPsm8TuJJojhfVYzza8MpSf3u/49sHL7dbaL/wZr8A6HSbeF1lclpob2U9BDYN7BW+YHAIsINDCQcdjQjiFjONppP+9tPIim3IiUEx7RcqHz+V6Hm7gUCHlb2b/L7Yhixd2pizcnHQp93OMniQjO8bL2yervQFZynJ+Az+N9zOtn3C8pn18iwTSyXvnMGGDwlZCG5G3doSfombOPcqLCFDcc7vFjY+WDqSiCzsKYG8GE354bT75BB1hITYtLB3SK+4qsZ44t+oUZvLLI0ZUQsNxqUuJ1y4PchzqSLOGW0SFzYF8CJDuBGgDsXWugKbei+gLDL4XWrX7u6sS7lPEoJBwsSRjabT3NZqtWpVM+fwRdyJHyyJikRcQzmpmWiLpl4p6sdErceGoNiEJ1lZ3BnbhvRoinufz0Zagw8uXvB2CoHaDtxTwM8FSlK62ZEVKRbZq//dC3mcVP4xCDg3kW5ykocCKB/P0tGj8hIWRo8PE8yU/qFLMMBt30B8DpDwH6ggR/mgK1lIUfiOlBPVnRNXOy5UZRlg4Q6lc6OpOlCePzsDQKhuCLuMCoSduxiF9fW8BJZl+RAtGf/SZPxtXhKDh243Z3kFmSHmB4oUrdA9zk2P2cSY4pLiGpI7G98InUcRJIMHtSXU6hF6n7+kdWcDdHkIBB8OokKFhHR91Q1NeWxyafUGRaFDLGPIheRmlnyFooMt8/idXOXiujaYr7F8eSEw51k3nx6xB35KkoeKB4LRls4BiLX4mk3JLgWsTfvN4MSvsx5qXMplcz6xBVd3niIWoBQVnJEFZyqxyk+tDMaa6pBcpmsEKauX57dYKi/QgYLrmDM94iOoQDrBJvHQvwdMeGXIOSlos4mNP9xXRJyrrc4vrMGLA/blUD+Xyr/3LJwd+mvC+3Rp4446l1cXqF/iYU3DzR+Emj9ZhgaCWtEmAqUQO7JHkOtqKt69h98ASvsjoY/bRtTaJ4v/AP3JZi+b5wEjhQ1u0eZzdAZA/NWx0+RFphZygCDR73JYbxrBHlcP7PsstDyuVYob7esh/1PcwVc8BX8wb4ATAf93DM/25iAF5s69hUhW9OoZpTZhpk9//cUnKHkudk3DB+xUrmZDh3tu4yQoL0tTfTNsDiuec/gz5ZX1x+IlyGfkGA2ctukgg0KGRoTNbdcKi+57m4lj0PE0MfnWHN1rUCSyQPJ6QvrhJ/Lv8EvlfQzuze906+kPjdglmIjabtoWPJ1UJdWA1k8CazXRJsDTTUf//pWbqn265VIlEAVRLLfDLz3MXz+14N3r/GvZOZJ+S4g/kw8aS48o1H6bYUu0w9SUMt2u/sIbqgbrPRXDh8S+bKcuvIK+zI8A7L4E0i28tHaZq9lU2Q97Ws+hMjoUC0p1TMhIzPr6siwhp0xicAjLNmbUJoUXWp2Y2VGHiExKM+Zxre62idkR4aGzlYS4kKEPJzimWZnjMQB9X4JER1PN3yaSsDGlnmaoYVxFnGVpC+uJbB4jTfMrSF1aezWqaUS+VrJ0TCKqvO5epCiN9DCZeyKYWYmH6KGc0CZSV9Y/XpOJds8y9TKppJ5XxVTa9C8n6lTwO/EMm1S92WoPqkv3qb4R5/4OGMKI0Ew9DAAbvgQigfCxF57zRvPsUdKJUUI08PvlimSzYeXq+uYpJUbHC6arB6AF3gzSt96kPnKFZY5vB0sU3dizGucsNI2DoyO8PM6UaGJociyni6prThWXzaQVPIO+E7DiAf06rpLGnioCqisC8SQOTycpg4dq07U2zsvMfZUJHKYQCsNH74d6pIf6uJBgAWViyfOVEbK1F+TNwI9QyrIcU5FUudD/tTMWJmUdLe+3Ds7zgTDok5Afnzc5W130+ODMB6lDg6efyEC/RMWTMlB3bPY6zGGJsfIt3nX6oyr13nGrmb/czb3MdcECDztEkVUnBm+codjlePnBxog2umrjs/sypHwIVIYlYSf9f+PJOHXXu5zpzLRch0QfWXvC5sZJeUNY+fYBvwWbG7Ah/BA7+1ZvSJCYTJ9ywLy7qj/twXm2uq3HpC8K+MjFRvsiL+BaWTBVed2hZeKq6MbeSCvzywBKeHzXE87ObE2y4TXzSS8fCqywyg7+FVfRlfPhGkwgNOSQDNALSXnKJXOqspfqSjM861LMdMMUVaCQiL/Ovmx+OBhsjYPdDj5FkskZsCNRr+m3ndKe72rKwP6Lx3DuEgKctpvW6Fn+pOE29vffE83xZ0zVcS9MKVDv1fdSYqF/UPpqK88g31OFeiXljt4tGi/u2FiW6js4VHYLtyjLHLoWDYlrgdfZq4d5nZ4dCOZblBkbNkMwS3coQeXFoTvgkZOAwTn/hPDd6QbXFBKVX0BE87pp4wCym+LG6kQ2GLws6XR/Z1gtvsTK+3avR2ByTkDprwkI8skPX3hAcHkuLQtFv3Dz4jRe2bnZtAUobxuyEREMA8KR2ShXTkwSzG8wFhEUxo26/9MUd1AI1ydVh1Nj5el1M31M8sOIedIscGgbpDqMjvQEvj0G5m12cHzpgnfjaZ3nUEo0TGU7Ynvt0NJlTYoupgvdpSc+ABvE4wYrTktvwygqUCkLL/51xJFVVZY1Gj/AESOJiP4AMr1kg6wZGlGLbgxj31fkGDHJ6QwmP5nCcTfSRqJxurgfCQyGkd9Ez7GkdrNsME1PQYSu41H0+5X/sCw+QFqowywc7yld5SXIMTBQX/Md9gcpCGlBtKLUcggENqGDkXMTzgGORqArayqyBpquxZtEzNWHY81tIA/nGeOIb32y944gy266Peyb0zofHgY19lW++yU/Uj+QeO6h9g4cYhmCcJwXg+Y4P8Z+ztwDs8pPb2RH9CyyDWT5DCXWK+RhtkZM1EnW2NPXUIF45WpPqteRru6PoRQnKS/fwJhr0zAyGJ5TTxiNw7gUXjT1a5kCapLj1CBxoHoUZdjZ654GstHsmIlHEcCmMqtV/NPeP77Lj2mF2fhNLZTeslmN4IYkG8t73v4FIMU48ySly77PBa5j8fZEQ7COXsRElRTu4xcmLBbO01wgfga2RFi4kCn3rCGbHnScKurLtKzaQWIvUIYibit8K1LDQPY5qxFUpbwkUdkUBY4nZ8n/7SOK7CHaq8UNv+3XqyCxUZ7G707c3Xd7hRIyv8mdnqfBElfagS3aDqSXNMHWo5daV6frYQ1E+E3ewaLmGf9ovg+PXyhXnCaDcMLrSyMv2R/+TRHVvly0HcOe6tKMeCcXQHnvAz9xS7xWAHg+r95w3K5iIPNVytdo6qrWju/hjtASYHobUNqaVhkhYdbmcQd5AVxY0IfD6DoDkzNFD+20SuYEYXTdoyH81fY8w5BKUMDmqHwzP0Jz3HL2ekJZZWKnDx3KTW73i+L0+D9wKL6+lKzOo7obUyctPkRm5F27X3m5ZQStX3mRD02jQXmuXEV0SoBlXW3iETnN32M/sT2xr6CdPUtdKCkddEB2988ym0Ml3UsavHzMo756suSeDkv2znWrgiQ6/wavV1Ej70uMYgHWJxTkMsBk7oSw5S5uxOZpDzl10yD8hC/qlpfkaIuXES8l3orEK856UU9mONHtKsDKP+PzhwsJr0kJnaBkOaXlw9QV2EgrZxZ7TDjHW66gNm+lbLbkGI/V2exYKSk4+Lk3RnRcD7tZ3APfUsKaT9FHxVjw43nvMsvJGQcNkUfd3nQSJK0QRzb+9Jx924H7HsIKae6xIRpIhaC3uOgzX7lSVAnKHunhuSQS+oMOsZUP/9IsgoZU9niih710cKzczYMNLNo+QRbHFb8vymPdtB+rnWgQ7X8E4Szp19shCU6E0b4EWKyyZwvEHbVzP2tjsWUlKhrzdZY3Wl38h1JvzWxXlchuKsh09k9p2bkVsN+tYW+2I7v6z/tbh3GCLPtZwqw3EpN6l8SAhw/ejTZCc4iDToxqJH+OAIPw8vyoi+r2iIMFZ0S+L+Ha9DSJW+xQN3DWExf3AQfCSLraKmhCIQOFhg9UaomcRJQL5GpQBxdHUblTNeGf+B9bMhE7QL2I5JE0/roeXa98EPBZri5L8sdWXStlUMMg4yU9ZT6lVG/cjp4VgM40nphXDc71NIRnSHHl1v+aj6UPPOcjPLUxHM3FtjfXA2HiAVMyQ9KAGhMqJCeVo3CmhXjhBY0Ox1RdvwHGbB6XMb6jQyRZi+cB/9fIInienqcg6O0ZLCFAGj34rM7hBVv3/6UXbCc/0o+j3l3tszA8F3oWU/ciIgvCm6bdgJTbCcKJahNO0F7cEb8ImoFQxfsO3tybTyQlI3oS/UM0kkfaCWkH2PRQxm+SraKoouRWoK9Is3GvW2mkKgVZ8OxgXFcnz1gcqfzKzUN7d5lfK4sWcdtjyYVESJUWstQwxCAraxQGc/XN0cY8USCn14G5swHsPJw//zV9GmMoQSHx9jZdBacLtkVYgEQWXvJdl8f8tml97Lt7IBzbtslBv+FkisppjeOinOK6etabzeMMMT+hviUB5JAq3bfhuC4oLswPPGa5Xv3LhYQWGnjDGcpdjRwcMZ+Zth2aQ+J2l9iFdsw5RtyVZGVhPfSbLcl0l4rsosiLzcvRvLCUOB1hZePKmBu9boJ8v+l2bXxb+2hAJeGidPXnywKQVWOUMAq66vSwQ2n0/lBPECYzJQRDc9kZkr9A4k7uSe0QjcYBURMzyhhETN2Xmh4EFY+iPsNUM7GVLiCPCPaWQDVxC6OMaKadD3QtL/cFhadYpJfwHRCzvWxo2PtQlcQfQZYFLHpjjK0XspZEfh9dNc3dd9H14EmcMxzwiAnw4JHYYg/yVht7CEqs5wX6XXV54o75g89yDbM8FIHVPyqkjK+Xy6Z2u25Q5t5MO9I8Y0IclQuz2r3kn8cGS7KikkPeVK9UFK/tOfuUTiGsH2pCQEAiBepWy9EXfcC+HZyJ9ycd4mQ0o8hc4oG3F03fiiYdV1X3428UnZXDbmPctEWzlTw+ci4ScpSSQP3Etr+LyVrr5+lMGUOVGtaJNXhMzLW7L4UUWgLwegWAB60U89byycYAGqEkLg7WEA9OSEgzJwqSIVs5lNV+FqCGfBFIt5dPOLLL8TEAqYN1iX+vlJFQ95CJDoYQUxErxESQAoYPgvzSI1ncV7k8F6NE7uEtqF1HE38uYjYTIYpv89EaAxG/RU0GhdwT1QRVRNmCM4ZRkdqV0vKYGVsEFA36qaE43L58ICEy/yGcn0yCOoJrH/AeqePA8D74WNIC+6yGz4As8d+LzCz/npiSGWJ3JFGrL+YEqwTYuN5DytSL6ABWOebH4Ysh7NutDG7exG/ahh2/JYTIXw2O9VXw+LIpZlQZFzAeEJdZR0eQnZmTNSB2pOjHWy4vADzmpqZ1H1Hbx8CC/UbKNRtfI5XyGD9OF2aEZNz5bsRs/+RcQQUsv7WkWAu4cRam/S92+S9gmEA95VaAr1MPPiJp2IRHVyQeFjWhqQb+TIuDFGqDhItl+4KYb9xagox1KyC4gOrVVWDVISq4gR1FRzjCI7cRj66x3bdvadg5XdYnBryohbbFvZ7coxydLAG5/nn/W8ROrcq7+aNicr91BHrsKVbFmBTU88ps0QepKoAiivs6At03QHeLrvLwaxlwjAF2iFJLjlneJkW9WsqKM7Mq0CHffLf25xwanKf56v+HcHyHZYeGho34mzljRx0wBx9diAvs4+gkvSRtIDInGvL4wAvkobVAfLcIOedGUys+O4E9G7yg57d3MPRvs69GCS98vp4M9Cu29djQbw0Mi/s5kxrHH00uuUfNY7jMBWeBu2miBrsCbjDzRhR3Q3xlgQh21sI0VdsFlLT0AJeqGOU1BxBrjswvSz538458zQnv8hET6DtMqloX20qml2mERgvqC9gqxqsxEH968N7faGDBnonf2A23BVZ21qgaiW3BKPtue16KKNe6p6B/Y1rm28wBmaC1QrtI1HDyQ4yBoycFjSr7nPUEBBMJvY2OwNqtt62BM0qUUa0B1QRtF/cf8LNVlFnUcBo6zuXNioIRLolHsXdIxl25QaPvHAwqHy0YQEUVSnqLPW0eB3scrDvRghO7l5hqxdBm7ZqdI0G/IpB9/R6X8dKaHXmwlem5CwtC+zwYzv9H+cJ8AoMjX1LriRV7M12ANo1tjTiFIiidmjnIybSeFjv+GIe/mgZOzfpLtXA7nJsd94UCpdjT0ddNEwIE+lxrqxLyEk2AMPGxoT9zLVJ3xo3AKnghgQB2So/Q12L+dkUxKOLDim6dTgFx1g8w8HCjFdvSe6VP7nBKdcp1s4rDkYwGMaVqplU6YA+f/9VM1m5tHglvGS7ABn+uq210vmCqZmIQKW4ct5rdtRiHcxW5FOmPiZt22bYpMilu5co2G9LRCsoaJopLgcNPSXy+TrEcTNqeYqE231w/BYm2jWlYgHtlSDWepbZ7htLDzRcaoTEV8OK8TbL6mvBifdQNFbpKpqzxDg5SinekVsbDna1pJy+78TE/DuhZjLPGEJg9cNUGMsELHl5zuZadfYb/gb6rEmnWqaXGxQfmDmPGmxrG4ATgHferWXQ0nE7+IDqs0ScXRRp2QUUhTCBVQYs75ra//zNP3OF2kqW5D726jojs86Ftlm9wReu/1awr4BS6P8NQxcT8F/o5y2EgxZJX+SZaujhzCzJoLN0yZowcF7oZKMdXgxKQ9K1eSLwamsjknCkr9F2EWAMpf6TPEWyAMcEqyNaHvz0QN91VYshUuIZVM9CLs6sQPzq5bjFSwlrQzK/iEbE3HzKoC5X0bufW7njN6JsCbiS28F+qGU2OyiO0Z5Wvd/CZwKfSzNVGLOz1qKttDxHaxRMAZqAvox62JFXQq5YvX5mgTKJjxOU4uDDCVU3dUgo9flbAVC58rL0IQl/iAXrDDci8WWE+gjujMxuJ/En6KwHT30PU8HXG/NgZTnj/K8ZL6LgnYx1F+FDdHus861iornTonw0YacCiQo+rQpG0LGdIMwxUkkrhMkDMc0lzACAwm6HuArq9hxaDW1DZ6MTu1PJcNeJb8mhEyxG8VzdpNjk7Puwp7bweC23ZX5m/Tj05YyAeaKCWTIo/Hr6TMA+LOxcqj+mqYXQ4lfVUqmveXhfAPCrY+yA4HrnORAv20SvpBvUnqeD1vPF9i+ttzQxvFz9hyhiQj7XboIJN7pku1PAmuFeMugNYX8yhuVo2aikjN175NVYgf06ftSTYZOKWhkNt7wcHGk9rCVObQrwHCR+h0dlLOL3ku3roifQ6OHHP7F3DYKxpNSDLrC626ETwD/KulgF8fIjkCW3RxzPi8H6NltkBafsEKTkgKU2ohitK3yE967UxJbR7OgRYB2aPtwSAjsS38VKID6aKP8138S72GvnlcXhUniTCV1J64CFgz/OUKP2En8QusQ56y3MgKi6XzqJNH6D6xvoG4Okuq3Pk8PzK1F2WPtTVaRmige6kxemc9AVi9/37OT90kQxJQoP8fKmbgCM/dzWxPEK+1EPr5k9YesBY13n7EnM4QBamdMDDPzTsCnrtllpCPSKEy5akIKG4E+s9myeKlY5bPp0CSCAj++7qCeWvE2gd2DgClANzD4d6St8fcsn2tZ9FXxYSkATixun8myuUVESFLAAhO/SFYdhBk+4e2rzWTI4qrjhQ+34UyDZqTWPiN6Pbzg/5j22VyNWtkTfN2aSjsVcKcDowKvf7Gd5CDYo8hGUOQBcBty/7B3PE/NdcQzsOVfsI/EXnA0Fl3PxLVyz/wCbCMp2umtE5YYszJM3BwaZWeHIPZ47I4NoZL82+7fggGUT9sP4JS5BhNXVRfIhPiPdj25qROvOE8HCfXneY6prB6O/HOlumPGtdEJvg/0ppMKVdf3qDQAu5RFY9LXSls+xv9XOoWn6ZENWsSszdQfV/gJmX7rAVt0QN4cRtF6Gv+fjBccXkdL6HfQ7O4i+QV7/8C6oDw8kqW7ahKv09E/WC5b5lzQp1rrJqPGI8+z6nEsO000qbmVidTLrnOtt4/r0d8yoCTAV/joz9FHVcmHjoMxwMsGInKG6H2DsLuQ4hiQ1LI1sbCfJTZrZZ6uOGTUa3Z3TI4ZeWpz/JkT4+zAwJ+qEKPPMhxrkXe0t7owU53/kYqNyH2bTv9qewe/ZnC2rXoPOtjEqQioS79t0XZ4c9H/teMyK+R2v+i3QSot4j5IYBbGKqGH51sh2sIphNI8NVp5hKYNoT9NL6558i1+MDay3ho3ZYe0KSEjBX5PW6aCFH2YgkSC31NueIhzdwe5Q0O7OrFYAaYcyQmp7vyb0XFKa1EixN963P1PpN1sxJ8yz+uaD13CpSVtxAPsDvXm/Sy6QiDJEUq4DO2Deus3+nfLJgcBux9JXZpeswSJh1/B90ET5+DH2sotWBiSoyMaRGGofmvnsabndtER5LGa0FF4PbCMFMWuAu7Ao0Eehz+R+2d0TacxEGUrNfk7LxMbt7yApvyn0vAjKnaiHRDsrNjqzI5TxDqBGtfZpVYAc+c9lo0eGB0cJ8HKQhcHIkvUXR9xXtIhuxRu2EstbjJb7//Yor6YEZ1QVseXe3r1JV1J5jkGyxG07+WZpB63zfIf3iMgqf8FEl/p40UcWzzW+RCWgasnQWrN6a+h/fmWvl5aKuTvDk+2ZW1Bn/kT8MWqeJ3bNlLb2tD/27hrCNgFDu5eGPvhkEFC6WqDyV3EfwUCL020Nr1SlP4x9kpgqvrWGdEQMGSxL8oLCrXtwD60/LQrME7fK95PGiiVUczTPAdlUy5iRgGxiTLZOzJPxRotKES157+Vf1gUZub1FoS/cz3Mjk1donfoUaW3+A3bCjciycGO/I3gycZNVL7t159/HN1WNk/dxasW4OZSxv5mmOaO6jnMfA1/jEIOJRhydEmv7G5/QClh18rkqON8M6e488lqi+CGrd/PPm33r8WoKLubvaYCLUZWo2dDNdrhjSTZS/lMPqOhzRTwyftm04nYsBz1NPQQH/mSqGSCe7+1I8Qfd0VLFw9k5mBvZvuamxUqCeVv44cgWaNXJNQRU/2zFXezVMweig/m09JMp29wnu9K8Th7FnNwcyE3I8AEJPjjvG/2uit6HuKBZ2zR4bKGewG72qecKMfXKHEbPWHstduNS7vyvP+G7FkgKrnzqQeQtTTsTugINrz3dCqtn+k8gR5ZCmjFCKUufbbRbkYqMlyRs7LEsAJ/fLHcl9FA0r/r0Xga8m6bP01+7KMRACoRg7KS6mvAoTwSiM0+wShr9su7t46Ut10OzkrE4XL6YSe4/PVXIyizCkJ+c40w6XSJ6KTFSkFc9V8yecrCXdXrx2sTEE1BfgFjoBlthqFIapl+Kg9BLXUjusaiMU5Je7eTzd5j9Jdc5rbWOPddh1A6ArntHpQDYvyfLM795IrFZtOrTFQQdgjzqUezxqV7q3jnxMIkAArz8M7BYlOvVBAJC9LXxx5MszDz+3Et7LZDP1DclaiutYbPyYPbrdzIRLRQk4MmJPhNuUfgHKAE0CGPg6a8ydcIljAate0CjOh9seh/lZRVhhTR8n3kgaSXUvjxcwIXdqe3hH5a9meTLXfahkJciZ0DHcGqlbYjmHtXGP7KTk+BmxVIY8BUDxYqIgZD4YmuQWGPDNpkkpEk19+QiKrhAsTmYvSVqB0lfXRQjAN2q4YKGuvlRHt4/iafc05E6jD/oSCYQYyqRajzLME9Hv/ItEENnuDEKGZ0YoXEfjj8Kdv2VM3w4/U/LFlpfuz/6FAKZUsGdRAgAB9eUxKU10cq793mHMoawUQ6AIl4/YymNWrBKosB7gcQriXQglmsspT0+EsxyDeJxuhIHGw6Wqx+okZLYHNoJTd3mmKGZF/6TsJsmc1IwDi1u1UUkLtcB+C9Vj7kPqa1M1hIGTFo2T74cUorQm660Q0AD7hL34p9//KpGy9/VpzYqWmRuV1QsgCZKJw+HxSAKDo2AXAmIZHEXJf++sEd3dvvn2ZY5MVZDWxEpj9BUcQg9ns80i6SbfgZLVk10l2SB63KgmVN2yS6r8vwgL2chUqm97x81Ag+Y8TJEJwM1dcF+AAzqHOVkvNaKAtMID1BaX34p/EEUKk+17lRWK2rr7f75JGINinuXOGTimkZf3PUVub29s7jZBfXT26rzcwfnHZl1zdDuFgDYa/UJviwpeX6+ZPQ0/aQH9h8/5EwoTDo+F4kjgpbKFfn1Jq/uHPZMMVYgDt1A7B/48PX2XDXvFgRN54M8xEpqFBZgqY/dxuAeD4MB4e8Bc14qvNy+mxLDPQucC94EWGqG4rUU3sTOuWrM8x/KbrdX/zg36xb/5dvADnFKjY7zcr6f2YMvX7X/DPIYiIwUTJHJlMMV5YekiGhGw6C65GFsSdqROW4nJWKiI6EmSn2YML2vBe1+clJVa8KjncEGEgqGR63mqTiGbF++5xiwMHZmesmQMOBkB7Rht5wOhcZRPCCdSkrKQlY5/JnpQC492VGmXRpW91OE7xR0msaqkSOzWQBVbBbjcHL0d03Lp1ifbGHQfUrgpzNqj/zNqyp4nyc+5kYotocfNQvTgQy669qs8XQF2UfYo+qactDmepv0rPJUAh2iDZNnZjl34bZoejIzPCmFg6ZDAUivg+ih1/VSWeGGaAa9y/3mFmIbm8v9qHeAQ/jotERfZEZEE9x2xxVsy0YzyClOmY2WD3sARZ5WQjLjp8DdtTx7fUotUsikYMZHVysrxzey9R/z91gZzwuxLuSFsLoZZvnyvtc/+0PbiauuwSG6QKWXamwggEp6L+8AKBLN1iA6AdGnamjiIUbFOORW00/5l0NZVe32EXXu28K7y2tRTxdgXqF9F7VeMXLj0QEDHeGqWBW1XyXDE3a6WTDmnShuUAB3o90+oipWfNHl7trgrD23oArBMm3YUV2mJJ51ha8nICcvxCzPgqrHtt9LvKZE7Ax+go7xlQoGT0jDnkb/2L4oS01MoDZPl/JbBYaLqqsQa+JgnB5C68UM/PYm4wXWRkQkO7lyIp2BHVetmPB5lVlvHebIcgOEtGvlAqI3dZsRzrQgDbaponGrrpzQMnNJpHxs1s+Fvf/HpihCb6BaTclAVo+IjgYSvgQLOu/FD6NmCHOWYnsSvq6v1eKMgV8Czmzt88ygWoELufC0PxBYScz0CbAOprtMyRVf4hX9INPvp9xU5DjzfsS8a2jDNcJGsDZJf9WI53QSR8yRZCLO3c1xrm0izhCvto+0fkLaF2IWSqlnd6+olENa/kH/kW2bTrXrEI1ozq/KXqNj7Bs/JxqzOuWTjhsAeH9FsnsSLtWZdSd+ueTH2jtirzsPKSobxNmdK07borFJOnFOesEyJbOf0NDL5DdCDrJHEgSzjufqJueaSGLS1kF5k69If+lgOsL2nr2EP1ktNCBVoPGxq9atD4klLxYtG1XQh9NossWY83OrUUoaqIrJhYcmGSMtQlQrKygClG9byiN6IAPDPGUKQWa56CpywtdwOTcmGd/pIpQKaV43WVwegSMqOo1+vIyg2cPrOxb36vdHGXC/HfkbCsBBo0JXjGS1aq7CCmjOklIxY182LQkqSIq/cqJsMOhyGCTsOtzQZKrg7GURSAvyr4IByc8jFSd281QiPEuGZ595YmFjeagVrTKtUg7t2r/+4+UYyTl3i2hf7BRqdu+vN5/agxi6564GHm5N7SVd3JPOXloH8wN7ZjU0uor/Iphsc81McUxbp2e1nVBFmFdLaUBRZUwb0yVM61jowWBEEY+acnYsfm/oy3N1DWA/tZ3b1FPsOZe6GLMEMDazb96HbcHyfZEnLVUkcgqqUPcMlFSSZ1fidGJcTb/7GPfEpuFw/4Wd6APB/CxneJZyDj351/nte/GNNEE+ivNizOlpVhEvndcnjsxTuP9qQobIOaGwRwOJjI2+bX9PZ5UgMH8b9ydImzUh8g01gtg4CUfCJcgvFJeKXemb+oVUxUXnCJs5NVHRTAtfqqldu8ByOW7DGuSRiYfknNjRYwRHZ1o6mw8d4OTK2a99yXng8Vtzu6xeobIdGIysheriwn8Xjnuv7cd0g08M/oNNksUreU+v4pLaevcmJSHcHpyHuQwDRaHE4liiDamEntqzxrMkWrZ3XFtdT4ew4fWIh0c222r1nq8Ryq2sHgmB6icqhqK4EUKRVDD+t7+13uNzfrv5uoymsbaocqW2Y2RhtPNxrZck3Li7qOxJdKL3/u5TyoPALe28BcWCL7W8pAl7HXrbqqX9TJTrgu8wbfTqHM72XyOOqQftAYDtS5LgllV7Yi2ZaS2RS1Day8vazRqgm+Njaw8OgE4Qe0RGmaa/s1hsKTA5ByMz8xucU51lyaiDo6y7tSTRzwHInJ7fR8cDPM19pJQH6u6dk23Sv2O/uDeqw9mDi3IodJmJmKcWGfZHFbIGckWXR7+EsiGVzzdwQqgLEcQIF75Y/XkQWLD64CUxyA6b+O1zTYBFLmaFMh1CiTuGutiH7Yq34cfwXyJl8Ux2ByXfk2/LbvJWCigpnkokuHyH+ZJCJsnlXWvm/olb3ghqUN6sbwsWV6XD89v9hMcUyvv/iVtHfKX9Ubc6Sqx8QiJgk7M2qoMOpNYDOOpPT9nYntMeTbZs</Value></TokenEntry></Values></UseKey><Claims><Values xmlns:q1="hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[17]"><TokenEntry><Name>SessionKey</Name><Value>aUIPQGhK5ISLHaJBMC8zl2SgLXf9BWleUPOuvW0L4RwdA2AUEB/z8en/CvVokCPwbMYhMPDXaG7uJ7+pYWt2TbhsU3fGmyV652c09/1krfrNRAmu73ReqP73jfyU7QWvW0mxQVHL94T6JlpOxo20JIGqg5YgVpcNGQ/qtYYoC7fY4+b+FQB2P0bly4VYB2yo3hXRkx8KiYWK4DOMh9laOcfKoITl+/QtfrQ8V1NHcLlAcxjxH4NYdk+vXkM1xjYypiNfeL3GBIJ3OW6r5rrsrdF80VYdjMNHieDKXHwsxU0+7VOO2/KrTVSqqePAkikYO6ZO4xpO2ziymoBZFJuYfw==</Value></TokenEntry><TokenEntry><Name>BindingType</Name><Value>VOy/Bq8wQiNy/Unj1zqFxn8+za/mgNTR7YgHvJlHlKI=</Value></TokenEntry><TokenEntry><Name>Binding</Name><Value>PuRWEfQ/PVlTPuvovFxwB9OOnXEwPaySSK5gbKfNw+WgiFuirG3PivM4l5OkfTYya3UB/n1OXqOCIj10u7i65LaPOThwcYWMI5dVMqwaKbE=</Value></TokenEntry><TokenEntry><Name>ProductKey</Name><Value>aGFPxpjegqQxEbI8sToegE56G/Q3zFhzOdp1+y+279M=</Value></TokenEntry><TokenEntry><Name>ProductKeyType</Name><Value>VOy/Bq8wQiNy/Unj1zqFxmpKue4O87t70tOL6cWVnnk=</Value></TokenEntry><TokenEntry><Name>ProductKeyActConfigId</Name><Value>oMceaxQnj0PbftA2qbHtfKYc3Qyni6yGhmFF2iTie3kJK7dJ1nrqGOSVmCgbmkx8rJsD4L4E/kpvmkGgEEmeKNlVcjWHCxJ6W83IyI7ME6s=</Value></TokenEntry><TokenEntry><Name>SppSvcVersion</Name><Value>C6okP238uhAMs/q1KIjjBg==</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.licenseCategory</Name><Value>xDAoHs5EvZI2mnABliUTr0R+xWymo1kpgi49JhLkr/Y=</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.licenseCategory</Name><Value>xDAoHs5EvZI2mnABliUTr9yTfwQzkFbLLCsIyPqYvew=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.sysprepAction</Name><Value>vLSVWXi3tWzT9fwrHNPmWA==</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.sysprepAction</Name><Value>vLSVWXi3tWzT9fwrHNPmWA==</Value></TokenEntry><TokenEntry><Name>ClientInformation</Name><Value>Gs0uaL93jGgqeEGjUhovqTh38gZgS7hfALsxrVAebbCFD+W5+fscfMb0ajFnHXbGAyd5ZvdYC5AtNq/DvDN4pA==</Value></TokenEntry><TokenEntry><Name>ReferralInformation</Name><Value>VNdszCwDGXc7OjjZIAxnNBcoCG7btLi/WRWGleDcxJXjv4WelmLv/jnpwk/WElL+pes2GggNX39MhJv+P1+VzQ==</Value></TokenEntry><TokenEntry><Name>ClientSystemTime</Name><Value>C+VdeJfI4MegWxGpSWAWSpZXmh37edZqDlpdltNkmN8=</Value></TokenEntry><TokenEntry><Name>ClientSystemTimeUtc</Name><Value>C+VdeJfI4MegWxGpSWAWSpZXmh37edZqDlpdltNkmN8=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.secureStoreId</Name><Value>EUteO5W3Ogk2pnkMjSadJqz9Pz7HoCyXgeXaKEGFNt8ILUiccFlJZI6F6p6A/Sxc</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.secureStoreId</Name><Value>EUteO5W3Ogk2pnkMjSadJqz9Pz7HoCyXgeXaKEGFNt8ILUiccFlJZI6F6p6A/Sxc</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EE7, 10:23:52:865 - <NULL>)
00010003(0x80072EE7, 10:23:52:865)
Error: (10/29/2013 10:23:02 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EE7RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8da2dfae-e4f5-4e6a-9272-96f8470e033e;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
Error: (10/29/2013 10:23:02 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EE78da2dfae-e4f5-4e6a-9272-96f8470e033e
Error: (10/29/2013 10:23:02 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EE700010001(0x00000000, 10:23:01:897 - https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail)
00020001(0x00000000, 10:23:01:928)
00030001(0x00000000, 10:23:01:928 - https://activation-v2.sls.microsoft.com)
00030002(0x00000000, 10:23:01:928 - 0)
00040001(0x00000000, 10:23:01:928 - https://activation-v2.sls.microsoft.com)
00040002(0x00000000, 10:23:01:928 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 10:23:01:928 - 0, 1)
00040006(0x00000001, 10:23:01:928 - 0, https://activation-v2.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 10:23:01:928 - 0)
00020008(0x80072EE7, 10:23:02:022 - SOAPAction: "hxxp://microsoft.com/SL/ProductActivationService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema" xmlns:soapenc="hxxp://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>ProductActivation</TokenType><RequestType>hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xmlns:q1="hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[1]"><TokenEntry><Name>PublishLicense</Name><Value>vOlc3f9KO0Cv7wwsmYQAz2qHCcG7suyIBaptwL7AVM7pbfPL8DrKQWZ2uNDQQopGphlI8jV3bzbWCY9rzpQfD3N63js1cw+zYEd41qaZAtujai4szp3qmB4e/TEyY6r3a3kcPMEP7elVkThpGZ8tY6Yl0Pz6zjik1ihnzWz4PyoVuCzXf0AfLqJ7jMyC4qqQBiYh8sz/hv6X3sKoM43Z7IE7Jp+ujx/HRgu2thq4hmmrGiv4mjmJbsOwldZN6P0TCtLllqPqMO2Fk04AB9c87NmpI99F89E6uGD1jl4dUTA7vROWIG7PN/JZteKs0nN8jlxbS4BI7LY031n72jjZXxgIUjZux9/aLYDu4vGDdjckJCzMjkcR8WhXd1iIkHUXmDPsBUrwZ94PL8Hl8HhTpeUbhn5AP+fhi2P4dDyAEouWekZdG9Wn+1be2B8O24IjcXoloHs0mr7bb/xe9S5P2eVbWKSaSE3PYjPriz4zeouFFX8E2zMiTAyp7HpALJ81T+WPkXlIbOYL9jsCOunYsLKLdGWnkWRNKeW4qyhotxb4OtmXqPvV9ItlxKbqKiBd+HSPVrX+0fUsRa2Hwe9Pn9zCITryGnVzQKZfnx0ArtZ0schwszrHOC0qBSnrZleeJzdC6/tFBdf6FdTv9vYWEzGSQXNKITQVzreZmUM+shQ8gw4yuo+HQv4c3sZJo8m2Q5jdG6xKcco1SAPq+0tX1nsvyST3CVmrSqxfIvzOrgMc2d2upqK84inuvrctzrH59OyUoYa/qlg74MR3AUZ3E1IriDflb4ZuvRb6p6kUhU9Vlv+J8Gndb/k+LLNACZcY3BFe89cfBgNrvWgw9BJg3tohlfX7PBRVubFxoUPAFIdS+qbAwc16IjQEn0snp2GLPNlLP3zWyAmo5aTueb0ZuOppgsojanU7jz/tiQBBIrBJwU9tQfT39sa1DDTY97BUmMftvfdlPyAx3vbAPZsBE5WXU9UjionKKnXlwm7Cm6qlAUpT4m7Cz1iW/kj7GxJ+lni4l2z010QgHmnAeXM2OnGCwKHvgD0PMxtzDO0PK/wcZUIcTpbe7FifPpVtKDYrvJlbRd/B4LHYayOSAb+p3V7gxt+8X63TH9WoHTUtAY6w6verKBbDDa9d2r3g8wkR9bIKvUklL1XA058eeW0FGaZQpEvUr/aANm56bj/xgB20J6usbt3V0R1vjOp4ZeYwFwfZxMYuEh4BIjGaTs+ZAIhlUzlDfi+uTX8y+A69XVXE8ib9PO8HjhinQjvIY8+ifSl2dJkSPv1tPI2p4uuT9Oar3+esjvog8STeslXuGJ17LHz61SHBENycvrDBRWH2T8La96+kKjjVOd7aORSNP7dbW9B925/O9J6qsMjjK3SvKfeSp3q4vmW3s3gcN1UMkXrnfHVTyVycJSBykQjUQbmyCTQTGzVSkDeRcfkYDat8PZqekgsHwXRLSGz9BiWj+BexiHDsSmB9MqPSERF2mYyNXMYmQDeYQ1RPI7tdZak5El7wQmc8dTmKwyEVQZT8DfnbmTYDxpfvC8NNB74+iBI3e99omMpyIGHF77u/o9L95CXYu3HKs2gqBPTOD8Jy29NQxSHMV8oo9OZZKAxeSoZiuWyxzJ1eju10KWVh/Zy1NRCGW75D3WykFMiTE7M7b9zWF62AQ2jGHboPK/VKa9NBYfLcAEZz6fk63wVb9BEOCOjCkRoSnD+mIZQOfJIpq1QbYwnZyQ0iDMntqXMyvGCkLRPQw2I6+DhQdRZOM4iTCZKEo2VoyuQzoIgw3EvrchBt2g61IrSLYT7Dytk2ywN7N36KMvl/5WduT7HKP+2DcBHlE1zl/ASyk3KFnGhgXsoSmShwVIk6kyj2Duc305NXAJDtwCRMLZ+7l9VkM8HUyd/3z9H5M61FI1ka5OjVAIKjBFWPm98xow37Ad4GqG1LVyBaekG8WNJjNtL+D/wXb6jNgksct7tNHGdus/vE2mcv1T50NuXgjFoH4gpVeZuVjf2vSfbly9O9kV00+DkUPqz5dj/T5ntmr5fTM0x6cUPygOITCoTuYPqVRe9Z0Bmxt/Hv1ZzUQGgNpmkZxm3HTRLNo/D/O3RNE0enOplrDQ6XuVaejdAoLeOfFP5BcgG5GdcTfgvmKXsL1PYxYYqYjL41H5CHpzEaOdsQ4HjcbZYd/zoiMZOOpSLSUTNpMZojzPj4bF21+RlSFo6nGXD/Qi4Ow1QftMONVx3deJfgVopFBLJ3uzo2A6Mpsze7HnMt1TOQO+4NMfvACdPtOxwA+MO96Qa7qdnOh4qk2puwABmaMw2ol9lotT2r1YsM8ZBm+jmkITULtjpLiok+Lo2SMcVSAbFePs3yMwl1Iq5XjCA5dUYtwbTrc3XpyGMGkicggGvSv51sMgqIi6IKA3HDAkk+jsTc3qiIzkeD2sgUmpyf+TxJmVsf9buxixDfORa4n8eEkhg24rE30vf+zOSSldUVKscBMUPU/M/LSf0kgi+Djj6f8tJ7JTXz5w/RNbGMFZtXbbatO2q2UBJ1roFJDfSnOC1mG6DhsHCpXSywtur15RY3MiCO2rM3WXetlf4HtrXptiaRIryFvUwu//CTkb3pVBe6baj2d7qtI4z/NRjxXlYqkxc8PxyRFke6TIkVPMe8k1vCpjJ3W2ivecdO1S2C+63HvUnqnmnJ+89WucRSpIh9uK4eB8Sq/wyMTHhzDodWtAwD8i093PRl3Yn16LsIybBBfQ+4+amZvAXo3yaDPuTHIibtoycK2V8aM5ckWzTJTopOGuNXMmy93BOGW0WQrIlF7jeN1/WGG40Ckeevr+2ghctFPYgqvjDajFv5zZOOx1e6Qx4OA6FvbuMBAFmAxElffUFF9tfzV/3PXVeNtMl+G8MxLYJOE6WAFetBIRWtlA1Pzsr/vaj2gzrTePrXxmzmFJmrt6Cc24zRM9Q9Eq3KBXMp5TOYCldbT7uyNKs6Xrp82tpE4F3/TpVeOphSjxI0mD/XUd/JIcuq5+rrJilzlzz9PBOUKw6kNj3aE0nzV9v0TOhTCNcoxKxoiQksXl9wfZXeUFrjwwWVxjPQplqNUJLll0tr/VmtDfywghw5VzOsfn49WLnY9KQ8ilSLUNQrf12sq3Dr3Q/KxWq9zvQb2Ebu5A03N6V/BsWK9LlblLQg9xb/90+mV5HZlgHCpwSaGFMEIDcREScLPZ2qyTs84rMAn2QHJ46Rg6pxgczFmcpcaWDj/AhfV37moLiKyBp4tfnXOvR35Di1jAZmkYfm5HZN8UVLEQ1M811FCA/FVZJ7jYAl+6wW5//FmhfF/XxZuC67dKY95RDKbk77NT5buGrkvLrjLTv4oYwT1+MmOAhUEALl1z5WLG7FICe6Ez8/7IlMr3zXERgnGT/IBVTzmsA9BPfeQTV6A6xf8edc+lUhnOGksW8NthFhsXKfwr+6zRGEZr4qium6WBQWRMDQPV5f7ISEB0Qh8yAUz65fj8NQHl2Q4Q66hof6UkSibuLbRZ0J6pY2m8CVpmpZlXmWs4Gkt06HI+dWpJ/R6ShxoPzrzpQ4ZDmGTI2vr/9gweeoaXhBb1cjqY8W6VlVxUfAATlcLi3MdN0uD6Ky02cX0+DYM/eYxg2sCFn/XX0XLLX7AvuzHcy0iBL52tQjpV4adZWI7ED4t9MLAEZqJo7QXlPaaAEII+w+ZG87snZdkFO9eccQcDPaMN9qlalMHHSx2pvVYhaD7W6Cv1YTFBi+vTiEMiLyHnBV14vw2MKbtNTWVGn6vtaT3Eyx9SrzAu5YdjZywxIpYrFmX8o1AoN4CVmdotEIkKoQWJHYibe1tehXXOYvnqPItw1nCW4PvjCMuas0/FjHHX5rFxIW6xhWCNT6uziCeemA7MbeSWWnJWU+t1guGFxKGa1XzFfd09rAoHiIM9Q8zmh1cX2hkT+5mRpcfPja9EazOXb7bbYj6MD/WqbJ1/vhAEF3vwQ5s9VuOlwx2dzLNblgg5t6k5MPK2Jd7ftEBuHNzzXjLNL7gka7Qcf1vYm31OG1DzQ3kzATNwfS1OmHwaAnuL6RqV/zRhjF7vyaFqC8wLJZmjldmCIqq0UJ1ldskP+ddJX5qXgZxe8XPN2k/Z4v6+jvkfY2w4HsYkbqD8jQn+DP6q3AXCuwlqZqEtmxGxVCFzy3i6apkxHajZ1RIGbiOQCT9N5fRN/d3yeclUqRNXubf6DiryoSSgQeGjtukMqMtDv+P+RnqWrIILLK7dPHu9gXbzLsUv8MyPV0QKS+Ry5SKNRNk/ZSvHdkCkpOSsWR8BmNhVJtEWT9H1N6iNhfevEmYVcDwTComkjawi9xbxTpHYKRRLbnjsZBrHjwgqHpTGJYv/ZWg1bd9FkK/oSaMheGMYKpE0CtSeqWHfJZyg9FSvdSeNkeN1O+IKfatEG5VSGXZY6b2HRNg5U/gXncyHt7yOAf7OWgiU8EuDV111FvJM1QwTfCyABKwm9FnFczbJNiSFSpilH40WELd7UJhhbw2SYqYgibtPGDHMpPaiskJgHf10M51ttBl+A9NVcxh/P1Nwa9oWQGZHmfBANEVaRsIQ9LKeNiJVKh7LXH1d2KjRI7PHGD/kLfKFbhdkZJh2FpA/orVfWPgjr2jlyew7K0mRqcRVP1laDBjbxD0uYIC8CcFyWcmR5BdW1LTtqrLTQCUmAZzJRNXDNjeHX8WHI3JW7vBr/+jUvIIPJvjFH2e7KhYMiOBOoAviJyOtAfCwWcO1jprqelTJ116tOZPMhXi437tGRQ66+ymhZgiztKu1AuPRQ7kmbO0nRkf7e5qYQyYk56QN5MEf+ernRAZ/HZnBfo/a6MMD447uKFRnYQuiicHj1ETAxHKag4AVRgkdD0xi2TJU6JQayVedd6M+i4h96IF/CN5opGrmKRTCt8hMWtDW4c/W2Mem6r6qqSqJmsY6whVEwCudA48l/wOoMCGt3tq34BK14ZqELWCzA1LT57w2UZs0vgeP8QG1bw7bl8uziz700Zydu+4MC9tpI9SX6i1WubXj5VADempevTiN/75Z5z9JCFKYl+aJMzAC+p8YhJbuaBcTAMdP4n61l+++H8JFW1JqM+WppKcpN9W+BcMEeVE0w4LHyJTTBWWZcI54TfVOV+EZdKZ2dq7e9DQFM+zZ0nGVmX2R6x/7KIoTq1kNLYf1yTdu9d/48vtl9PI8U9sa/4S3WIDDTLxhmV/tkciJ3pn5VboVNjGk9lNaY9qiIA43mx3WvqfoFh3wRIPRK3++NcDRsfo4cOGU45ciptPJOneIfHlXJ4WvA0lf8j80Xe/q18z2pbE3bdNLDf3CRrPJMOUtQi+8pYHw4dIXwoZv0c0DIxg1wiH+stQE1JNn+quAOUrQyjlSePkQ5WHNyZj1zwqCAoBCgt2HNmYOCqSeyf3DCs0mc3f0b1EItGaUTCCHW4Sa8p916beJcWzUX5uVGapX0z3idev3PI+iewpFnsnqqZ0fRpz2ZQ9WvmbUDnBo1Jf/4HDxgh4fBWgmZUE71z5O2BVrg1r8LMYq+YFkkWkld6VCSNaB75y+HYbRclaX2jY9z0buX/e5b8og9TTdyE7qlJFmpF2c2o12zbv+dIe78N7Obq0nAiX1zVF4msLg5iHvh8fpy3CxK4cMk3Ri2wvAaVSQTehiZ6BPtWZvTWeHwA0WQgXbcn/pnHpVeD5tiKmfyxzgrvOEGWkwDebnNmPUHGYGvAWYB33QdiNnoc7+sHVUb1ouavosyb+9l0z2LvwaIbvsrpE8sFI094UFBdiKQE5er8HQ5dlb9ngNffnMgBrnt8KZ0JACX6sZ9tjndzZanh1J027LMfGKKgIPvA+/gwJBrgEZdKvpnosu3ppjrnmMWo6P2eg507w4v2ijTP1Y74tEfk1hrTO3ynTWgziz1uDUtpT5KcotZ8hDlqQ1UipDrIQKsZwyrTw9KbWamkABzUIGGI9fxAS9jVQqRFrsFNVHiyJpjS3nA7njIxay2dnnQEs2pY6o2u5vz18Wd+THAiiJCzY3IuPPRe2Sy2RaWz340zRy/Z9AT0WYePlI5D0U4o6aNNfJB6sMUHqSsJxHiiPqI6dIKwUdrUxoK2sbGytsXH+ISyPy8qZNR8ebIdu/9Z+mkx2q5bbVPA6wl9muLIVIqTtt+5do5kddrW3F/VltdgPHF16JN1QrqSQ6b6dBtubU5GnxcVsJaqXP20z+Noa1MXEyqKrNVL3mr6K3575Bfu8+xVbpebFT33e1Mz0/Q8C/U1QEVEtRwzUCupYKeBCFhJi9LFQ0I7aQp5rfEXnHXWKFr459d0p/CE10xql34vOqBrO7b5kvoPnXYQf7LI0KK073xnTo+XBZEYBwqucB+SzuUGo4lqXW2+fxIaifnJUOIW/GpJc29GKAsEWP2SjdDuRvRc6kOqxEnEjx1yxAbZO9tOze1nHlBN+Z5tii8tM9sXwNiBa96XCBEKiVXTWWHkkZVi8S/p/gqnU1eIJYd/BIU4e9K05S+9o88E+3Sn/u43PEqHLSQOnKHN903/+BGUJN0FzvV0E9o7wjr0KWNWT0iS+Fb+eU7JacYYKKBb53ZBK8iN8BguHpPIZHyZ8FMq948Boeue0hMT8KthVehpi/djDYTyLbJjDsT+iil1jnP8wc4BZnZ4FOR61O4LG83YK/oIfBeFpZZm3PlrLlF/AmFPwGC9XUfmbtCPaOP3liq9d3A8566EYkW5Qw/D0UU8nnUWovysBxy0WYueDww+zX6VIUB2M9HSxABhQXtDFnMk9Z6r1o5IIhekZztFj3Z9Ogp/GiPQi/U2ePeTre2BvOIdqTKm/zztUgByIReVBnz3ZhJGP4IzzvfFRdq1KBI1ItsZeaQsiIZmeziNasJ6gDdfQ9/m7l+bkHTnnCbMjq5tKU3b0H1d2Sqmv2EycQrzHEI8nB87E9Df36AhYl+1uIqhVIXD4W7e1shY6dhUqsvuTHJ8cxOhPr61SaoKOAu7WfLJy2Vfl2ugp+20VSlJ0Dc1YKePLNgNqS6vbuBvbtL5uT52bzOgblAbU0h+u1m8e+8b3A2kwzaPXefl5VDt0/b+aadD5KAEgiYGw/LtK78T0uqDIfDGLVKLeoUjV+VWD5mftYEDd3qATs3pdZGhCGpxPOogPUzCo6Y2eJxtAelm70I99Uv5gZQncI8CwtcMaL+FGSP0dpkl1M76LXGuAHdVB+eDZrJks9y+CXkcPQ+lwFtPoHmulq/2+smM6R0G1PmAbDZ+UXvQuR19DZ2s5VjqgxT4ifQPCHWlwozgRLthxJyaBubCTWoK6Ud/HGuqXXWzy8ietY2MTv1iioKl4ucpxI5yjG1EsgN40Pg0Qbtf9ZwBdAuyKR+KFQ5+8AwQRlB7YC1aiX88QB810ocuRiV/Az8V1OQnCvrhTSbV8XH4OfaHhE4w7P6UO280StGCiQyRmv28beQKvVt8jFuatch16ipCrVjgyG0pbx7CbRsHgY09HbH2iNRZ66Qr6FDBIHIUnsKarWGfVxkMGsck0hicWNXJuzBro4QFJubqwfUGukXeAZLdS5IEEbQH3+6j0iz8PNQTH6cYbe4inxlY5Kq1zOmSvRl1erXl2Sli5pxDi3Xc53TkmcFCkdxeXQvkmDNejSwG/X73Bt33e6BcCXnxzaTfTYVBEGq4z7Ny5Ipv4eH9fHfZIHRG0yqdPULqdeX9HDj89YvFMUJz799d/B2JYsciCEdpCpMD2uKibpDaziPFT4ShtP5wW+2S0rFYCsGvWhQCGvCSqSn0bNVWaqiPbw4cb/OFXkyahARyLoEpobX5Bkaw3/hKNuYzvWTZg0hvGcLO/swUZ2dcG5Zpz24nFTXp3ZhpRsR+W33UJNC6ESAbWyS2pPpMZydkrYnRmAHbYtdMMmfP44TCieESNTEAX3Q7QYCZHQBWfSQXkDxq2LXHNhIHIb71Ih1iHCzxA/ggx3+MU1Y156JVIa3AMuIvxpPvPxuG+t4v5qN7R1etDv7GtjM947aeJb5KAgOvVAjeZEgx6uJX8msm+Al118vz+90zzZP3A/OfXtl6grwNZ+V/gMRRE+a3bGviSG+/ug3gytbB81+6DAg1GZ9yjG18RrvzHbVI6FKlYDqCuW7GT/pEvN7x1dWCniRxf2uohRgV71SvCs0B46z4xnCiWExQ6NSt/0LKN2ChaUu46CZBqOSmyju7Hwu1OQJ6SZWB1vhq6q8mnYcqYCUGsjt3HQnSpSo29QNUhhxgKRAZMAv35MKEIm8kzWdcj4hk6jk2jUYO0jNBHa3yyMmAIqS9CP+bgAW9MEAZ+b6YtavBGhJ7T6ykgzy9Lic/bch8l1ZBX3gMVI2q5u7h70vqt0y5xbyTiZHNvyeHPhMBFSfQYOZvvVEPQNoeEm8ymubFRc/73eqY+FsLedpMvow2YkDZZZaEmW6Wz6OyMwuc3aDx0f/ktW1c9xEsxj80k+GJC6sJeRQKIWrd9hf8wwWtKl5/AhD8o7Aa0k+xTEr0hZxhiTlScnb6AuWHpZPpdokE5K8j177StST77pIrOFi/O5u2GCOHsTmOgKTytBkjPcjupjyBn8DNd0+RL7WFxabrnI45vqKIpwht2gl9wNTSg6AFMszAyB4jEPhJGWzPFiWoeOt5syqVJY5dR8wHAHicXRlUBCdbVP4MdgVU3HLXzGKhSNnnn4ZI+jHAQGx4u/L7cJX2m5jiw9Wb55w9ak4Rawnagekuq2mlRwBZHZuzJdqrKp+7p5djvVrETW6KXd7egzkShoo1q8otixY+2THtSfEfGw8YZ4jXIsv83w0dRjfvjbjYtLA3OsP+eBEOfbmYPxzrDeRYyQco6CUpkFZN7pSfsAQ46lqyCASEzx03RsAloONxN0Tauol+hiaySkO8mosi+NelZ5rEMlBuBBQo6PPAKlr0k3RMWPbUcngT31qU2Kb6XAkutEU00IBQXDJOBliq5G7VH95fdeKP1a40kxPKh3YHEaKYFjDvSmmew+95Wokb1LkvSN1hjt9e8VmTH2JiR9P8xVQYxj7i1CEMr2CdiGa44iZ9XwW+jiq7+KGeULrSvUIqaiwc1LQH88u6TdcIceztHjmmTYwLF7SCAdJHmEZLyRcXNxZ3FTEZeQBljW2e+yksRiDYCfIPFTIRmbaKq7aqlZIJKa7vzrQzaD0wMNVBTlZ5p4m3/006UNm75EVl8NU7JAHjd4Kq4I0m56xL3iYOSGCulgHA1Mi4VUhHjFuKCfS3/n30HMC1+fuekhhCzpAugIBw62Y8CZqbfZEO05vpdTt8TPno0eyU32uwgicVpbvq8YP+6nlf1nLB5xUwjO0DroK2sCfuObelopg/Wnq2w1YT3GpPlgEy5vG/VGVGd2T3gdQLIKDCljLuPIhspyUgQSDu0Ver5JiI1kevSM4Kv4jh93UXsvwmzxeprF7q5iHsPdoygEDldRcEV2pWGeQg7MZFDyYmi/Iaf8/gHYPuo8xLm3sO9/TJcdamd7lQROhi4LXBOs7HjbuMXkyQjuqWgurmYt61rQSA4sgEU9bVw4FKRGsredESutnSTmy1p8DG/sYEA1leHl7OZCvQdYNFW+qNTPuBGo4FW9xVulb8JiA2vfdPEI+a23u4AYaF8NpiW+ndDrhRUCzCVcy2wq9f3Z1UdQDbp/qBgeRbr5R8ChDA/J0Y8hCUeYq1hbodgurDhmAY4kS1EtdNCm7YEbbXl5StntIa9IWPLwMP6LA8wcxCiyTjp3GuDYgZb0xdi5cRuLYnV4pFBF0shaug1gnIl5LrFQcpVJLHWmexhweJk96KFRCDmnhGLck5xKIQ4rAYGWk363L9cjfQ+DgxaXTHvvTLtHYnI95Xta94Lp/EYZN6WPOqHopYPDzSkZqlroo+ODWLNTLRcd1BIt0b4nmftV9jMARhQ3lms6DKxM+P5CAFYN2rUVr3jaNjYAkJOminClsAh0GxxBfmMdWnmZBx9hd93kPUpYiWYY8ghVOwlT8Vs9I2Sy6JCBigZU5aqQrxmhv/6wAAUxTK/xUIomaIMK0wm/cwmSRJY829EWZKspnXWAQjaJ/IvoiR5G2hMou6cdLq/ekKGWY/+P/5OgPzMt4eUTrjJh72RmDusI9N8p0rA2ETJ70IrveMfD89JKZkCcyIk5KjHUPZhJecJeNE27fMgwYlmYfByM6nw3euxv4Bv9eiVrtK2pEqrt2BjhDnMWQ6QYmNM70BsY7xOGBqJtPd1XNaHmyLmKzZgLpNklauplsb+7FezMWIu8thWenYklSibY9MBO1qhf/0urhouY4p38FujLwVA33L+OdunJNffYav1eu5gYJDtVVT2MUMJ4zoW+Xet07W0IRod1Lyg9jg3DanFxh8940K1F/UhMxqGkDJZCzICQY5YMG8rmQ/kjT3PdEnx/mPClQBBTke//PmukrYmH911J8MF5PoxHsmcxAjNlfGWcZ+X6F35SNw7EdE0dJ6ru4yQ9bjjJ2Xswj92Y1yAyN/IUURluMsJC9B2FvIPCsmHSkTbhUU/wU4YdaZ+TqG2OyFLLCnsmOcyk2OdamXtP2E6wCpSm7uQOMEcDdD4w+wUpQ5ykiRZ8u2d/TqPG6UQx3WMnRgwb00Zizp2VtEqoF4m39tN/0X9Pc2i2UTKcGYuUAmsWvYnTWnoaoRvM5BNTIfG4mR3jiQ3niFeIdGXE9d8znA1plHKmGBda/GlKjt63vkGwAA1cL1lg/Pnqvovf4SnaUP3mrIyIbZYRjT5U5wmYGXJl/3EXRuSctPezFoqCD1aiFyifeHhAbJ7T/6YNLap/Fvi9+VCDoJaFMCBLsX61nqGm3yNkmor4lI9khl6T+yWqFIXQ5xiYuMhVv0QgqXymdNCJCma6JHhuAGeh5BElVVabdiz8flrMD/WqJzbZ48FyQT7SF56oCDLCxQSwMyg8mwzPcmSKI9Eg5EiWDehz4ZX6z7w+xJqJIo+ar/KMLnghF55sJ0mGGPtq8zFw8NQ6AmOfNPhrxfMkoQzDANR7nU149lYbfK81J5FsIEM6sikMZTDmDsG6HfAI+gRSMZojMNv7avbwzDUZcYjiuaE1VB15gCKh67U21xq0zZjffO1eBmc/+1HN4xkeQTCmWSn1dcrWHuaJTOfJvNVrk48/PDPo9ETCdUoWyFR0F4SMBGgEVqodce4ZBxbxhgvwVRdGUJQlUr39r/u1jzf8jHR1bkPhE57Udev4Wc6c+f7xOw4U8IJb6DbOM19/8COUwpKQxgVC7UaqAEyBzgzu76g+6139IFazlWhgpIrLTNQNx6DCBA2hRPVR6i+ZYtzJWCEPKP8ePGVjV3wGnRkU6HNRKqC3u6XM4FqHBY1sXko1KWM0GoTWtYqMI7JfA4qumPJtUPCYpyk0Hc53G5yDHuzSe8jelsQf8kf6L8N/EsVqxrCu3L7TLmQSLKq9JGYzqXDI3QQ98yGPbfpvMTUG8crZHpnnry0ccPGfN/tKbOpkfXhJSm7NwQK1SSrsxnm5BBbF7JvJ8GAgbNTIHgbj3/ZNhm6XdP3tcJmkm/BokML1TW7KXZHolR1cms+8z3wRVAeXf4GM93zaB6uY/5LXrYPMaLNn0NwJVmVg9aPLkdbhhYiQM9jubDYo+lNi+9f/fDfyymgV/BAnfNm46ksSgtAanTAgaB/Mu3667CSHa4bF1TYcbNwCXO5Fq8gI6ZKBLphpCRmGyLLMq1z8UAYgZ7Mx49mw0kC9MlY8pCSFA5RGa/tkYwVbKmvQ3H93r44oMuJcDlY+6Vh8i7hCTJIKhLQ3E+MjGCABp9FXaO2aXk7UjAh60fJmcLCuT8n2U8k5gYrdTm/qgRvN+T6YmKKoD9JMEnbjkoW7uWgD36Zc3yv+K4xUrLoG9YvTpxSVb/KKhAHuY0L8fZpmdqIIyoTrzSdkV1Ea/7f+JAHFP0gQQ6ANWUps9Cl5BS/U1VC5bApF7Hm72ou4B8KkJWyxvy8QuizKqArMFZ8m37UeGzxjWOqkTRrOIuZ6txip0xyTgf1gASOf96l2aUthUr1bRhDk0sHvvDJsFCWM8Vnb/OM81AotayAj3BSZgllWi/lZVrW+fxeH5pj7ZCjTfGFd8qinJpqvL9A4u9RWcgoGw3fdGrSjNNEd2PnZXv3O0TwpCghl+CUpPRhosIKERsXc1IAwhjr4ZsOITde8ukmWHLwwoOYJnSJ+wYhPGozHGviMewfXKjWmFb1ahGMEDmATn4DfUgF5c0QUmYUuZFfo+sFavm/ih0VyrDQkGlDpRzYRIyKpzzbWhdOmKOax4D5TtkvowEKJSCgfhVzN0oWliGu31tNbkday+71mXJcdMjH8L8ZOoz2S7Jlo97cgdNOfLVqzsXsiy60pTflja+AMI48YSXvEJO0Wu5zH5oECcDmZc+td28FzV/lHnE64sqp7yK7l175H6rjzpWiq8V2D2rolOw20e84bAL4nl69bqG+++affgi3loNbU5+t1mV869Z970d4/yz3EEVrU/g1kF/kUpBdR4+B08xxhie7F4OVQstiODYvgaVJjyFp3F65Rl1LP+blVUxExVUk0557YoOWjW9gZI/QeiHLMBrrtTWa5QAyDGIV/ArjGXtvGzLLwouTo5Irjmyq2Zv3QP1uqLn8pndEjWSKy+2Oomaa9CdDLOMfKGPPwTg7dlu6wab8fY/u7WymMDY5DneV51SJnGjeNJM5oRs+sS2LoqsmHkoA/wYXNxqUcX7gZTaz06J3N4sn+Bz280PmQvsfBT5MQXFYaKN69TTgs3aoxT4KAzLMRwpP/YjecrF37o4u+u3L3ipJaPQeTpFvU4+14OBtrzURnM/aGSKqxBEUIaJ7LM/e7eXczxWAl8YIP5vWEZgJ5aNMifzr4HUUDlYO0/uE1UledpZOrNOeiixxKi905X6jZOZ12NfNoWGCegPMduO0lIFCIRLJnmFKVhpPm0QDy+9kE2IOmAoDkYcUOqxv0xiR8u3eupkREBi1jhVzdQLQasURddQ9yECW9oKKRKlOfCHo7H1eveqK7P84SmUbzosJbD7rnNRGhxDSCVaHOR0ewIicQS74JMDkJBAgkXKivLyOP2c+k4htJ5j5A8ZFMf5qKAfH0FQueZlA9L439OZHkU8K5JnMrinhnGL7HCkT5Le5Fxgzp6Kqu/aS16qT2HW+E1FcoDGD1ZZ9/EkS2oV7xk2zr8CrBdO/urUmjLskgHUq3mB2N8C1yr9xiHx8SNZw0VcXWaFSAeuWhblodMZ6byef6R67b6bumMgKuOsL3vdw7DSIvO1VU2LMB++chXF86MJFZ5x3WQErHLxiumu0VCMyiVvomKm0h9b70msy7XZLQRZVRuSFfaXEh4HqCiTwGvD9K8OI8bUOYOb2sHk25vLbAQ7aFyjDuNKukhLsQcr1HChO2Yv5KyEoY7Qj7sxkD/1cJuees3pp5ySqD9MQfSmW/4un4DmhSFZBfaGj2ELNKB31hl5EQPG8+IAtfb5Oc/OmJnt2HyRfgh0gT7U7c/dSfC6nO1YeYCnB7eJyNoSrDTWC/PouO1hhfmDirQusjPPqnWjxLAyfNGM7aj+CxteClsNTebsZ5L5IYvrc60iMrkW+eqM7DhXkkgB6xwB3W5hgrv1pTwREBz+oNvJKWRcSQ3pkHnEXyMSpq8Nk2Rlk5CuhCxw36O8WKYUFuhMAui+P9TIyyxig9Hl4+kXs5Od8CC10ZFJ3E3O1Cd8EHlZF7RlW9EdOb7j/HMuC/ylncKvVArgaqqgPny85skDLtNii754QSxHXeUAGdfLub2frTH0USkbbB7irx5sU8mJ/DnXEV0xWtdAVzCUwVQksbRwwG2jvQyCcZ/v4N1ZGrVNht1dZfdrgNhpSNochfhex8f88y3FBUqnBL0CpKe0rq4HPESxwYnBnYY6ETJYhApSXGUTvkQqUaOCuNBBgKVF5BJ2sYQJe5Va4HJ4Ms6M7fKMv5AvoMLiWWU4RxOI3EDLQlgQFEqNzZdhWs2eE/2yT4Q5XvVh2TdKetwjEDlrEghUudl1n4CKvzx4P4K023CTD+RcXZ5bxlpetwjCdJ32GXspRkj10iAZroVy7562boUKS5R8YDRIvEA31rlYMr6zYuN5r8ox8Ajh5BvoGT3fnIxg9HdN0Nz3BjW6Sivan8XKp6Qd/3EZswkEF4DGcK3rVpP1rglNb+FXx1daoW4GYYG+f0Y455ov/hFitbkN1PnYH9lI8W+UXROWCq1N2VbyjPP/nq7JPILy4yaqOUB82eBK3FIhLrG/OKenW3pUCT+TVd1K6ABdnCBh0+HPBY1c2bp+7ig6p5gTWWUREM2gkr/ZNXTWoQkXG5CHf3lAl0GiHzTKngYHfB4JV3Y8rMtQntipIFbJ9oZ/ZiMecV1smrjdYX77rfQz3oadKlAosEBwBEMLTcdo1PLQ7fi72xo5WGtEqSCU3ZXN+aLpGSuqlGCiQilg5Jo2yMwiqR0JNweJX1YSr5IBvx9E1q5G3e+clu0pyXqD</Value></TokenEntry></Values></UseKey><Claims><Values xmlns:q1="hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[17]"><TokenEntry><Name>SessionKey</Name><Value>Ap4pxdo5JoL1K85v8yHDQH9KzGF15IhQfMavhrypbgJNFwabrIgPJdh46yWBK4f+OJeFE695BUTr2XemX+LR8AN+fLcLjANdwY8lE1GEc278hQHIzN5H68wr+RHwPIbi9iUQr7/i2y0zlSAbeoNHLGqCdW6Kx6Gw4E7FhZgwU+djL0PA2DFkN22CymoM2SQkKSoRpbleqOQNV2BJtx2cJkp9Roj61LaSAMcHHwvoNxgnJQl8xJo7MDXgFw/B1298yZdcK+QHItfbp7lvmF/24EgedO9GTIIyZ9X7tDlWzEJdyMFDTJakQyxr93ofNZzJnoiazO3h0z8R0GVv6YrqMg==</Value></TokenEntry><TokenEntry><Name>BindingType</Name><Value>O9TqHud0siEBI12kWgtTOKNfsWbjNSEY7QjBiL700DU=</Value></TokenEntry><TokenEntry><Name>Binding</Name><Value>ECnFFhcXY6MYdejK+THVC8MWNlXuhRwO8r5bukFOTcKiEEWbSedt9qA5CSYRHib2FniP2g0UgherKUxJ1m161bu8rj9oIpsi92W7A3UE81A=</Value></TokenEntry><TokenEntry><Name>ProductKey</Name><Value>Y1J2tWLSPXUGVHtA4OWOCRVAuvW45yxqpxk2IO8dSWI=</Value></TokenEntry><TokenEntry><Name>ProductKeyType</Name><Value>O9TqHud0siEBI12kWgtTOI2kT/oI8cNXXr4NE6cxwHw=</Value></TokenEntry><TokenEntry><Name>ProductKeyActConfigId</Name><Value>EMcnc7k3D61GRyufc1jAgTIfAFVZZ8r6IaXN7VkxCERqDWOc6Q+74geRimCT7b/HNtm4aBOfp9Trhgpncu1pqQvYQR6FQ9uLq5ACMQWqhWQ=</Value></TokenEntry><TokenEntry><Name>SppSvcVersion</Name><Value>mAaDtobrQTxItlV/j9TBGw==</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.licenseCategory</Name><Value>QvR714G19yiTjJVpNKrTQu6rViLMzENl3kijOLT+0j8=</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.licenseCategory</Name><Value>QvR714G19yiTjJVpNKrTQhvcjMphDwQdNfKWfawHbtw=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.sysprepAction</Name><Value>r5Cwm7chU7I3k2jHsC9mWw==</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.sysprepAction</Name><Value>r5Cwm7chU7I3k2jHsC9mWw==</Value></TokenEntry><TokenEntry><Name>ClientInformation</Name><Value>a0NurSM6RkG48tnYogBJJhr58MffwvCNwFbmGD7yDBIYxfaVLv8ouXJ+QtPOkTMGblN9PHKIbQMT6zyWZq/bfQ==</Value></TokenEntry><TokenEntry><Name>ReferralInformation</Name><Value>ecxXrXBFtUTRj7eMYYk537DOkGdPFgCk225GAbqRoQ3nXUq4r31NWUAgPn5ZLk3Qz2q0cE7ZbJeWJ97lQOSgUg==</Value></TokenEntry><TokenEntry><Name>ClientSystemTime</Name><Value>YUcYUPLGEI/PjXfANSrcb0mLh9uWO6Ci6b2MOc9gj1Y=</Value></TokenEntry><TokenEntry><Name>ClientSystemTimeUtc</Name><Value>YUcYUPLGEI/PjXfANSrcb0mLh9uWO6Ci6b2MOc9gj1Y=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.secureStoreId</Name><Value>yZGntwOHEygvG4t6XNtxOGf4jb6ffvgzY8CJ7Dy7A9R7LBfgE0ZojJsPwjPL5XBZ</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.secureStoreId</Name><Value>yZGntwOHEygvG4t6XNtxOGf4jb6ffvgzY8CJ7Dy7A9R7LBfgE0ZojJsPwjPL5XBZ</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EE7, 10:23:02:037 - <NULL>)
00010003(0x80072EE7, 10:23:02:037)
==================== Memory info ===========================
Percentage of memory in use: 27%
Total physical RAM: 1983.55 MB
Available physical RAM: 1439.88 MB
Total Pagefile: 3135.55 MB
Available Pagefile: 2401.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1865.75 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:19.53 GB) (Free:6.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:53.71 GB) (Free:47.41 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: FFFFFFFF)
Partition 1: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=130 GB) - (Type=OF Extended)
==================== End Of Log ============================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Plogmaker (administrator) on PLOGMAKER-PC on 03-11-2013 11:39:34
Running from C:\Users\Plogmaker\Desktop
Microsoft Windows 8.1 Pro (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) D:\Programme\AntiVir\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\Programme\AntiVir\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe
(Avira Operations GmbH & Co. KG) D:\Programme\AntiVir\Avira\AntiVir Desktop\avgnt.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Avira Operations GmbH & Co. KG) D:\Programme\AntiVir\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) D:\Programme\AntiVir\Avira\AntiVir Desktop\avwebg7.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [avgnt] - D:\Programme\AntiVir\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [AVMWlanClient] - C:\Program Files\avmwlanstick\WLanGUI.exe [1454080 2006-12-28] (AVM Berlin)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] - D:\Programme\Mircosoft Office 2010\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Mircosoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Mircosoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Plogmaker\AppData\Roaming\Mozilla\Firefox\Profiles\3bywemg4.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~1\MIRCOS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - D:\PROGRA~1\MIRCOS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Plogmaker\AppData\Roaming\Mozilla\Firefox\Profiles\3bywemg4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Mozilla Firefox\firefox.exe
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; D:\Programme\AntiVir\Avira\AntiVir Desktop\sched.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Programme\AntiVir\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; D:\Programme\AntiVir\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
S3 AppReadiness; C:\Windows\system32\AppReadiness.dll [404480 2013-08-22] (Microsoft Corporation)
S3 AppXSvc; C:\Windows\system32\appxdeploymentserver.dll [1119232 2013-08-22] (Microsoft Corporation)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [356352 2006-12-28] (AVM Berlin)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [108032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\System32\GeofenceMonitorService.dll [357376 2013-08-22] (Microsoft Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Programme\Mircosoft Office 2010\Office14\GROOVE.EXE [30798512 2013-03-09] (Microsoft Corporation)
S4 MsKeyboardFilter; C:\Windows\System32\KeyboardFilterSvc.dll [75104 2013-08-22] (Microsoft Corporation)
R3 NcbService; C:\Windows\System32\ncbservice.dll [124928 2013-08-22] (Microsoft Corporation)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
S3 smphost; C:\Windows\System32\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 vmicguestinterface; C:\Windows\System32\ICSvc.dll [417792 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1174016 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R0 acpiex; C:\Windows\System32\Drivers\acpiex.sys [61280 2013-08-22] (Microsoft Corporation)
S3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [9216 2013-08-22] (Microsoft Corporation)
S3 acpitime; C:\Windows\System32\drivers\acpitime.sys [8704 2013-08-22] (Microsoft Corporation)
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [773472 2013-08-22] (PMC-Sierra)
R1 ahcache; C:\Windows\System32\DRIVERS\ahcache.sys [63488 2013-08-22] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137208 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [67680 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 BasicDisplay; C:\Windows\System32\drivers\BasicDisplay.sys [43520 2013-08-22] (Microsoft Corporation)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2013-08-22] (Microsoft Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [16088 2013-08-13] (Windows (R) Win 7 DDK provider)
R0 CLFS; C:\Windows\System32\drivers\CLFS.sys [284000 2013-08-22] (Microsoft Corporation)
R3 FETNDIS; C:\Windows\system32\DRIVERS\fetn63.sys [47616 2013-06-18] (VIA Technologies, Inc. )
R3 FWLANUSB; C:\Windows\system32\DRIVERS\fwlanusb.sys [265088 2006-12-28] (AVM GmbH)
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
S3 iaioi2c; C:\Windows\System32\drivers\iaioi2c.sys [61936 2013-07-23] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [524784 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [36192 2013-08-22] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [19680 2013-08-22] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [68960 2013-08-22] (LSI Corporation)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [13312 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [72192 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [119648 2013-08-22] (Microsoft Corporation)
R1 ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [47456 2013-08-22] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [23904 2013-08-22] (Microsoft Corporation)
R3 VIAudio; C:\Windows\system32\drivers\ac97via.sys [68096 2008-01-19] (VIA Technologies, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
NETSVC: lfsvc -> C:\Windows\System32\GeofenceMonitorService.dll (Microsoft Corporation)
NETSVC: MsKeyboardFilter -> C:\Windows\System32\KeyboardFilterSvc.dll (Microsoft Corporation)
==================== One Month Created Files and Folders ========
2013-11-03 11:39 - 2013-11-03 11:39 - 00000000 ____D C:\FRST
2013-11-03 11:38 - 2013-11-03 11:38 - 01089445 _____ (Farbar) C:\Users\Plogmaker\Desktop\FRST.exe
2013-11-02 09:32 - 2013-11-02 09:32 - 01060070 _____ C:\Users\Plogmaker\Desktop\adwcleaner-3.010.exe
2013-11-02 09:00 - 2013-11-02 09:00 - 00000000 ____D C:\Users\Plogmaker\AppData\Roaming\Malwarebytes
2013-11-02 08:58 - 2013-11-02 08:58 - 00003284 _____ C:\Users\Plogmaker\Desktop\HitmanPro_20131102_0858.log
2013-11-02 08:56 - 2013-11-02 08:59 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-02 08:55 - 2013-11-02 08:55 - 00001079 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-02 08:55 - 2013-11-02 08:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-02 08:55 - 2013-11-02 08:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-02 08:55 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-11-02 08:50 - 2013-11-02 08:50 - 09452704 _____ (SurfRight B.V.) C:\Users\Plogmaker\Desktop\HitmanPro.exe
2013-11-01 17:34 - 2013-11-01 17:34 - 00000000 ____D C:\Users\Plogmaker\AppData\Roaming\WinRAR
2013-11-01 17:33 - 2013-11-01 17:33 - 00000000 ____D C:\Users\Plogmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-11-01 15:34 - 2013-11-01 15:34 - 00602112 _____ (OldTimer Tools) C:\Users\Plogmaker\Desktop\OTL.exe
2013-10-31 17:36 - 2013-10-31 17:36 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-10-31 17:36 - 2013-10-31 17:36 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-10-31 17:28 - 2013-10-31 17:28 - 00000000 ___RD C:\WINDOWS\BrowserChoice
2013-10-31 15:55 - 2013-09-26 11:09 - 17143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-10-31 15:53 - 2013-09-26 08:42 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-10-31 15:52 - 2013-09-26 09:35 - 02166272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-10-31 15:52 - 2013-09-26 09:23 - 04240384 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-10-31 15:52 - 2013-09-26 07:47 - 01818112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-10-31 15:52 - 2013-09-26 07:40 - 01143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-10-31 15:51 - 2013-09-26 09:24 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2013-10-31 15:46 - 2013-09-29 08:48 - 01380632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-10-31 15:46 - 2013-09-29 08:48 - 01270640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-10-31 15:46 - 2013-09-29 08:48 - 01261320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-10-31 15:46 - 2013-09-29 08:48 - 01159080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-10-31 15:37 - 2013-10-23 09:59 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2013-10-31 15:36 - 2013-10-03 13:54 - 01306968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-10-31 15:36 - 2013-10-03 13:54 - 00320856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-10-31 15:36 - 2013-10-03 13:53 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-10-31 15:36 - 2013-10-03 13:53 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-10-31 15:36 - 2013-10-03 10:07 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-10-31 15:36 - 2013-10-03 10:02 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2013-10-31 15:36 - 2013-10-02 10:47 - 01018960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2013-10-31 15:36 - 2013-10-01 04:36 - 00977408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2013-10-29 12:30 - 2013-10-29 12:30 - 00001562 _____ C:\Users\Plogmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Herunterfahren.lnk
2013-10-29 12:24 - 2013-09-29 04:50 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-10-29 12:24 - 2013-09-29 04:44 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2013-10-29 12:24 - 2013-09-29 04:28 - 00698880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-10-29 12:23 - 2013-10-29 12:30 - 00001354 _____ C:\Users\Plogmaker\Desktop\Herunterfahren.lnk
2013-10-29 11:36 - 2013-10-29 11:36 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-29 11:29 - 2013-10-29 11:29 - 00000000 ____D C:\WINDOWS\PCHEALTH
2013-10-29 11:29 - 2013-10-29 11:29 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-10-29 11:29 - 2013-10-29 11:29 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-10-29 11:29 - 2013-10-29 11:29 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-10-29 11:26 - 2013-10-29 11:26 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-10-29 11:25 - 2013-10-31 17:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-29 11:25 - 2013-10-29 11:25 - 00000000 ____D C:\Users\Plogmaker\AppData\Local\Microsoft Help
2013-10-29 11:16 - 2013-10-29 11:16 - 00000424 _____ C:\Users\Plogmaker\Desktop\Plogmaker-PC.lnk
2013-10-29 11:15 - 2013-10-29 11:15 - 00000977 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-29 11:15 - 2013-10-29 11:15 - 00000000 ____D C:\Program Files\CCleaner
2013-10-29 11:12 - 2013-10-29 11:12 - 00000000 ____D C:\Users\Plogmaker\AppData\Roaming\Macromedia
2013-10-29 11:12 - 2013-10-29 11:12 - 00000000 ____D C:\Users\Plogmaker\AppData\Local\Macromedia
2013-10-29 11:11 - 2013-10-29 11:11 - 00002009 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-10-29 11:11 - 2013-10-29 11:11 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-29 11:11 - 2013-10-29 11:11 - 00000000 ____D C:\Program Files\Adobe
2013-10-29 11:10 - 2013-10-29 11:11 - 00000000 ____D C:\ProgramData\Adobe
2013-10-29 11:08 - 2013-11-02 09:14 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-29 11:07 - 2013-10-29 11:12 - 00000000 ____D C:\Users\Plogmaker\AppData\Local\Adobe
2013-10-29 11:06 - 2013-10-29 11:06 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-10-29 11:06 - 2013-10-29 11:06 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-10-29 11:06 - 2013-10-29 11:06 - 00000000 ____D C:\Program Files\MSBuild
2013-10-29 11:04 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2013-10-29 11:04 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-29 11:04 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2013-10-29 10:59 - 2013-10-29 11:00 - 02959376 _____ (Microsoft Corporation) C:\Users\Plogmaker\Downloads\dotnetfx35setup.exe
2013-10-29 10:53 - 2013-10-29 10:53 - 00000000 ____D C:\Users\Plogmaker\Documents\Verkaufe
2013-10-29 10:53 - 2013-10-29 10:53 - 00000000 ____D C:\Users\Plogmaker\Documents\Tini
2013-10-29 10:53 - 2013-10-29 10:53 - 00000000 ____D C:\Users\Plogmaker\Documents\Schule
2013-10-29 10:53 - 2013-10-29 10:53 - 00000000 ____D C:\Users\Plogmaker\Documents\Heike
2013-10-29 10:53 - 2013-10-29 10:53 - 00000000 ____D C:\Users\Plogmaker\Documents\Fußball
2013-10-29 10:53 - 2013-10-29 10:53 - 00000000 ____D C:\Users\Plogmaker\Documents\Feiern und Feste
2013-10-29 10:51 - 2013-10-29 11:02 - 00000000 ____D C:\Users\Plogmaker\AppData\Local\Mozilla
2013-10-29 10:51 - 2013-10-29 10:51 - 00000000 ____D C:\Users\Plogmaker\AppData\Roaming\Mozilla
2013-10-29 10:50 - 2013-10-29 10:50 - 00000774 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-29 10:50 - 2013-10-29 10:50 - 00000000 ____D C:\ProgramData\Mozilla
2013-10-29 10:50 - 2013-10-29 10:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-29 10:41 - 2013-10-29 10:41 - 00014036 _____ C:\WINDOWS\avmacc.log
2013-10-29 10:41 - 2013-10-29 10:41 - 00006054 _____ C:\WINDOWS\avmadd321.log
2013-10-29 10:41 - 2013-10-29 10:41 - 00004500 _____ C:\WINDOWS\avmsetup.log
2013-10-29 10:41 - 2013-10-29 10:41 - 00003842 _____ C:\WINDOWS\avminstcli.log
2013-10-29 10:41 - 2013-10-29 10:41 - 00002210 _____ C:\WINDOWS\avmadd32.log
2013-10-29 10:41 - 2013-10-29 10:41 - 00000000 ____D C:\Users\Plogmaker\AppData\Roaming\Avira
2013-10-29 10:41 - 2013-10-29 10:41 - 00000000 ____D C:\Program Files\avmwlanstick
2013-10-29 10:41 - 2006-12-28 00:02 - 00074240 _____ (AVM Berlin) C:\WINDOWS\system32\fwlanci.org
2013-10-29 10:35 - 2013-10-29 10:35 - 00001029 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-29 10:35 - 2013-10-29 10:35 - 00000000 ____D C:\ProgramData\Avira
2013-10-29 10:35 - 2013-10-10 19:14 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-10-29 10:35 - 2013-10-10 19:14 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-10-29 10:35 - 2013-10-10 19:14 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-10-29 10:35 - 2013-10-10 19:14 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2013-10-29 10:35 - 2013-10-10 19:14 - 00028520 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2013-10-29 10:27 - 2013-10-29 10:27 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-10-28 19:43 - 2013-10-29 13:58 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-28 19:42 - 2013-10-28 19:52 - 00000000 ____D C:\Users\Plogmaker
2013-10-28 19:42 - 2013-10-28 19:42 - 00001450 _____ C:\Users\Plogmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-28 19:42 - 2013-10-28 19:42 - 00000020 ___SH C:\Users\Plogmaker\ntuser.ini
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 _SHDL C:\Users\Plogmaker\Startmenü
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 _SHDL C:\Users\Plogmaker\Netzwerkumgebung
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 _SHDL C:\Users\Plogmaker\Druckumgebung
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 _SHDL C:\Users\Plogmaker\Documents\Eigene Musik
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 _SHDL C:\Users\Plogmaker\Documents\Eigene Bilder
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 _SHDL C:\Users\Plogmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 _SHDL C:\Users\Plogmaker\AppData\Local\Verlauf
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 ____D C:\WINDOWS\CSC
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 ____D C:\Users\Plogmaker\AppData\Roaming\Adobe
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 ____D C:\Users\Plogmaker\AppData\Local\VirtualStore
2013-10-28 19:42 - 2013-08-22 09:17 - 00000000 ___RD C:\Users\Plogmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-10-28 19:42 - 2013-08-22 09:17 - 00000000 ___RD C:\Users\Plogmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-28 19:42 - 2013-08-22 09:17 - 00000000 ___RD C:\Users\Plogmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-10-28 19:42 - 2013-08-22 09:17 - 00000000 ____D C:\Users\Plogmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-28 19:38 - 2013-11-02 09:33 - 01352070 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-10-28 19:30 - 2013-10-29 10:41 - 00011515 _____ C:\WINDOWS\avmfwlanci.log
2013-10-28 19:29 - 2013-11-02 09:21 - 00101386 _____ C:\WINDOWS\PFRO.log
2013-10-28 19:28 - 2013-10-28 19:53 - 00000000 ___DC C:\WINDOWS\Panther
2013-10-28 19:24 - 2013-11-01 15:50 - 00000000 ____D C:\Windows.old
2013-10-28 19:24 - 2013-10-28 19:24 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2013-10-24 10:40 - 2013-10-24 10:46 - 00000000 ____D C:\AdwCleaner
==================== One Month Modified Files and Folders =======
2013-11-03 11:39 - 2013-11-03 11:39 - 00000000 ____D C:\FRST
2013-11-03 11:38 - 2013-11-03 11:38 - 01089445 _____ (Farbar) C:\Users\Plogmaker\Desktop\FRST.exe
2013-11-03 11:35 - 2013-08-22 08:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-02 09:33 - 2013-10-28 19:38 - 01352070 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-02 09:33 - 2013-08-22 07:13 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-11-02 09:32 - 2013-11-02 09:32 - 01060070 _____ C:\Users\Plogmaker\Desktop\adwcleaner-3.010.exe
2013-11-02 09:21 - 2013-10-28 19:29 - 00101386 _____ C:\WINDOWS\PFRO.log
2013-11-02 09:14 - 2013-10-29 11:08 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-02 09:00 - 2013-11-02 09:00 - 00000000 ____D C:\Users\Plogmaker\AppData\Roaming\Malwarebytes
2013-11-02 09:00 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\system32\sru
2013-11-02 08:59 - 2013-11-02 08:56 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-02 08:58 - 2013-11-02 08:58 - 00003284 _____ C:\Users\Plogmaker\Desktop\HitmanPro_20131102_0858.log
2013-11-02 08:55 - 2013-11-02 08:55 - 00001079 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-02 08:55 - 2013-11-02 08:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-02 08:55 - 2013-11-02 08:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-02 08:50 - 2013-11-02 08:50 - 09452704 _____ (SurfRight B.V.) C:\Users\Plogmaker\Desktop\HitmanPro.exe
2013-11-01 17:34 - 2013-11-01 17:34 - 00000000 ____D C:\Users\Plogmaker\AppData\Roaming\WinRAR
2013-11-01 17:33 - 2013-11-01 17:33 - 00000000 ____D C:\Users\Plogmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-11-01 15:56 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\rescache
2013-11-01 15:50 - 2013-10-28 19:24 - 00000000 ____D C:\Windows.old
2013-11-01 15:49 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-11-01 15:34 - 2013-11-01 15:34 - 00602112 _____ (OldTimer Tools) C:\Users\Plogmaker\Desktop\OTL.exe
2013-10-31 17:51 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\system32\de-DE
2013-10-31 17:51 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\Camera
2013-10-31 17:42 - 2013-10-29 11:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-31 17:42 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-10-31 17:36 - 2013-10-31 17:36 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-10-31 17:36 - 2013-10-31 17:36 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-10-31 17:28 - 2013-10-31 17:28 - 00000000 ___RD C:\WINDOWS\BrowserChoice
2013-10-31 17:26 - 2013-08-22 09:17 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-10-29 13:58 - 2013-10-28 19:43 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-29 12:37 - 2013-08-22 07:21 - 00000000 ___RD C:\Users\Public
2013-10-29 12:33 - 2013-08-22 08:22 - 00399840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-29 12:30 - 2013-10-29 12:30 - 00001562 _____ C:\Users\Plogmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Herunterfahren.lnk
2013-10-29 12:30 - 2013-10-29 12:23 - 00001354 _____ C:\Users\Plogmaker\Desktop\Herunterfahren.lnk
2013-10-29 12:30 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\WinStore
2013-10-29 11:36 - 2013-10-29 11:36 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-29 11:29 - 2013-10-29 11:29 - 00000000 ____D C:\WINDOWS\PCHEALTH
2013-10-29 11:29 - 2013-10-29 11:29 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-10-29 11:29 - 2013-10-29 11:29 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-10-29 11:29 - 2013-10-29 11:29 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-10-29 11:29 - 2013-08-22 09:17 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-10-29 11:26 - 2013-10-29 11:26 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-10-29 11:26 - 2013-08-22 16:02 - 00000000 ____D C:\WINDOWS\ShellNew
2013-10-29 11:25 - 2013-10-29 11:25 - 00000000 ____D C:\Users\Plogmaker\AppData\Local\Microsoft Help
2013-10-29 11:16 - 2013-10-29 11:16 - 00000424 _____ C:\Users\Plogmaker\Desktop\Plogmaker-PC.lnk
2013-10-29 11:15 - 2013-10-29 11:15 - 00000977 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-29 11:15 - 2013-10-29 11:15 - 00000000 ____D C:\Program Files\CCleaner
2013-10-29 11:12 - 2013-10-29 11:12 - 00000000 ____D C:\Users\Plogmaker\AppData\Roaming\Macromedia
2013-10-29 11:12 - 2013-10-29 11:12 - 00000000 ____D C:\Users\Plogmaker\AppData\Local\Macromedia
2013-10-29 11:12 - 2013-10-29 11:07 - 00000000 ____D C:\Users\Plogmaker\AppData\Local\Adobe
2013-10-29 11:11 - 2013-10-29 11:11 - 00002009 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-10-29 11:11 - 2013-10-29 11:11 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-29 11:11 - 2013-10-29 11:11 - 00000000 ____D C:\Program Files\Adobe
2013-10-29 11:11 - 2013-10-29 11:10 - 00000000 ____D C:\ProgramData\Adobe
2013-10-29 11:06 - 2013-10-29 11:06 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-10-29 11:06 - 2013-10-29 11:06 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-10-29 11:06 - 2013-10-29 11:06 - 00000000 ____D C:\Program Files\MSBuild
2013-10-29 11:06 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\system32\MUI
2013-10-29 11:02 - 2013-10-29 10:51 - 00000000 ____D C:\Users\Plogmaker\AppData\Local\Mozilla
2013-10-29 11:01 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\system32\restore
2013-10-29 11:00 - 2013-10-29 10:59 - 02959376 _____ (Microsoft Corporation) C:\Users\Plogmaker\Downloads\dotnetfx35setup.exe
2013-10-29 10:53 - 2013-10-29 10:53 - 00000000 ____D C:\Users\Plogmaker\Documents\Verkaufe
2013-10-29 10:53 - 2013-10-29 10:53 - 00000000 ____D C:\Users\Plogmaker\Documents\Tini
2013-10-29 10:53 - 2013-10-29 10:53 - 00000000 ____D C:\Users\Plogmaker\Documents\Schule
2013-10-29 10:53 - 2013-10-29 10:53 - 00000000 ____D C:\Users\Plogmaker\Documents\Heike
2013-10-29 10:53 - 2013-10-29 10:53 - 00000000 ____D C:\Users\Plogmaker\Documents\Fußball
2013-10-29 10:53 - 2013-10-29 10:53 - 00000000 ____D C:\Users\Plogmaker\Documents\Feiern und Feste
2013-10-29 10:51 - 2013-10-29 10:51 - 00000000 ____D C:\Users\Plogmaker\AppData\Roaming\Mozilla
2013-10-29 10:51 - 2013-08-22 08:23 - 00009518 _____ C:\WINDOWS\setupact.log
2013-10-29 10:50 - 2013-10-29 10:50 - 00000774 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-29 10:50 - 2013-10-29 10:50 - 00000000 ____D C:\ProgramData\Mozilla
2013-10-29 10:50 - 2013-10-29 10:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-29 10:41 - 2013-10-29 10:41 - 00014036 _____ C:\WINDOWS\avmacc.log
2013-10-29 10:41 - 2013-10-29 10:41 - 00006054 _____ C:\WINDOWS\avmadd321.log
2013-10-29 10:41 - 2013-10-29 10:41 - 00004500 _____ C:\WINDOWS\avmsetup.log
2013-10-29 10:41 - 2013-10-29 10:41 - 00003842 _____ C:\WINDOWS\avminstcli.log
2013-10-29 10:41 - 2013-10-29 10:41 - 00002210 _____ C:\WINDOWS\avmadd32.log
2013-10-29 10:41 - 2013-10-29 10:41 - 00000000 ____D C:\Users\Plogmaker\AppData\Roaming\Avira
2013-10-29 10:41 - 2013-10-29 10:41 - 00000000 ____D C:\Program Files\avmwlanstick
2013-10-29 10:41 - 2013-10-28 19:30 - 00011515 _____ C:\WINDOWS\avmfwlanci.log
2013-10-29 10:35 - 2013-10-29 10:35 - 00001029 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-29 10:35 - 2013-10-29 10:35 - 00000000 ____D C:\ProgramData\Avira
2013-10-29 10:27 - 2013-10-29 10:27 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-10-28 19:53 - 2013-10-28 19:28 - 00000000 ___DC C:\WINDOWS\Panther
2013-10-28 19:52 - 2013-10-28 19:42 - 00000000 ____D C:\Users\Plogmaker
2013-10-28 19:50 - 2013-08-22 09:17 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2013-10-28 19:45 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\FileManager
2013-10-28 19:42 - 2013-10-28 19:42 - 00001450 _____ C:\Users\Plogmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-28 19:42 - 2013-10-28 19:42 - 00000020 ___SH C:\Users\Plogmaker\ntuser.ini
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 _SHDL C:\Users\Plogmaker\Startmenü
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 _SHDL C:\Users\Plogmaker\Netzwerkumgebung
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 _SHDL C:\Users\Plogmaker\Druckumgebung
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 _SHDL C:\Users\Plogmaker\Documents\Eigene Musik
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 _SHDL C:\Users\Plogmaker\Documents\Eigene Bilder
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 _SHDL C:\Users\Plogmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 _SHDL C:\Users\Plogmaker\AppData\Local\Verlauf
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 ____D C:\WINDOWS\CSC
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 ____D C:\Users\Plogmaker\AppData\Roaming\Adobe
2013-10-28 19:42 - 2013-10-28 19:42 - 00000000 ____D C:\Users\Plogmaker\AppData\Local\VirtualStore
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-10-28 19:38 - 2013-10-28 19:38 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-10-28 19:38 - 2013-08-22 09:17 - 00000000 ____D C:\Program Files\Windows NT
2013-10-28 19:38 - 2013-08-22 07:21 - 00000000 __RHD C:\Users\Default
2013-10-28 19:32 - 2013-08-22 09:18 - 00001720 _____ C:\WINDOWS\DtcInstall.log
2013-10-28 19:32 - 2009-11-10 19:58 - 00000000 __SHD C:\Recovery
2013-10-28 19:24 - 2013-10-28 19:24 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2013-10-28 19:24 - 2013-08-22 09:17 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2013-10-28 19:24 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\system32\Recovery
2013-10-28 19:01 - 2009-11-10 17:36 - 00008192 __RSH C:\BOOTSECT.BAK
2013-10-24 10:46 - 2013-10-24 10:40 - 00000000 ____D C:\AdwCleaner
2013-10-23 09:59 - 2013-10-31 15:37 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2013-10-10 19:14 - 2013-10-29 10:35 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-10-10 19:14 - 2013-10-29 10:35 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-10-10 19:14 - 2013-10-29 10:35 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-10-10 19:14 - 2013-10-29 10:35 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2013-10-10 19:14 - 2013-10-29 10:35 - 00028520 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\ssmdrv.sys
Some content of TEMP:
====================
C:\Users\Plogmaker\AppData\Local\Temp\avgnt.exe
C:\Users\Plogmaker\AppData\Local\Temp\ose00000.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2013-08-22 03:06] - [2013-08-22 06:25] - 2063408 ____A (Microsoft Corporation) 2CA8E3C9335C3C8BAEB335345E48364D
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-28 19:29
==================== End Of Log ============================
|
|
| Themen zu Trojaner Mediyes.Gen |
| 100%, antivir, aufzusetzen, erfahrung, erhalte, erneute, falsch, gesurft, ide, installier, installierte, mediyes, mediyes.gen, neu, nichts, nutzer, plagegeist, plötzlich, rechner, schädling, spiel, systemcheck, troja, trojaner, trojaner mediyes.gen, trojaner meldung, verschwunden, verändert, virus, windows |
Hybrid-Darstellung
