Trojan:Win32/Xadupi

burningice · 08.06.2016, 19:46

Schritt: 1
Öffne wieder FRST und kopiere das folgende in das weiße Feld:

Code:

ATTFilter

YAC

Drücke dann auf dem Button "Registry-Suche".

Es wird eine Search.txt erstellt werden, bitte poste diese wieder hier.

Schritt: 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hinweis: Dieser Scan kann schon einmal mehrere Stunden dauern...

Caroblue · 09.06.2016, 12:16

Schritt 1 erster Teil:

Code:

ATTFilter

Farbar Recovery Scan Tool (x64) Version:07-06-2016
durchgeführt von lucted (2016-06-09 13:09:36)
Gestartet von C:\Users\lucted\Trojaner-Board#
Start-Modus: Normal

================== Registry-Suche: "YAC" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\ProgID]
""="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\VersionIndependentProgID]
""="X509Enrollment.CX509EnrollmentPolicyActiveDirectory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:|Program Files (x86)|Microsoft Silverlight|5.1.30514.0|ca|Microsoft.VisualBasic.resources.dll]
"Microsoft.VisualBasic.resources,culture="ca",fileVersion="5.1.30514.0",processorArchitecture="MSIL",publicKeyToken="31bf3856ad364e35",version="5.0.5.0""="3PgDT0$gy?~Dc}DI]?&!Complete5.1.30514.0>g'{W6F'x,9vJe7OsknI%
3PgDT0$gy?~Dc}DI]?&!Complete5.1.30514.0>YaC`T(JW09yvA,gZ?G}c"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0220BB94-AF33-412C-A1AC-B1C0489198D8}]
""="INVPropertyActionList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2FE9F084-1511-3052-BE7C-9010B522C10E}]
""="_QueryAccessibilityHelpEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{39D1AE9A-CD84-4141-B7DC-D2FE52FE31C4}]
""="INVPropertyAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3CD63077-A08C-481A-93EB-C5D7568AE886}]
""="__x_Windows_CInternal_CSettingSync_CINotifyAccountChange"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7197B56B-5FA1-31EF-B38B-62FEE737277F}]
""="IContextPropertyActivator"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{72D2B858-9C0E-4D5F-A443-3E03C9E8CA6D}]
""="INVRegistryAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C84650E2-FCB3-435B-AEE4-13FD49C3BF5D}]
""="__x_Windows_CUI_CCore_CIAcceleratorKeyActivatedEventHandler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CFDE84A5-9FCC-4BED-80A7-9DBFA0DC1102}]
""="INVStandardPropertyAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}]
""="_MyAccountCommand"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{BA99AE52-D539-362F-B78C-4E84C14158BF}\2.0.0.0]
"Class"="System.Security.Permissions.SecurityAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{BA99AE52-D539-362F-B78C-4E84C14158BF}\4.0.0.0]
"Class"="System.Security.Permissions.SecurityAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\ProgID]
""="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\VersionIndependentProgID]
""="X509Enrollment.CX509EnrollmentPolicyActiveDirectory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0006302D-0000-0000-C000-000000000046}]
""="_PropertyAccessor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0220BB94-AF33-412C-A1AC-B1C0489198D8}]
""="INVPropertyActionList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2FE9F084-1511-3052-BE7C-9010B522C10E}]
""="_QueryAccessibilityHelpEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{39D1AE9A-CD84-4141-B7DC-D2FE52FE31C4}]
""="INVPropertyAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3CD63077-A08C-481A-93EB-C5D7568AE886}]
""="__x_Windows_CInternal_CSettingSync_CINotifyAccountChange"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7197B56B-5FA1-31EF-B38B-62FEE737277F}]
""="IContextPropertyActivator"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{72D2B858-9C0E-4D5F-A443-3E03C9E8CA6D}]
""="INVRegistryAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C84650E2-FCB3-435B-AEE4-13FD49C3BF5D}]
""="__x_Windows_CUI_CCore_CIAcceleratorKeyActivatedEventHandler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CFDE84A5-9FCC-4BED-80A7-9DBFA0DC1102}]
""="INVStandardPropertyAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CX509EnrollmentPolicyActiveDirectory]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CX509EnrollmentPolicyActiveDirectory\CurVer]
""="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{0006302D-0000-0000-C000-000000000046}]
""="_PropertyAccessor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F00000000000000000F01FEC\Features]
"OneNoteFiles"="AsUCo4vN.=Vo-%cn8$Ka]Tp^st!0?=P=G9Y6WNOVWCP'kxtTZ8t8tY^,VUZKM1iNqV,E`?8[NwYd!*tnx-Yb^=w'z@'nE~DV'dI?z+7Jkmy+x=E*zDA%@U,oDGvkRr9rN?4S8?T_0jM''owU$mTk'@arP=8QaN4@UEge80ngu=z$o^yaCg?U)$NF^[TT29iZWWdLiksS{KPImn7Zt@q9Lh7r^80bBrfqHmX{G@w7YOUrJ,'Pz{W~vR(S&?yF9'ObjRxihTrbC6[(t=5tgYGM&dBr=7pIBRve^?Gva,Ei550^PSk@Eg6j{8U{IXhksZ8cPxo=P+G$$=bE.xf'!B^n$7()mLYP8@ar$(,I*IHRK'N~o?v')?^l`V%RY}qDEG2M)Rjq8Ax4AIL^l.DxpDM!Y)r}==m+bv2J&l`j4N+b7jL,0A0]}hxYWh-3(z9$p[NLI@uqrn=Rv-rS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\DataProtection]
"AllowDirectMemoryAccess"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DataProtection\AllowDirectMemoryAccess]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech_OneCore\Settings]
"PrivacyPolicyAcceptance"="2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\051BEB0D640249F4EAB7AE677752296F\Features]
"Common_PPPFiles32"=")2F9[qM8RGDpH8$gpF[mFZQQE,lNmQw,tN%lgL2ny9ds50YXj?1l^[GLXVL^bo7*0`^X(=7qsiR3}=UMgns^uOkV_=Yb&i962,H+}Ylflr!O.A@pnOu{6}[RJ+]msmTyL?Ar2vY&i1J]QDQl,JA~Y=K&va+F?EG.uHRYdz){,?3ny7DgKgFJHO&3*rOC'?,,ZMpH60Wdiv$5*gCH99hQ{+c7Y^(X*SyrQdH([=w?g~z(drHm)rH)&5l2^@Se`LYHFmpnLiQF@k_R=@v'IXpyiQ%@YtAq*q)4j?{cpDQYP)Ze&0}&jh-ex@C0X!YVT}35E(Jp(2sX2?FgulYCVP!nu^d5Ar`pX8=H&eqMHpCBwIrZ*]1@h=RbR+*90YP`z^j{&Uw%x@)!GM6*Z99N$yJn1oMEV=qzGT'x8wE!Y.9Oz~Oex9]W@9zT7QMN!rZ3fbc0?9i'Ejy&fyvq(oy9CBck+9C@&XTRwf)q'}E%mHVS@@`og6.JSLcg2!E=v+XGA9i*I.Z*`-GL&FgW10{ug@F8_KeC0Liu!S].us&%i@GX.t51=U~8P~2+ptr%D9FWMp*pI)`F3gq5[S0T3?y5MYUWC~uqLpm}AjBo7Ar5.uYIirptJ.s`nbk!o845.H'A!e1?P@B6r5Kp79(v]d]1b4G=qn99Z'15J?b?3[7icY6FK@6yyyw8!?FrylySdQ{PBzH,yc=uB2&S3vZz'7!`c,IYm_KAfNa$]fJ.9Oa]TGar@%r0eK^V!*?0h}'h&z6Mvj%&**RV9g[(oqe1(1izNBKUPn+m'EG)RV43sU8@PO'J%{wlsrHH6Me5EDLxnIvvf)VqjnfK}sd8zjmC1Of%?dLM3+?N{B!pht4xv4}}e9a!giq+%aN0CK'(tRiNOxDf24+q2KMji%kIZyaCVfLI8R]dK(5ISRv@'qo6$[^NYoNOaqlnj%0fADfmkF1-ww298cI[q[f.{0C*KEgvjE2Yx2G0wggL^V')d-~~lq=x!.h(xgsVp?-H6Fd!Ojd7Gh%r+Xn^iJ&MH^8m8RcY`m?LEHNNnRHwkq0_CNHjQnt'ri-R-bM`OuZ1*'ieW1yzacCuO2-p@qdps'C?U)Br%GasHMFdte-CG1p0Wh.juF}zStAcy2?iGPnXCkJN=+~g=POrksbmA~T(C5{p^L!aJx.fiR~EOKD4$yuK(2{gPBz_Q@0lL5eh4}P%2}DIF(vmsQjDJ@FC0I&bJRp,'-1}OgJ@S4t75P$EPPPFiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\051BEB0D640249F4EAB7AE677752296F\Features]
"Common_DrPFiles32"=")2F9[qM8RGDpH8$gpF[mFZQQE,lNmQw,tN%lgL2ny9ds50YXj?1l^[GLXVL^bo7*0`^X(=7qsiR3}=UMgns^uOkV_=Yb&i962,H+}Ylflr!O.A@pnOu{6}[RJ+]msmTyL?Ar2vY&i1J]QDQl,JA~Y=K&va+F?EG.uHRYdz){,?3ny7DgKgFJHO&3*rOC'?,,ZMpH60Wdiv$5*gCH99hQ{+c7Y^(X*SyrQdH([=w?g~z(drHm)rH)&5l2^@Se`LYHFmpnLiQF@k_R=@v'IXpyiQ%@YtAq*q)4j?{cpDQYP)Ze&0}&jh-ex@C0X!YVT}35E(Jp(2sX2?FgulYCVP!nu^d5Ar`pX8=H&eqMHpCBwIrZ*]1@h=RbR+*90YP`z^j{&Uw%x@)!GM6*Z99N$yJn1oMEV=qzGT'x8wE!Y.9Oz~Oex9]W@9zT7QMN!rZ3fbc0?9i'Ejy&fyvq(oy9CBck+9C@&XTRwf)q'}E%mHVS@@`og6.JSLcg2!E=v+XGA9i*I.Z*`-GL&FgW10{ug@F8_KeC0Liu!S].us&%i@GX.t51=U~8P~2+ptr%D9FWMp*pI)`F3gq5[S0T3?y5MYUWC~uqLpm}AjBo7Ar5.uYIirptJ.s`nbk!o845.H'A!e1?P@B6r5Kp79(v]d]1b4G=qn99Z'15J?b?3[7icY6FK@6yyyw8!?FrylySdQ{PD2?mAfSPQ=wwutct-(e2dp%UK8WVV??KU44HvI&Kh[c~Ia.BV?MJ~'{7CX.-ag*qy]z.M@M)7k=[?srlBzH,yc=uB2&S3vZz'7!`c,IYm_KAfNa$]fJ.9Oa]TGar@%r0eK^V!*?0h}'h&z6Mvj%&**RV9g[(oqe1(1izNBKUPn+m'EG)RV43sU8@PO'J%{wlsrHH6Me5EDLxnIvvf)VqjnfK}sd8zjmC1Of%?dLM3+?N{B!pht4xv4}}e9a!giq+%aN0CK'(tRiNOxDf24+q2KMji%kIZyaCVfLI8R]dK(5ISRv@'qo6$[^NYoNOaqlnj%0fADfmkF1-ww298cI[q[f.{0C*KEgvjE2Yx2G0wggL^V')d-~~lq=x!.h(xgsVp?-H6Fd!Ojd7Gh%r+Xn^iJ&MH^8m8RcY`m?LEHNNnRHwkq0_CNHjQnt'ri-R-bM`OuZ1*'ieW1yzacCuO2-p@qdps'C?U)Br%GasHMFdte-CG1p0Wh.juF}zStAcy2?iGPnXCkJN=+~g=POrksbmA~T(C5{p^L!aJx.fiR~EOKD4$yuK(2{gPBz_Q@0lL5eh4}P%2}DIF(vmsQjDJ@FC0I&bJRp,'-1}OgJ@S4t75P$EDrPFiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\25106E7D56C6289488046B2DB88F18DB\Features]
"Common_FR"="m^[V8TEuY8G1O~tK6s?^UN'84W-`o@0lW.PC=eCftZ13K,1e[99G34`t,qG@3ktgDGqmG?-[{cx0W.IQ&yts[`ZW59eLF^@jinyiMMn%TOEaq=b8Z45v@l`Yr9q9_&-!!?{SU[FhjyUEuB''v~~Ri@1zbq6OzpDEuuwuAtc6s9o(,=oJOx-rUMGu.6=n+=o[Td]*U8y2i{D7hqu(f91sV!*-oAu^lXOjW$(FN@fS3ERRu1t8]%Q)W.J6f?-J[t6[al@Ingw-!nA+%9d?p*QztnzyJC}7gb0f?=N$1RDdfURoJ?`Npiz?P@,dfJId?+@?vjnOUC[zQA!_S1BQIy0{PQAt@OC^a8N.(77$0!J8iF4=-bQ8N9}OqcC_A[@_O?g.Gb)6[@sEju'41l3lG*N4$DE+2@(~j1XBmQ!)A`PhCtJ=)?,abar8%IpLvzl!GTWMP?I@bV,'zv^gSw8'rn*}h=$5wJm~1P$G[o%Q_*Phc@y-D2dh%EmWA0H8zuUf+AXJR5U*Bf&7?USR%Z_b?=G27NGBzQE4z)~)N0egZ@ECo?x%.{L782NTo}42[=?T~xf?K2y2RhGL`IR[b=6D9K&g=0!h[CafXpUE4=pW^F4nq{ndlHb,?UJwR9aBbailMLN&wcclXNi-DA5bz,)V?Sb$8.*.u%cz,=!V?vzF$6X[)[K$2yAcb8bH7-3)j-irxP}fCcg=3?VbsZdNRj1[bqqS'M0[)=c2%0&(]r91-,2Kf1U)^=TI,LiC^TEH&cM7099H%9HYaP5JB?1$T1%DQ,kIu89dsNQ,-~KKlwGbTUnnq=w3Dqbv+gg[prj~5?n!8=BfvS[wsF)zF{2[isj3i88gLJJZR&12joiGH7_P&9'e`5C61*Per3C0$.4Qq@D}E+1Ue5Na]7-y`AEX7=RPk@sa^T7{[5s0kt3i]N`u1=kaVfnu-z?9f9_Kc8V6fWKF.fsKCommon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AE851E081817EF047A1003C16EEB46BA\Features]
"MediaShow"="o&wI8hl3(A%1_07Alz}8gIF,n!Ql69]nZ9LE9.~CJIG'k)!XD99Rfx?9%Ix!eh!mTTP!hE9(s{[5_^}lZqT4'Jk-Br7Yh[8=6&?8*8V8'B%y9y5qul?$f=f!wl2AEEOS*B=qXN[qm7R`cp'Pb*)?4N.5-c$Ir{&NTs2A66e-~?e8Tce0Xu[ioWDJ'n2Z3*WIx)t22tdYd$A4)+L1KaU%!nyi$CKO+I@iNdLu7Qe6,)-.uST[zzDVvX&^Lg?zmZSKxbgNz4HHj&c]j0e2'.e~5F6Y(2GFgnnt*@(d7VY*m58==qT5E$tEUqc1F-jCEMF7rm`2DT5@ORA$V.J2@5!hsrw{h^5z?[Ytp)-]pPWz8^0x$2w4v@ka5un16_FnR}8SQN'_DEMJ~$,TzxqsehJdw'[LDCM-2^Po^D]QM!Govtb@bdcew*Vev}4IDY4QV}SmDWq~6ofD28-N_q4(jtSzS)N{5YT3~'YF8e]Itr5g!vnEb7%x[6lIt-76O6K&CM&6U9*!@h3f2Ek8Jh,65+`Uufxid{%'P9WZs=vyOY[L%b*GEjIH^ygnk6?vZsd4}NEblZB]bp*Qr^6Wrq-q_40.ZGov*n)XOR`_kqP&PrU08Wmw+a~o3]'kwX1WZ-_=u6}!ys+bt]~5Baf`8%3ep[(Rm&,lo^fmftbbGbcrP}~R[X3T.9zqu9{LTlJRR9dB!YSM@&4KX='0aXw^5P$(x%Z`Df_Z4*30{UXvrA-4Py5}^]aLp^&z^KsF2fWvWh_+O,{s&H_*JI4-O$wT~au]*{]Iuqll3VF'_AE&^43?d3!@N=IKM-^([G)wdN$$0?V44xE?^YmaROYd*2H^vO%3'&0WWtxI_mAH@+8Ydg3)MYQGm,PtX)P,cR}ui9V0cUa-X4l3E=3r?IfTNyGQBEbp)qD-.hllrlgsUW{gCu_LMcD,t1nUNtN,riMcKL5^])dxYbc_gePJyenM4.G3v](3GT$7h$A90zI`+e2drmO935.8gOadPHT++)bNraH1n1{z_jgo!c)NuGS,+-k%_Q5PjJuF,ni4Gcu,dU03h(&Z^tNTjf]KgaXc!9hZne9h09ya1O?k096bHe?vVX^p7t!Vz=hIML+NA`kn'5&MfK~CbR0Q'D}!fiNWOWszpj}HxgaE.Eg7.`NP6rr-=PC*uP,{js{AXhqMjX-g%}E+6H9`8&A'-.F$+^UJqqXFK]Bo`yoWLA+6$xxfy?xinVZZdb+fsYV,'SemQhGNs4M)D)NF)cyw?wnWg4-ZT-r,V3?Wr+_cM0$KsapQBVMWR0_sj$OR2T@F$u.`5&4mj+g4WHO_g*u7=7Z.69M-}*jl?9CsJ!$s9Sz?HJ`mG]a.GFQP15T^IIE2]jmL6J@=B4_WS8^pDx2-8.`Y$9mq{zdPU&Pxb6iGkW'gl7l.G&b!N-$Zne1$5rtcCn}.r(rS.~8YwzEa$0]ZMnc%}1oW4HDU`Cr=*zBFTf(jW*7J(O4XJmGt6a@w2)Wb$1N5,*FXq-rccV8Uuq$aX4&=6PU_H!M8sE}{!&QP$w]P^wxkPSYh9L6cPpQqD75kU4Fg]GWVUS2VHh-br=-DXDVB9%AEm`Wz2jZO{mnv7Fx9ypOab`Hz`XMuA1p9iF.1z&]R.c1jGwBSFi1?iS}Q(7p}C6VZsWXaX?s}DKze0.{ou5b]7+J]CO=Q,Hp1}7Y!'y-QOzk)WACM2?JTS(OAStR=yG${qg]XXQCB=)~vJacL,Vc~DUZN)^6!Vq~3P_Mj98Lo[%!SAEK5T$K2%Mzi~CKb?cpFmwJ,xmnRPj)*PELBWg8D__HpxA)J(hw&K,?[d,!X_V&Zt%~.=pSwO5LYXqIqnvEI_ffjuI)s98nv7[vVq^oggM4vRcxp=HXx{{hjO4n8hcbe.T8%NQh+&PY-NJBUf3`^-o(H$Q5w9dV?ot66{-.V`*LvS5ip_riJ3gMWbbtu9^Hvl46.mIiADAtIu7)zsfr&4MH8wfHrlyq$ij5L4L3iYZ.3S5nseaf2kmr7Kh?%mJk*)%I'hgAlgddCxKue0mpz8~9R@3y35)QH=VX,hzruJavl.c.O+_c0Q6zkelVYE}jMWZswZ&2%yiL~([R?HXJ[cr)r)cpFTrLV(fNrS(5r^8t3]$d9t)U!R?Q%d~I1v.DYreB?9,,!T*fcJSGE_1]!yM0Q@{DRQo{nfXk+7FBzDR3FNj_g&'cGv!+)a*Pb3l2o+Dr30]O4,{b}{Ph.jB8VO.Q07tlfnlW{FMb.khA~o$L')rd}K-s93}Y!41U-C%m_BD~l{+8Tm2zVSV.q+%Gz@[owbcvmE&t6qx3qtG2~f].0GtBy[7I[`qkoE7?+JSt51S2wV*6?J-fg_GYOn8D'SGZQkHUt~LYd!HTzh,is5`0IP?L_hn3$AB}$y^dAZKN}4!u_Rz'AEWFc2PW~4m(CniFN=Vh-%H-m21KWUPyVTnS]OGwJ@L{'dPB~cO,k_$4G7-P'$bEk{[yv`a3!}^fyyM_nfJq`sm0+.wbHL(oT*n}@(,E1DNg0-x$gae&Rq7w(.7tasuFpXj6p%8JD@Vi_)Du2ER!ZWjr*e'cxxIW2Ugolh'}YF(^DvkWHQ^{SMrHhanWT{'*q2ogaq.TgfLB}@po&+n0llXODIdemCEQ-F?qpx-S7ID[SY(mkeu72e@qqaE-G@k{QKgV+IJ,*p?[t-rCYoHWjcf97HkBeGTQ=8%vugJS*E_2H1y}mUgXWHmhOQ%t=XSd~2nOs?cv~^yOKgL{*.WYEs!W)i.1`7&XCLj`(yHWev%0gVe@UJ^,b,1I1LV%61DWpyh8~x3q@vXS6BVovg]7(oo3)j,u_QvJM%rF1*k8oHQ%QQyM{G+Eeap-ly&Ni02Cn&LO_f]]s9fz2i]I?ye!aXvK~,`wLbu5Cz&?}lv}J-01a+qu8^zLly4.ZVPSvPG-%aWPWB&H.NH+bOi{U6mrARXJqp2]qvv(^UXH9byD85e{4kh=2Ue4)*I-x^%j-V&=OU2TwI)l.i=i`[3c7xyq^p4IC1UWw.%o_Q}lo@aA$5tO(({=1(&pDx}f-qWHL0]b)0~nV~ugxAF?ZUTQ@=+LsI8-l9K$Rpvb2fkul(hPw(?drATT13IlzFor.@Ep%-Q%a,ojXo(udG5urq!yKjQs)fJt6r]4hRA?QhFh&4&Eu.N.hc*-ut+f0A'$246j(KimkSB!*+tVhgLqHnL{[9wB~7lmVF9vJqM,bd&R~~jM`y1c9cE-jN0keplC'1K_g{A-%J4cr'UJr`8QAU1IJ3`O`kD]X'e~pYkSnhEoe^D^pxb(X5ox)Ygw1QH-,9s,mOe$6?Ad4'004aMKz6rJI9u,u&Y?j-J(U-QAtPYXc1O2d%hG?{*XcG+?8%b-Q&9T[TL83(Dy-*!oY`c0hqDI[_aF@Q{c$K.,9pUW1spdJZKOf$1n'ByKau1'M1{JFC[a&Z~(HM^m4*MFzh.K`l8*A9g_9BE}cIZzD=p=h_MuV7G&`VM@=f84STZ[VKh)=yWyT@4Dyze`!coKsR7o`6GbZ{ncNP1yGXn28Ix`Mu0*q]4Biy[$2Pf]b6v*rXsLQ9Knp!ti.}KRlrAWCNy%IRAK^dv?^}u+Ck=k9&^j_ifO.A(7d]A.@O6LAu=?Nw2uY3?'(NB7)'9KcVelDguqu&-kqX.eI1CR!N[{9)J{w3cdqBn3feM]ck)pIsL^W$]0OtZkkJCB!7UTLu-TcVoF&!_rzkaiL`PlRTS9%M+EfBTUQuyO&-g$8IsNzYTTMjzZ$NeCEJ=?gt8Y3A]wY+UHp.Zn(2[)K5],'@{l]04(l@zW9x0^buRn_uGcLS`@a_h]f51fX.`DVEkX%zW_Y2$2X`QNYrzUf{neM`o{$Y`4^msJ~8VXpZoZ1hoh'Mm@heJRv]M.`hmSOk%g^!OtVNQ~L6wSci17?oS!L.iH((%hH{Ipcd6C}hgDoAT2)KCUU(=uwQyZLLo.*u((wo@RN^z^%~d^hMJy.$ag*[^Ipz[VPfm!UMKYWF$'$7SwfT6d@R`G'AuLBq,JRlQ_Xzs_f24UvXYOr7$?RsexW.VvdGB47(]wNkznt2U[)Pbm)VB)5b@b5W!jJ]Q5fc+3B?mfatUw[O*=PM5}}LO=.+.FeaWx9oqXlxwA.K%NNcw'7rQ8Ln&swS,-4Ol3HNxxM[]V-IbHLK}gQbJR?]J=jdw?pXMm.tbW]ewJNf$+bL,n_,egKrlr=3goc5B*4c7Z``Uh*CTM6bM_5M1IRgQ!p!Yw8vv^yTe@HLvjHR)t,I_~LmlIfakOZ@4!fTzrL5!cO97ufQNC&yB$hZz]C@FXe!.P%lb-F~xk7,oK3b=cE]C{`WoUSEg1Dg+~deLZ9d)ED~JdMYN%FXCriv4`[q1s1j)%ekvc%?QJ%[_1MmTniA6fI?g=B}0dJM}e!ZLM4}bh,=MTw}K`2qA4Qj%q0rQ@P0FUd.x7HB0d*8hpOja8Vrye3MV[F@^wL[DrCo=PBU+aSFABEQBlA@.+nBxe`nZ8oiw@VoiLz^-]*h(.p=o6%[F0I4+K@o`Yq'(kq]zPMt$7M[D=t*ibxZ=O'AgfpNVBkk)_rIG)c5c7~OjINF~]Z~}0_55Z_dayp]h$CjdQpFE~X(M{2SxQO-kr(?,V]D`78=@U'(Zk`Ks5`[!D*r]@*`LT2vSF+371wkH3W7uC]8mWVe4c``V^X$G04x_u&xkWgxT@zcszI`Jiqp0GwMuN0)nV%q2sezskMYs!skbjj7-Gf_ZbnDEVQ.KO`X,7-7I5z^~qjg7*DcQWJm9-)kLJ{Du@!bRvg}z=b=mXy~FSs*rPbx.QRa=DM_ADJHAED5(N%_^THF6*@H`I7FNQPmRJzz)'3aw6%]^w@W1Ts5[_-HPiBdTvlgZ*9N,}IwwG1oe4]aDZ93~bY21T$U@57f2[`R!!0G+@m(_+uitAkH.)57X=4Z=cy}cUkqQa3jsW'fWjF[UZVp0~vyMfbLTi5IpLOdH?[Rhj[)h9=~P^WQE]w2%9b[A?'4Rq._D%eJk{'mC)iwu'XA-ALBv'lpi@6RR(}GF6zPKG{BI&KSCn0ZfF`e$[4WFhZ-t1iNmjBQ,ic=2=lUAZMdC&sk[B7HNi,A5os-nY=&Z2P*=I3A+X3fqfH{lgp.QPeaQ`ztIekGZu~=HWNbq_YrcwPtcPQ@qv$TfBa]cHbl-k^*ECH+wtD@*INW9C@5JW6!}sJtepjFLgPedtDPqwcKk_@9N$~,ZQIO}ItCONFi)-prRQO*g_{7ECAxXd[cXfLDRh!_&C~3+rbEJ=4RN8Pd-0)9OTb,e9GqxND8&QHXOkKey8oWGO(=(DJME&2nF21JuCfe,5FJxZGEe)7j3Eul,,rF'w@(bDv?7!VI(dY^{K{ONOa3EP(Y?h5sSxL{t64DZavUTB%8+Xf_oK)n.dcdKBCtMli1!}ug6h}hHrhH1]JsxOCP4kpKptY&ZG7i9Ny.$'.6P+19)X0ZB(Bmp2&z`k8sz&M**dCHB8Ma1tzi!6Mgod0vgFRP}JLtQYNCVXsd``PNW*ku.`A@8}rcW,&oRlq&)JWfSa73MHOPvH}QH}j+We%G`t3H3uO3V%DrZ(Zt[k~p(i,Uct*Eg*F2P4kWj$+o?uw$NfQq'eKHwErzVW0tFaScVgB,lRd88@=~nNCLw8&XSUR,{j=D]6qw$KIS,TaV~82DLffCD6emRJ8p`K`Oua*~@n+G)ZnRTasz!dqH]{P-+_ymhf{?IfwO4m`}'2AseT++?d'b`Y5HWO7BZApx.)sxin0]g1]Y*hJhF'^ps8Q4k?ZTS$=HjDJwJOym@v{?Klz3H]9peHL!]rThw8o-e&Wqk[z6am'*hnRldR92`M}w)3rk2AWW9GR{D!,zHxGYf0uG%rNGV94lATs13V)Wd)'AT9dQq4NvRektA*5uA(2K4i%K@.3^Vj!oaaeBsY$+f^v257OuR6]^CEU=y7u$rfeAk}[~PwZW9IlW8d!25D'b(?vtP6^Egidp66q*Zcvf2HhmTtY]%a^c7~CsP3h^zG[FlP.f)dEmJZfr~I8yba1!_MS9q2+RB*!!bHJ^mHD3Us.Gs1]E!OjNKRyGrbSk@VSUQV,omfzV1wNl}2+xtLYvcOg*5'+FFMy0PGw[Et,&AuuiRx}y~7$^zdxzT7GTAwOMUncI@V!MDU8Or[C`vD1)*ix@.72Q.N8NYdtMsL2[JPe9&*Li1JapyU7s8,ihYvZ,mQ?1i@F1x268}xa*uSYhd'kk7]C}[WmE4v.4=dbT(Sm*ta39YVxzll!]=7@A*`Y_SS(~e?HTCwj=q.-G]rR&,vbG}Sis%F'+2.ZfbfB_Jy2h_JSNDlm$sx0[nWnAmNQA7UleU2'XpJ]`TXn?nHA-K&PKO?LLfH6PI3$i=b&3uPa=YZEE'SU~.=7e2d5zU&KRNR^,jEOf'`^?Y2aJlPh^mTO7,hjS@=XGM0+.}YSOb*^zj,dIOvTO=tco+0e5uH1T.Ywli`)~v(P?p7MPjxp4'C0PRvA&3ro5_V]evd@lo`0'bf,gRP2nW8]Rb^+6`~vOKUbSR%JAzC76sDCCL4W~WVNWOfjc+Lxw$QIUc'?`[!HdEc5xW!(JjdSa2lN5{hVd{G@2?V2vFVk{u?HCHes70kIDHs=(DgXKQ!bW=jM5R4DtyA$$d.zs46-,-yR)(*mnhrR0@TD+9!q`ok7DAcu.-v~bo(x6Hg0paCQ2sGk]v2zV)$k9VN?*8X4cgrO,^'X!50i(BHiBCf?A0nTAi=G]Jw99-+PMuV9ogpB1qSOeu^Sm].61gCS4+j3o`X[GGTYeoNH.BJCfLt@vd3~9sZ}v$2QIm$ii)zZ}TEyJc!elA4lJtLKDdSAw[,p[}I*sbvL8ufl=uEZE@WL080heF)}sXTkE{c?~rU'&o$3ev_(uaMCvmL9(t9&w*,VW8lDEi5Kv+&qO&gHL*T0JDjcmp@%fwIH&X^tVmAbo(yWV[QAZzwjEmtQUrUDOR,TQ89~60)kj~~66aA^H*yvDM9qwRez2PyfP`RgWM'}OByeJ0*a!Z4DIcq1Umpiv.OIi9,E.b7N[[R^x''-n5TpX0`uv3+TmlTn4=Di]3,FFJoP1C0h_p2IeL=!dV^tsO^.l~oMTa]]dAd@^x]%z}gDj,N0'R5ymkonY0F1x=W3_(}x[8&wZXf_4j$%Djp8hvTn($v5XsyCqOk*{GNytpg&DgkG)kA}G%Y7e^bAmK%]C,b)p0avDrCQ+]zOXVpqqgb^h%r@Ch,=jL~.eHmD$qH7)y-lz9NO!BdkocRF-Ms.)fV@=IE5Nk2f(G4iS1D$oJjC(AK.sX'_)Lw=&d`VV81~dWvXP.!$SIO-@.)g2&XQ(o8'@tZ[&Cj2_.F&G'f4q1(t(S[X~ZXW_~1p%tg'&RBO0iKQ[1t`Wx666=PQ2APoq7*!_*Bkc?`q*rZHa=8,t!44i&jbqHnvGQ(&^Ys*[-s3(eU@K]=(Bt)[chcTvglaV}mzJKByre(4&ZYH&?4o{D8H1vNW2bz^.pmHUNGZx'ik^J8fUNdxp94)E3B0lz&OM~_Q7dW%sJ086O&{wxQ5_[4lb4wQU~hAoAW1TbTwjWn3VzRcK!kbVOu8o}lA,hZOs)Id3f%xd~sABg`x8tC,UjRz?ms$fC'j.K^^xb-N+qU=c~G==D6(F23b*9ALaNDkcH'IkhbjiD5%X2y7sUm1}VM.Sb1^=P!tUSa.9H&OiA.1,RC+27LClfN3rygI07aOS~}M[`vz4%uY{*g]1Q1fqJr%*9'd*yy2,j_aON.paQ21rqNZA.G0{tY{e~_PT?vOPp?Dq_,Y`epfI[PS]@SU0.P*x?1'h`X]gW2u}9DNy~Zwdx,C+DmD4KRD'O]tN{0qz&lf{),%ha`83Y5S6&q1%J2IfC0mA05i~DUdI3UV+Vt@5v^OBQX?v`_TPKFNC*XIHs-NX]PO?.E3hii]nCq_jszJ?YVE9Bz2eZNw$CQCE[=~s0zvJ8-C%8a.$gz$P9`1kc_hHA5F@ipPV&&3)zHKI1wDr]tO,IHfvQs6=a$-6iB!1k(FacFcnBOQYm~7,7JBSpYa`f[jKb7XEg_@H'o2Vo2'bI]BjnexCb0+2[SGOqTS)E]5bQG)yN~2o,EE]Fp`w3+rPr-9Kd[lN0a'$mnO4-7oFX?u[21~+!MiWOHf.zdn4^oBoYPieUvo@YP'ny^4c6V+St4]TV'wD0S.$9Kv_uE][fbiR,)58QkB4Ktd-gQVcI9A5}2PEaZ!{`Lkt@PbR!q3{2Se-lUauq~,aysIF^}z'WH!u~hX,i@xXzbyVs{qBkV$e-^$4%b1F5(wb[dvaKz[DT_zU_$iVvUTJJba8nH[E6'mDjX`sW7.=CKo!-hazv4Ubg=C$&^nJG}A=VM$}empY%oGxMZ}%o0NJ@I@q@~15e+`@Jp,U1h3bZOi0%xT6gWnk)dvBAB(5POIf]s5C%=K9QrxaXEFoc)EAAn!&lw?Hvgq=F%x_Nwhf=aF2i8m+,+$pyjH1Ma}cO[=iloHujJVa-~.+1ZU@Hnw]tRe7Hou$wGe'aajt@zj^h*El]b?Wj,G+?i8~xXPMO5%WM*rf]kU'TzWX*2e=3ei3o0d'3!EBs?c&ctzSlE&=oM?DVz)!lOtaWsVOp9$,,cFt,ucFQzBu1^t4g0LlBQ$4y^?IW7t@OJje9o?q*7d3ritx*)!K)IP6DMb2{_0%3XzNqpUSz6?KAfG5YA&{T-&G&E-~J5tC4{Jf{[SRXd,RCB%M3^HfdY4xo*[mvYFHzTTULdA(wgMue?LE*Q*R)d=g7Cau)mbj_K-Ce@cr$pnL9^.Y)iU7y1!iC@f,ZPPVm{V6DjBpaicccP)Xo!m6rkuq)K3EJpkRM0RY4onV^']oH'C17xcNri&sAV~vn5?'a?mB*Up5YgUZR8k1.{I!D,hMgYS}1lCL{m.7GX[rr5`1}!4_Lx6C@0EisrObXv$ULDGQV)%)u1GiTt1q.Rmr$!Wr-x&xRW_be2yxpsEMfDc'PP&zpDaE%tfz]]v.ehAqSFTLK.o!pB-ILXnIHvsPY_{-f(I1c[=Me@GjkH2r-o$lM?jW~bXamM_jc^yU]^ynnz`4XVnRl0YNCZWYe*8$'$NNq?J*W7ww9&BWpI&aE8]a4WK)9bq28b2i%n5ofmI*'m)b^TuA~mFiIBwEs0]YZZaephJ]e?^nr3i.Ae$iO'k8I$iQ{3B!TtIj[nZO]lE6H_ir{(nu4BR-tYBfzK.G=x^Y$GbEU=Z(KxJ79uUfF]d*wtP1D+t+OA~J*?{]L{J(z9S.PxOJsZ7+EyajHj-.StL4yjp`.w'^t3tcr)?F0yOC_aqM,vLtJUC5vy!PQN_d3u_WKlN}iR7RKno8i95Z)UUHjTj+s`$H![IfaWTtf9if0*-Gni*vi=qj+Zw-YZin?HYd{Clc'P%7e5'Go9]Jl^~Agv29*795ZWsf$Fz$+g%ITm5fxwhm$uA%QZOmT@fNncpwav5p')j[vwIb]Ab(dte,P*JpdTo!S7d%19d*Js2~.,AR?WO(D*uYWgI~BMd89$D6YKIgddH9ipXFm[-WHzH5!y2`dhAjC=2y2ehcnR!5W1YnvA03rj^rmFPV6rFe+j+Z-8DDpw@+}V?EKJD(a}8b`$C6s&j`1YTURUhg^)AZExcdHBuXZ0[MWIwgCIfZDTbb*,OW1hRVOD3=^8H7pg84HaMNqkoMF0SA-~t3E0Sle&J7ONAs{bUQxif@nLhmqRwqAiz2XcvkuLhVi-8[)f25%JHy0.4?_uDkPd7tEfEI!~I?_HdLlBR+t1ON_bTy=LY+9],'2u{l]W3DJ]8%2+IK_2=AI,e+pCG'%fs%j6.i_!tl*'cB_y{m&N.oC]G5'.Zh2?%4XBd{jLy1vH%J8crJH7yZc7mNTmzmqswJ?AsTP}oWE'QsvlO`x0=z!lF^,fP0$cUtgK*N4h^qYlg0'+P{T')+`,8&@,P&s8H7KP3L1Uo&N@p&'iLV$kxcM,FEe=Stvi1A+DAKB@'^q^*,279`+peH&Wi8wf'n@rx7hDX0)@I4pZi98U%(~DLFj[t6Xe52L[7IeW0z4}EbL)zMZ*YN@IMnB0$P0Lk-{e49uAlR8798L{]Af3&WL!&]m^-[['!SfX49!9Pjb'B.g={z]tzF8WPSlUhKpAy&qh2+JH&.rq9r88%)itoCGD`@%Rf)?jb-F)06'1nfB7nb1,wrdaz-`'F5U1.Q*MN~1ls_IHfGidhIAW'x3w])5[Mpg]l?b`C0y9xK99wTO9[]uaf6)~%4x4%$Mxg+${)1uv%iR%-NUamKL73,)Uofwr6.wy]!P2J+K299nio[?Kj$C}pCC+6VWl0!p,'Z$~GTC$&cry1ul1YY+Sc96h3trgVlSF~U1u3@P,FnE[buUQ!9SpM&fzvB&VMQR49]9E[XH)[~l9zzo_npBYe%v2}qiLYk{Qf`cvaysP2RQsK2Dsz@*rusvI=TRPPV61Ade6h4fYOqs3&Yev5_c%MM&o%i5T3%t2)b]VdGI4IVtVV0M8HN{nqTTkWoF^eB?pppIdkdBwKXpnXCST5Sr-^(]6DMn^Aw6yU$jd**jTrll^!t{87+)PH)rxL+2T_-D-%sv_aAO0XW&D-2))-urO0axV,4iqM=W4Oz*z*v=tB-$=BOCg+r4zzKrqUM$JH+X(Z5a!0@wu%lLImR]ch0p`ic7'WwiRgPM3?ZNB1f`3Xm2-6O%,f,mkwjx4!@sN@aH[-L1zGkfiG4?niK$c11fqnc?3Xlvh7*)c4tA)v}XUS(-ro(ec6A+.exSs1!8QbNRnoZjjjfKOJRvjmgX,W')YMq&d^+p3zMP@g*a{JYI9fmpB1P-N_42.y7Ac2P%A2lK~m=vD(E1[Y!rfzHidguXw7e*!Xo!VD)OZM`50D*F}fL]c6Ks_@N)BI%`.YHFR_zwV9R(5q$Xt7uLPQh6G&VdVF`)FNX5]5%@EdaML-ybg]LeM36ka&!lZy'7GbZg!Y^6_AQf2((3{u`Mc5QvZa6Uq1``Uon8,cg7p0.6nPssFRWhaf~RB+t-Wz_J^8v{3Gmtn*(Jk+HnpEM,O^Ey=g82f!%ap*M`UTk_^!M8=GH%s]OrUHL7ImrtB(6ek8K4z0eT,E,j,d5t_%n=zJ,v%Np[gN9jWAm4$ZjH-'W$80]oT)r$?IZ'.AaiM.oea03l5f4wa9oQEJCnEz)`R(JdTZAmsKT(nKFG$unRuKz0yZ,(&1m'61H&p^v8uaU7mXXp+sQ^Z7Q)t0nIFIjAoxU@tgnS)K+WwPVjj}{rpH2=29AdJDsc)0ITG?^R_'}Nd%Vb*sGK_2y$u,8+k1GN`l%-T'@}NQ$z,2DQdcfCZlRz5h-=&[2j[Wv.lGIiR0l0FAY&9D0r-0yqtfXDotqzAX_RF$vP7XhUT`II1J]{_PY?0mIgN&}kvh95J]W`8ta'07K'w8sulk2e4^,6dg_My77_NYb_AY1yyxj[xml+Ei(7`0l)Mlt~7Wo](y.y?pi$}Pw9@4mjimDg5r*Ni[OxFdrHwAU~!,UG%5iHF^,Y(iMR6Rla[ZbBaaezJdHgCTkTDRWvteNG}=?^t8bfVFSjdfkn7vJK{'[VZ?!]=rgqV)$1DN5`'PO7kajNAn_[E)cH8RDM5{]pakC4(2h8J*ulW(MJ39)n}cJk^odm]Cu?*C^jqhLW9$SCcu(CQK50C4c~%19(HN`k9@uWO?]@$Fu]$L~xg5nLX'%l)L?`k,52i.Z{&-G4RE07=sxYU9y!ELK[N'{IaMwpU9^x0-&9a@MzR,A!A'JGCxf'?G7kH60%zZN,pz8$qNmf%pQ^ow20?o0^ry31I`V'PjAx0RRdYQTFRS`D1a!`kWj*Pz_yIkybXm@IoQ15sO_bBkd0L`6)&faE'MaxPo9bnTBT]d7uA+RoVi[SLi%r?3eaPH*tS[}nR3rdK7Vrfxl=Ln-LtXz(w)xW9W.2_K199w_*7'-pa=CSIC1B9,A[Y'!QxEqUpXWnk2DbvnCV5a.wQ%[LK3,Z5G$~aw0[c=]=H2nSjQiM+AKQMQ8p15N'$c%TKcQ7PN9rBtuB[SprO}3kc}FfgeN7~Y.PHH5]iI,Oo9k3i?Ua1,%hcMJK,cG3n}{s4)V}lns8i=jT5fRDQ5He3's}rY$hL}sVwxpzfBC8fY`%26KwJ7dMpsyv2=oLMe=?Gi$DDYKKTjdyaxjCFf60W-K~ebh+q`HBwpiBllLWp0D_q$EC{Eo$utvUacEW3]4.Rm5gMN7+$*t)s6JU6ZhyDoZ}_v,pMkqHQ%+(Ipz^x7]z_WBtDwY(pHjM~wF~N!TIsb,HUvWDdcUWSjn*%Rd8ol}0yai}.==1=4JC'suND.`'dFTHRF?GTh-WtpGsfOnMrwShwxh(S$^HfSl^hv!-}HYvE!+cC@Jmly*1KiOxMHa`5e0gj,.Z1BuGlK9p%gCf*,*!d^!&k`9mNwtL8X4)f&C_^2KTR!n+wGt(8pne-21p`%J.lXf?U75L,6Vz^t!!&`.s&U$48MxPVb%2$u*QbLYO4eFIVzYPB$81O$$.PhXahM0S5EyvaexH]o+LJXLnON0(+lm356ylzd2^FB'4}aH.@Ynwjetea+?mj2!z&C7b.YIBPdCoe{2RNPb2bCuGOTCpr$@Ap4qAvC@}}!auvQ}Q!Y106+&@zcR,K^=SnR+XHRviy}e!Xf@V8k8FvFPpWFxYC*+}xl6a*IS`H%CVc0oU+A*p1$jFWUko5mD,b3f_]hXjzomi&*us1C6nGLpO.VYOX=qmh=F}`t~`Mc1hE%5ixSNodTARO`uy@~?8DZcM?`4z=(xOHBsY)i[e)hPey_clF19eHK[$~S)73+hKK=1hH?m*^O4+qiKFnWhGF^@g)e=W0*oLi%Ei-5y3(+M7Lw'Uk6&ATmqG*dVbFl-n,=De83pZFTYkapctyxz@bP)hbnqK0C@o%gF.'Gn&,34^d+v%c6_h&_.Dt^wff$5t_KQ%Q0Oc0t79-{+-pEp=+(QVi&@(j2%.%r!RAXX^II&=Vl^*F[sc$A0m`}$%^+c%iIz{FYXujTS9J%0Zb7Yyp@Vg46]fq6bFJvFF2N@[LW?~)8ADl+`,h.KcM?y(ndmUF-yDHYZEjuRR{Z8++0)W&=qeKDB6mz=hP&p!TWP*xbDCUR=Zu(YQS(A%x,vlNj=6r+3*EB*`x3=+}^uQU1WC%gHfCZ3HiIMY9oqZcPTfX!q=pVX,GP.k3)PPp?W70xF.H{uaA*k[yabX%nP022wF0DtqhRLu,~UdLjPcTLB$5YlDwtaYSD'fz51)Y5N6w{NpCz%-bxQR4cD,Oa5nvXundHM8~GW@=k)H?0&!(u*u~Oed^Ilya(wbx60^O~UCT}Ki,2w9iqe+yNk(F_X6Z&a4RrbjfK8qO40IAj3v_U*Q2}Wv3r9?wNVuS1*nGTW&0nngh0&4fJP*[}^RPvm=s}ARK*(3R@p`m0',GFm6v'~8,ndbw'rHvNC_M`MfrCFYK^Z&O,sqr`nW3.fs*1+9WL4~]VB%f{D}nYuSlF7oEyrLgyc(lEpU$`0us%sTc*D9Dqch1NS`,NGD9HO'eU=E[6wW-y1GU2N67&1`3}7OfK$ZAtL)'7+9)]cEU@t!PFI]~Dz__EY!=xf@vg3H^01(RzIX+{%IeXKnY1dPGNb^gsmw3QUkBXnmfFQR]EOjqHQ3&o)vG'7EKcPM=QM]3]G1t.$&zMNi'*0{Ax6qA=Twr2u$wI~[0{~uZ1qkB.VPT0TvuEPj%[fMHyAc]zu(u'?[2)!qYQifVg7UikT&,^C3(EN_zoq9mRHr[{G?1J0XF&QhkGfMmXgl~`ODI&7RO?WhS.,sp_wc+lz0%i}ivlJhYPY0$O?5[.4NxNA7~DR&CKYyW'In+8E_0]1*p9@zl2i!GL6Oh?ZV'er??kOcd)esy*sr}ON+7Xfo`uxtYQ@SgY(R6LU+b+}v[{hXFbekVMuVuYY1!2dsGE1`^~]2`jOGdQVUJWyhJtgl$xsz1d)W6R3r*T0zVtHSdH3@Re,J]99.bClAp8-PEvaMM.{N3,PxXq89,VKE)BWi7jVUnkeHS9,Bq2t%vf2Ex^clpKoKq0S]-K]JDGO%S4ei0y48$}`_SBqHM8NR]]p~]Z*{oQ+@.0x8Rx1Ht2yOCkeg8X_w).%,IUoUUJ1fM%9?ixQhfI*=eCEQ28[jM9M2)hBKGfdw,1@o_hAAYIBxOPx,+b_+S56K!11soZ
Q'%`9&^Y1I4[D?*Lj?Yh?{IqV1x3BCSwX@6B{X1VBTgl`xxw{x14ptzg^JYnWL^XPs$`dDR6mSSv%B?z[r]4k3tG,Iut0`Lm*4YivT3$a=)hrQGU.{-3v,9+@+OQq~)@P&T.{.akjoE@)6+-r?Q+DHqYLSSZR7}9zU]22nqm-5[6q}t['sVdRoF7++hems`N(jV%F=m7M,9%]5TGO&0n+1LK,5)_U@OUyft-&94.{nNAAThw_=)JW1RIUWRCUfdD_?%!e9xDMytfe}yoRf8[13!2e3IT@zTTArWGm1+gBW7iNLhV)@dT'S'a.bPjD6vR(&T7RX`yV1cco@f$Qhd`U,aSlIWcHiU8YyvbZE[Z43-,j@U9%q@eh+u,+1VBn.A`UC}5{1t1H`kNiwg1&PieMp2WwQjwoSQ4mA&Pa{l0f'EfPYy]gm&5mje6H!FzS.`O.?%WlFz}rW)xjaeOR6Ixui=$sW@%aZD(]b8wOBEQ'_Q9G+'dw%]_I(X+K},v40W.S?6vm=T5Ig=1b1T.71.qD1b`}+-dAq!GC)?=e&$jhWM8]kLfyffbBm47Jt5jHBQX&V8n2i@vO0,H8t3KwoeM0o]){X0QZ&&$fxA0bvW,c%sTvjioq~H2z0yg-d}S3yNLzE4YBhRXvhSMO&b-=)U*jEAC7b{OL)lDlZ9TjQa$PmOBi_[SDYIp-Dm_mKPJ!=JZsaQZu`ETRkQw{c~9qEW6&Kd,[d(z$2I^`lt%`]d9h0.Q,i(Qr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BE4EBED704B66673BB53C5BB3C58AD73\Features]
"F_compilers_core_amd64"="`yFM`V.(j?5]i'AKuKOKJQ-fL.MGAAWWvkZC2t!Y(91'3NpGO@ya,]$={]vm(~u-_m8U!AL*w{j!wgZZ-mu'YIdC'AnZb-nwxX'gK?QEZcsQX9?=Z!pPD],5lM4p.ricy@JuL~@&9rDLpn@yjcvcW9{`5Gu3.3))c6N1LYaC!9DW`G*oh(@NNetFx_Full_amd64"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.10411.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.20125.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.20513.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.20913.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.30214.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.30514.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.40416.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.40728.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.41105.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.41212.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\System\CurrentControlSet\Services\Lsi_sas\Parameters\Device\EnableQueryAccessAlignment]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\System\CurrentControlSet\Services\Lsi_sas2i\Parameters\Device\EnableQueryAccessAlignment]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\System\CurrentControlSet\Services\Lsi_sas3i\Parameters\Device\EnableQueryAccessAlignment]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\System\CurrentControlSet\Services\Lsi_sss\Parameters\Device\EnableQueryAccessAlignment]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices]

Caroblue · 10.06.2016, 04:28

Schritt 1 zweiter Teil:

Code:

ATTFilter

"TCGSecurityActivationDisabled"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CyberLink\MediaEspresso\6.5]
"HideKeyActivate"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CyberLink\MediaEspresso\6.5]
"KeyActivation"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CyberLink\MediaShow\5.0]
"HideKeyActivate"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CyberLink\MediaShow\5.0]
"KeyActivation"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CyberLink\Power2Go\7.0]
"KeyActivation"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CyberLink\Power2Go\7.0]
"DisableKeyActivate"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CyberLink\PowerDirector\8.0]
"IsCDKeyAct"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CyberLink\PowerProducer\5.0]
"KeyActivation"="0x01000000"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Elex-tech\YAC]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Elex-tech\YAC]
"path"="C:\Program Files (x86)\Elex-tech\YAC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab]
"MyAccountLogin"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\AVP16.0.0\Data\MigrationState]
"NewKeyActivationCode"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Speech_OneCore\Settings]
"PrivacyPolicyAcceptance"="2"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]
"DisplayName"="YAC(Yet Another Cleaner!)"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]
"DisplayIcon"="C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]
"UninstallString"="C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]
"path"="C:\Program Files (x86)\Elex-tech\YAC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]
"InstallLocation"="C:\Program Files (x86)\Elex-tech\YAC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\System\CurrentControlSet\Services\Lsi_sas\Parameters\Device\EnableQueryAccessAlignment]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\System\CurrentControlSet\Services\Lsi_sas2i\Parameters\Device\EnableQueryAccessAlignment]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\System\CurrentControlSet\Services\Lsi_sas3i\Parameters\Device\EnableQueryAccessAlignment]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\System\CurrentControlSet\Services\Lsi_sss\Parameters\Device\EnableQueryAccessAlignment]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\ProgID]
""="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\VersionIndependentProgID]
""="X509Enrollment.CX509EnrollmentPolicyActiveDirectory"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{0006302D-0000-0000-C000-000000000046}]
""="_PropertyAccessor"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{0220BB94-AF33-412C-A1AC-B1C0489198D8}]
""="INVPropertyActionList"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{2FE9F084-1511-3052-BE7C-9010B522C10E}]
""="_QueryAccessibilityHelpEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{39D1AE9A-CD84-4141-B7DC-D2FE52FE31C4}]
""="INVPropertyAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{3CD63077-A08C-481A-93EB-C5D7568AE886}]
""="__x_Windows_CInternal_CSettingSync_CINotifyAccountChange"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{7197B56B-5FA1-31EF-B38B-62FEE737277F}]
""="IContextPropertyActivator"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{72D2B858-9C0E-4D5F-A443-3E03C9E8CA6D}]
""="INVRegistryAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{C84650E2-FCB3-435B-AEE4-13FD49C3BF5D}]
""="__x_Windows_CUI_CCore_CIAcceleratorKeyActivatedEventHandler"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{CFDE84A5-9FCC-4BED-80A7-9DBFA0DC1102}]
""="INVStandardPropertyAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\EnhancedStorageDevices]
"TCGSecurityActivationDisabled"="0"
[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\PhysicalDeviceID\01Hq3z_HjVR3pOA5JbHvzX0Q]
"DeviceId"="<Data><User username="01HQ3Z_HJVR3POA5JBHVZX0Q"><Pwd Det="true">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA9eEnOTAF30uuT787+mHWrQQAAAACAAAAAAAQZgAAAAEAACAAAABLUIqoSG1fiB0JojlZmWjrC0T+uA937a1WwsYSffxEegAAAAAOgAAAAAIAACAAAAB3c+YnAiQPrme01JBjuu0OzErU4/7REVDXZX0hcT2xkUAAAACm1rRYdve/eROFnCPIzHDgOur9VUSEU6WhAu88/QsbzkwS2GZtVE+wmOiFCwUN3tWjRSBApsQjhm5JvRgDqI9+QAAAAKHi/T8RTAZwxBrRAMiBLHSZvxIc6fWvnwCEGl03XFjekIlPGUfIcI9g/aWg+A+0eSOuH92Qr9OM69J8aDxGpfM=</Pwd><Certificate targetname="WindowsLive:(cert):name=01hq3z_hjvr3poa5jbhvzx0q;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEATgA3AEQAQwBLAHoAWABpAFkAawBpAEIAQgBzADYAUQBUADgATgBIADMAdwBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEEANQBJAHcAYwBXAHMANQBqAC8AeQAyAE0AZQAvAHUAQgBvADMAUwAvAHEARgBFADQAawBCAGkAMgBpADQAWgB3AHUAcgBXAC8AYQByAFIAcQB2AEIAQQBBAEEAQQBBAEEATwBnAEEAQQBBAEEAQQBJAEEAQQBDAEEAQQBBAEEARABZAHMAbgBYAHgAVgBKAEYAYwBzAGgAdgBKADMASwBmAG4AdgA2AHcAVwBjAHoAaQA1AGwASgA5ADMAUQA4AHYAbgBMAEEAcgA0AGsAKwBmAGEAZABtAEEAQwBBAEEAQgBTAHUAZAA3ADgASgBqAEQAdABnAFgARQA4AHoASgBrAGgAaABVADMAbQBjAG0AeQAyAEIAKwBGAFIAVQBoAGgAOQBiADcAbwBWAFEAbgBCAFgAcwAvAFQAOABEADUAawBzAGEAdgBtAGMAdQA0AFEANgA1AFMAUQA5AGcAZQBEAEsASABPADcAZQBlAFYATwBJAEcAYQBiAEoAUQBpAGUAOAA0AFcAdgBiAFgAcgBwAGYAbgBpACsAVgB5AGwAUQBVAHcAbQBlADMAYQBzADUALwBLAFEAKwBLAGwAdgB2ADcAbAAxACsANwB3AGQATQBDAFUARgBZADEAMgA5AFEASgBqAGkAYwBmADkAbwB0AGcAKwBVAGUAUgBXADAAOQBxAEIAawBCAHkAdQBhADIAawB1AGIASAA5AHMANgBmADQAOABXAEsAdwBiAHQAMwBLAEoAUQBMAEcAVQBHAGwANABDAGkAZQArAGoAcgBLAHIAbQBmAG0AVwBHAHQAWABVAEMAWgBXAFkAKwBqACsALwBOAHUAbABZADIAYwBPAFgANwB0AGUATgAxADcAcgBpAFQANgBJAGUAOQAvADAAdABZAGEAOABGAFQAOQBZAFgARwBIAC8AQgBKAHgAaABaAGUAegBMADQALwAzAFoARwBwAGsAaQB6AHYAaABHADgANgBCADMAZwAyAFgATAB4AHMAMAA4AFQARABhAHQAOQBYAEkAUQBYAHUANgBYACsANwA2AFkAaQB4AEkAUAAxAFgAKwBLAE4AQwA2AEMAUAArAG4AZQBaAHQANgA5ADkARQBGAEIAYwAvAHoAWABNAFgAeQBSADQANwBUADUASwBiADIAOAB0AGEAawBIAFIANgBDAE8AZwBtAEoARwBKAGIALwBPADUAbgBHAEcARwBmAFgAegB2AHIAeQBZAFEAeQBNAFkAVwBaAG4ARABRAEYAZQBzAEEAcABOAEoASwBOAE0AcgBoAGIAMAB4AEcASQBJADUAMQBtAFcAWQBzAHcAQwBSAHcAMQAzAFUAOABLAGEAaQBaADMATgB6AHUAZgBsAGEAdABtAFcAVQBkAEEAWABnADkAaABMAGQAcwB3AEgAbABwAEoAagBNACsAZQB1AHkASQBoAEcASABOAFQAOQA2ADMAMwBYADYAMABsAFkAeAA5ADAARgBjADcARwBmAGwASwArAEEAegB2AE4ANgBIAHIAWgB2ADYAdQBPAEsAUQAwAHkAQQA4AEIATwBKADAAKwBVAHQAZwBvAHAASQBtAHQANgBxAEkANwB2ADcANgBLAEIAYQBUAFkAcABHAFIATAAzACsAOQB3AGoAMwBWAE0AdQBsAHAAeABYAHUAUQBPAEgAQQBJAHIAVQA4AFgAWQBmAEEAdABRADQAQQBCAEwANgBWAEMAQQBuAFoAMwA5AHoAZgBpAEMARABxAFYARwB0AHYALwBuAE4AZQBDAHQAaQBGADcAagBMAFQAYwBKAE4ARgBXAFAAZgBsAHIATQBCAHcAVwBpAHUAcQArADEASgBWAGsAbABzADkAcQBYAC8AQgBJAE0ASAB4ADAAQwBlACsAOABnAGIAVAA3AGcAdwAzAHoAUQBBAGkAbABoAE0AZwBUAE4AaQB0AGoAdQBBAHYANQBGAEMAOQBVAHEAeQBJADkAMwBSADcAaABqAGwAYwB1AFYAZwB3AHYAbgBVAGMAagBCAEIAMgBQADIAbwBkAE8AQwBkAE8AcABQAHAAaABuADYANAA5AHYASAA3AGYAaABXAGgAdwBWAFcAaQBZAGEAZABOADIAZQBTAHoAcwBpAGYAZgBqAFcAdgB6AEcAeABPAG8AMgB6AFoAMwAxAHYAMgBLAFYAYwAxADEAcQBSAHoAQwBSAC8AUQBsAGsAVABNAGkASwB3AFcAcQBhAGEARAB5ACsAQwBGAHIAWABtAEwAVABnAFcASgByAHkASgA5ADEAVABRAHEAYQBOAEYAeQBLADcAbQBHADgAZwBFAEgAeAByAG0ARgBMADcAcABoAFMATABwAHAAeQBRAGQAegBWADUAbgB3AC8AVQBWAEMAaABNADUATQAwAEoANwBqADEAYQB4AHUAQwBQAEsAVwBlAE0AWABHAC8AUQA0AFQAeQAwAEEAQQBBAEEAQwBDAGkAeAA2AG0AYgBIAEcAVABDAFoAbABYAEkAWQBIAFMANgBzAEMAVQBQADUARgBZAEUATABVAGcATgBmAGIASwBiAEkAagBNAFIAQgBqAEoAMQB0AFYAMQBjAGMALwA3ADYAZQBEAEcAbQB0AFgASwBXAGMARwBQAG8ASwBRAFUAWQA4AHYALwA2AFIAYQBaAHcAOABzAGcAbwB4AHoARAA5AFQAeQBsADwALwBLAGUAeQBwAGEAaQByAD4APABLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA4ADwALwBLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA8AEMAZQByAHQAPgBNAEkASQBFAEkAVABDAEMAQQArAEMAZwBBAHcASQBCAEEAZwBJAFUAWgAvADkARgBZAHgANwBjAEQAbwA4AFEATQBRAHYAOAA1ADAAaQBDAFMAcwBiAGwAMwAwADAAdwBDAFEAWQBIAEsAbwBaAEkAegBqAGcARQBBAHoAQQBqAE0AUwBFAHcASAB3AFkARABWAFEAUQBEAEUAeABoAFUAYgAyAHQAbABiAGkAQgBUAGEAVwBkAHUAYQBXADUAbgBJAEYAQgAxAFkAbQB4AHAAWQB5AEIATABaAFgAawB3AEgAaABjAE4ATQBUAFUAdwBOAHoASQAwAE0AVABNAHgATgBqAFEAMwBXAGgAYwBOAE0AVABZAHcATQBUAEkAdwBNAFQATQB4AE4AagBRADMAVwBqAEEAdABNAFMAcwB3AEsAUQBZAEQAVgBRAFEARABIAGkASQBBAE0AQQBBAHcAQQBEAEUAQQBPAEEAQQB3AEEARABBAEEATQBBAEEAdwBBAEQAawBBAE4AQQBBAHcAQQBEAEkAQQBOAFEAQQA0AEEARQBNAEEAUgBnAEEAQQBNAEkARwBmAE0AQQAwAEcAQwBTAHEARwBTAEkAYgAzAEQAUQBFAEIAQQBRAFUAQQBBADQARwBOAEEARABDAEIAaQBRAEsAQgBnAFEAQwArAFUAQgBMAFMATABMADcAdgBXAGkAYgBvAEwAZwBYAHcAQwBFAGQAUgAwAEkAZwB0AG0AYgAzADEAZQB3AE4AYQAzAFoANgA1AEMAYQBYAHgAegBtAGYAdQBFAFIARABiAEkAZQBOAGUAbQBwAFcANABZADMAcAAxAG4ARABHAC8AeQBvAFcAMgBaAHMAMgBwADEAMQBEAHoATQBUAFQASwBDAGoANQBXAHQAUQAwAHMAWgA0AC8ATQBlAEUAUwB1AHIARwByAGgARwA5AGgARQBzAHkAUQAwADYAVwB2AHMANgBhAGUAdwBEAGMAMwBhAGYAWgBZAGsAUgBIADkAdgBWAHYAcgB3AFYAdABqAG4AcwBMAGEAVwBNAG0AbwBVAEgARwB4AGsAdQAxAGEAWQBLAHkAVABsADQATAAwAG4ASQBEAEgARABKAFYAMQBNAE4AdwBJAEQAQQBRAEEAQgBvADQASQBDAG8ARABDAEMAQQBwAHcAdwBEAGcAWQBEAFYAUgAwAFAAQQBRAEgALwBCAEEAUQBEAEEAZwBXAGcATQBCAE0ARwBBADEAVQBkAEoAUQBRAE0ATQBBAG8ARwBDAEMAcwBHAEEAUQBVAEYAQgB3AE0AQwBNAEkASQBCAC8AdwBZAEQAVgBSADAAZwBCAEkASQBCADkAagBDAEMAQQBmAEkAdwBnAGcASAB1AEIAZwBvAHIAQgBnAEUARQBBAFkASQAzAE0AdwBNAEMATQBJAEkAQgAzAGoAQwBDAEEAZABvAEcAQwBDAHMARwBBAFEAVQBGAEIAdwBJAEMATQBJAEkAQgB6AEIANgBDAEEAYwBnAEEAVABRAEIAcABBAEcATQBBAGMAZwBCAHYAQQBIAE0AQQBiAHcAQgBtAEEASABRAEEASQBBAEIAawBBAEcAOABBAFoAUQBCAHoAQQBDAEEAQQBiAGcAQgB2AEEASABRAEEASQBBAEIAMwBBAEcARQBBAGMAZwBCAHkAQQBHAEUAQQBiAGcAQgAwAEEAQwBBAEEAYgB3AEIAeQBBAEMAQQBBAFkAdwBCAHMAQQBHAEUAQQBhAFEAQgB0AEEAQwBBAEEAZABBAEIAbwBBAEcARQBBAGQAQQBBAGcAQQBIAFEAQQBhAEEAQgBsAEEAQwBBAEEAYQBRAEIAdQBBAEcAWQBBAGIAdwBCAHkAQQBHADAAQQBZAFEAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEMAQQBBAFoAQQBCAHAAQQBIAE0AQQBjAEEAQgBzAEEARwBFAEEAZQBRAEIAbABBAEcAUQBBAEkAQQBCAHAAQQBHADQAQQBJAEEAQgAwAEEARwBnAEEAYQBRAEIAegBBAEMAQQBBAFkAdwBCAGwAQQBIAEkAQQBkAEEAQgBwAEEARwBZAEEAYQBRAEIAagBBAEcARQBBAGQAQQBCAGwAQQBDAEEAQQBhAFEAQgB6AEEAQwBBAEEAWQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQQBnAEEARwA4AEEAYwBnAEEAZwBBAEcARQBBAFkAdwBCAGoAQQBIAFUAQQBjAGcAQgBoAEEASABRAEEAWgBRAEEAcwBBAEMAQQBBAGIAZwBCAHYAQQBIAEkAQQBJAEEAQgBrAEEARwA4AEEAWgBRAEIAegBBAEMAQQBBAGEAUQBCADAAQQBDAEEAQQBiAFEAQgBoAEEARwBzAEEAWgBRAEEAZwBBAEcARQBBAGIAZwBCADUAQQBDAEEAQQBaAGcAQgB2AEEASABJAEEAYgBRAEIAaABBAEcAdwBBAEkAQQBCAHoAQQBIAFEAQQBZAFEAQgAwAEEARwBVAEEAYgBRAEIAbABBAEcANABBAGQAQQBCAHoAQQBDAEEAQQBZAFEAQgBpAEEARwA4AEEAZABRAEIAMABBAEMAQQBBAGQAQQBCAG8AQQBHAFUAQQBJAEEAQgB4AEEASABVAEEAWQBRAEIAcwBBAEcAawBBAGQAQQBCADUAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYwB3AEIAaABBAEcAWQBBAFoAUQBCADAAQQBIAGsAQQBJAEEAQgB2AEEARwBZAEEASQBBAEIAawBBAEcARQBBAGQAQQBCAGgAQQBDAEEAQQBjAHcAQgBwAEEARwBjAEEAYgBnAEIAbABBAEcAUQBBAEkAQQBCADMAQQBHAGsAQQBkAEEAQgBvAEEAQwBBAEEAZABBAEIAbwBBAEcAVQBBAEkAQQBCAGoAQQBHADgAQQBjAGcAQgB5AEEARwBVAEEAYwB3AEIAdwBBAEcAOABBAGIAZwBCAGsAQQBHAGsAQQBiAGcAQgBuAEEAQwBBAEEAYwBBAEIAeQBBAEcAawBBAGQAZwBCAGgAQQBIAFEAQQBaAFEAQQBnAEEARwBzAEEAWgBRAEIANQBBAEMANAB3AFUAdwBZAEQAVgBSADAAagBCAEUAdwB3AFMAbwBBAFUAYQBJAFMAbwBsAG8AVgBsAGsAVgAvAFAANABKAEcAawBnAFUARwBqAGcAegBqAHIAVgBTAEMAaABKADYAUQBsAE0AQwBNAHgASQBUAEEAZgBCAGcATgBWAEIAQQBNAFQARwBGAFIAdgBhADIAVgB1AEkARgBOAHAAWgAyADUAcABiAG0AYwBnAFUASABWAGkAYgBHAGwAagBJAEUAdABsAGUAWQBJAEoAQQBLAHMAKwBGAFMAdwBrAHkAZQBjAGgATQBCADAARwBBADEAVQBkAEQAZwBRAFcAQgBCAFEAagBjADQATgBWADcATABCAHYANwBaAC8AYwBCADkAcQBNAHoARwBVAEgAMwA4ADgAeQAzAGoAQQBKAEIAZwBjAHEAaABrAGoATwBPAEEAUQBEAEEAegBBAEEATQBDADAAQwBGAEUAVwBCAGgAVgBUAEUAdAB4AFMANABNAHEAYQBwADcAegBuAHMAWABzAE4AWQBTADUASwBpAEEAaABVAEEAcwBoAFoAVgBpAG0AaABHAEgAUQA4AEwAdwB6AGIAaQB4AGsAdABYADgANQByAGUAQwBDAE0AeAA8AC8AQwBlAHIAdAA+ADwARQB4AHAAaQByAGUAZABUAGkAbQBlAD4AMgAwADEANgAtADAAMQAtADIAMABUADEAMwA6ADIAMQA6ADQANwA8AC8ARQB4AHAAaQByAGUAZABUAGkAbQBlAD4APAAvAEMAZQByAHQASQBuAGYAbwA+AA==</Certificate></User></Data>
"
[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-689365640-92009327-2566536619-500\02tjtxrqaveq]
"DeviceId"="<Data><User username="02TJTXRQAVEQ"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA9eEnOTAF30uuT787+mHWrQQAAAACAAAAAAAQZgAAAAEAACAAAABnRXxkpHZOR0lbYOEi68MBFPPFM/AidJeAxxub0lLpJwAAAAAOgAAAAAIAACAAAACL1Tv/lRMZSGsOMX4La4CGTIT0bkoCHH4b8bwVw8LiNjAAAABQcBfGRGAFzFUtXNxEZos0ZDw2zIhahr4SAyAgncqyzMfXCRktZne/IrmDMkdwjjhAAAAAiZPKYI3HOz9Zlwkyb2y3rK/OKTEmaNzcyOiktbQ9zsvjAhjI/RGPWQxUGD+ZeWX+qehJvc/5pZAwEWXUJuBLlA==</Pwd><Certificate targetname="WindowsLive:(cert):name=02tjtxrqaveq;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAOQBlAEUAbgBPAFQAQQBGADMAMAB1AHUAVAA3ADgANwArAG0ASABXAHIAUQBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEEAOQArADEAcwBxAEIAMQBSADUAWgB1AFcAQgBTAE8AZgBaAEIAawBnAE4AWgA3AHoASQBNAEQAbAByAEYAUAB2AGoATgBUAHAAKwA4AGEAcQBPADUAdwBBAEEAQQBBAEEATwBnAEEAQQBBAEEAQQBJAEEAQQBDAEEAQQBBAEEAQgBUAEkAZAAwAE8AUgArAHcAVABCAFUAbABKAGoATgBHAFIAbABaADAATwBiADYAbgBOAGcAcQBYAFIATgBxAG4AOQBsAGsASwBRAGUAaQBHAGYATwBXAEEAQwBBAEEAQQBXAHQAMgBuADgAUABCAEsAVABBAHQATgBPAHIAUQBXAE0AcwBMAFIAbQBjADUAbAB2AHcASwB3AGQAQwBzAEoAZgBGAGMAcABHADIAawBzAFQARABYADgALwBFAGsARwBJAE8ALwBsAEMAcQBRAG0AVQA1AHoASABtAC8AbwBKADMAbQBPAEoAVQAyAHIANgBnAGYAeABRAFgAUwBQAHYAUgBzADcAMgBaAHoAKwAzAEIAZgBYAHUAMgBIADUARwAvADcAdwBkAGcARABEADYAOAB5AFkAeQArAHoANgBJADUAVgBUAEoAeQBsADcATgBuAC8ATgBIAE4AUABwADgAbwBsAFoARQBTAGQAVgAwADEAKwBVADgAWQB3AGkAeQBrAEQAZwB1AG0AaQBDAE4ANABXAHgATQBLAEMATgBFAEMAdwBBAG0AOAAyAG4ANAAvAE8AYwBXAEEAWgAwAFAAZQBrAFEAWABrAFkATABDAGsAOQBhAHQAQwBsAFIAbgB1AFQASABxAFMASwBGAE4AdABmAFcAUgBOADkATgA4AEUAVwBRAHgAdgBVAHYAcwB1ADgAYgBUAEYAZgA5AEMAMABzAEgARABTAGcAMwBmAEQAQgBFAHEAdQB4AGUAVgBBAEsAdQBRAFgARwBoAEoANQBIAEEAOQBuADQAeABzAHkAUAB2AGsAVABRAHAAdABBAHUAQgBiADQAQgBjAHgAQQBRAEUAawA2AGwASwBuAG0AbQA1AHAAeQBEAE0AQgBEADgAMQBoAFMAbAAwAFoAbQBQAHcALwBrAGgAWgBiAFYAWAAyAHIATgB1AEQATwBPAGEAVABUAGUAOQBBAEQAVwBXAEMAegB0ACsAOQBNAG4ARgBQAFgAdwBTAGgANwAyAEwAOAA2AGYAcgBQADYASgA4AG4AUgB3AE0ARgBGACsAZQBsAGQAMQBPADYANwA1AHcAMQBSAGgAUQBZAEUANQBEAEcAYwBxAEsAeQBUAHkAZgBPAHYAVwBSAGgAcgBOAC8AYQBFAEYAcABKADEAeQBKAEMAbgBDAHcAcwBVAGMAcABOAEsAdABEADUANQB3AFEARAA0AEYANQBkAHcAcwBZAHMAZAA4AHQAeQBwAGsAMwBNADgATgBTAEkAWQBTAHcAYQBwAHoAUgBLACsAQQBuAFoAQwAzAGsANwBHAGwAMwB6AG0AYgBoAFIANgA5AE0AdgBOADgAYgA0AFQAKwBHAGkAcwBuAFIAQQA3AHAATABXAFUATwBTAEYAdABrAEsAOQBWAEYAYgBrAE4AYgBRAGQAQwBiAFUAYQBBAGcAZwBZAG4AQgBGAHoALwBVADMAMQA0AHMAQwBCADcAYwBSADEASQBXAFcATQBjAFAARQBFAFoATQB2AEEAKwBsAFcAZQB5AHEAcgBrAHgAQgBaADEAbABJADUAdAA3AEUAMwBBAHEAVwAvADYAdwBnADQAKwBhAFoASQB3AEoAaABmAEMAVgBVADUASgBTAGUASgBDAFQAbAA1ADIARwB3AFUAMgBLADYAawBIADAAZwBwAEMASwBIAEcAMAAzAE4AbgA0AHMAYgB4AEwAQQBnAHMAcAAvAHQATAB2AGoAUQBEAFgAOQBxAEkARgA3ADgASwB2AG8AQgA2AGwASgA3AHgAMgBtAFEANQBTADAAbwB0AC8AYgBxAGEATQA4ADYAQwBHAGwALwBqAGwASQBsADIAcgB5AEwAdABsAGIAbABJAGgAUgB2AHoAcgBOADYAZgBWAC8AUAB1AFAARQBVAFoAQgBDAEwAcQA2AGkARQBOADIANABmAEkASgBXAGIATAA3AFUAYgAwAEIASgAxAFgASgBMADIAZwBQAG4AQQBmAHkAbQBKADgASABEAGEAaQArAHIARQAwAFAAZQBGADMASAB3AFQAbABRAFoAdQBBAE4AVQA4AHEAQQBQAC8AMABWAGUAYgBVAHIANwBiADUAYwBSAHYAaQBkAGQAdgBjAEsAWQBPAFIAcAA5AEgAYwB1AGIAcQBYAG8ATwA3AHoAbQAzAG4AQwBzADYAMgBxAGIATwBxAGgAOQBtAGIAdQAxAFAAUwBEAEwAUwBiADQAWABYAG4ARgBmAE4AQgBOAEkATgBPAFQAbwBJAEQAUwBrAEEAQQBBAEEARABqAFIATwBhAFMAYwBBAHQAeQBvAG8AKwBRAG4ASgBuAHMAUABKAE8AOQBaAEIAKwBPAGgAeAB3AHYAQwA0AGUATABBAEQAaQA3AHoAbQA5AEcAbQBEAFcAaABXAEsAeAArAGgAVAB0AHEAKwBxAGIAbABRAGYAKwBRAHQAYwBiAHgAZAA0AGwAcwA4AGIARABSAFcAOABnAE8AaQBPAEkAUwBGAE0ATwAwADwALwBLAGUAeQBwAGEAaQByAD4APABLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA4ADwALwBLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA8AEMAZQByAHQAPgBNAEkASQBFAEkAVABDAEMAQQArAEMAZwBBAHcASQBCAEEAZwBJAFUAZABCAEgAVABvAGgARQBhAEwAcABzAEUAYgAxAGMANwAwADQAdwB1AGwAYQBLAEIAUAA2AFEAdwBDAFEAWQBIAEsAbwBaAEkAegBqAGcARQBBAHoAQQBqAE0AUwBFAHcASAB3AFkARABWAFEAUQBEAEUAeABoAFUAYgAyAHQAbABiAGkAQgBUAGEAVwBkAHUAYQBXADUAbgBJAEYAQgAxAFkAbQB4AHAAWQB5AEIATABaAFgAawB3AEgAaABjAE4ATQBUAEUAdwBPAEQARQB3AE0AVABJAHgATQBUAEUANQBXAGgAYwBOAE0AVABJAHcATQBqAEEAMgBNAFQASQB4AE0AVABFADUAVwBqAEEAdABNAFMAcwB3AEsAUQBZAEQAVgBRAFEARABIAGkASQBBAE0AQQBBAHcAQQBEAEUAQQBPAEEAQQAzAEEARQBZAEEAUgBnAEIARgBBAEQAawBBAE0AdwBBADEAQQBFAFkAQQBOAEEAQQB6AEEARQBVAEEAUgBRAEEAQQBNAEkARwBmAE0AQQAwAEcAQwBTAHEARwBTAEkAYgAzAEQAUQBFAEIAQQBRAFUAQQBBADQARwBOAEEARABDAEIAaQBRAEsAQgBnAFEARABBAGUAKwA0AEEAOQBPAFcASABmAG8AKwBkAE8ASQBBAFkAbABXADgAQgBTAEEAdQBpAGMATwB3AGsALwBrAEEANwBSADMATwB1AEQAdwBJAGwAWgBqAGIAdgBnAEkAVwBGAHAATAB1AFAAWgBwAEQALwA0AFgAbwBlAHcAQwA2AGsAKwB5AFQAWgBkAGIALwBNAFUAUAA1AEYAWQBjAG8AdwBWAEoAcwBjAGEATgBYAG4AZwAwADcAcABQAG0AdgBzAGQASQAyAEEAbQB1AHIAQwA1AE8AYgA3AGcAZgBVADEALwBRAGcAZgBrAE4AdABaADEAZAAwAHoAbgB1AFEAawBUAHQAOQB1AHMAbABZADMAcgBhAFAAUwBpAG4AaQA3AEMAKwBZAGcANgBpADIAMgBIAEwAQgBxAGkASgBIAFkANQBoADIARgBOAHIAUQB6AFkAUQBJAEQAQQBRAEEAQgBvADQASQBDAG8ARABDAEMAQQBwAHcAdwBEAGcAWQBEAFYAUgAwAFAAQQBRAEgALwBCAEEAUQBEAEEAZwBXAGcATQBCAE0ARwBBADEAVQBkAEoAUQBRAE0ATQBBAG8ARwBDAEMAcwBHAEEAUQBVAEYAQgB3AE0AQwBNAEkASQBCAC8AdwBZAEQAVgBSADAAZwBCAEkASQBCADkAagBDAEMAQQBmAEkAdwBnAGcASAB1AEIAZwBvAHIAQgBnAEUARQBBAFkASQAzAE0AdwBNAEMATQBJAEkAQgAzAGoAQwBDAEEAZABvAEcAQwBDAHMARwBBAFEAVQBGAEIAdwBJAEMATQBJAEkAQgB6AEIANgBDAEEAYwBnAEEAVABRAEIAcABBAEcATQBBAGMAZwBCAHYAQQBIAE0AQQBiAHcAQgBtAEEASABRAEEASQBBAEIAawBBAEcAOABBAFoAUQBCAHoAQQBDAEEAQQBiAGcAQgB2AEEASABRAEEASQBBAEIAMwBBAEcARQBBAGMAZwBCAHkAQQBHAEUAQQBiAGcAQgAwAEEAQwBBAEEAYgB3AEIAeQBBAEMAQQBBAFkAdwBCAHMAQQBHAEUAQQBhAFEAQgB0AEEAQwBBAEEAZABBAEIAbwBBAEcARQBBAGQAQQBBAGcAQQBIAFEAQQBhAEEAQgBsAEEAQwBBAEEAYQBRAEIAdQBBAEcAWQBBAGIAdwBCAHkAQQBHADAAQQBZAFEAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEMAQQBBAFoAQQBCAHAAQQBIAE0AQQBjAEEAQgBzAEEARwBFAEEAZQBRAEIAbABBAEcAUQBBAEkAQQBCAHAAQQBHADQAQQBJAEEAQgAwAEEARwBnAEEAYQBRAEIAegBBAEMAQQBBAFkAdwBCAGwAQQBIAEkAQQBkAEEAQgBwAEEARwBZAEEAYQBRAEIAagBBAEcARQBBAGQAQQBCAGwAQQBDAEEAQQBhAFEAQgB6AEEAQwBBAEEAWQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQQBnAEEARwA4AEEAYwBnAEEAZwBBAEcARQBBAFkAdwBCAGoAQQBIAFUAQQBjAGcAQgBoAEEASABRAEEAWgBRAEEAcwBBAEMAQQBBAGIAZwBCAHYAQQBIAEkAQQBJAEEAQgBrAEEARwA4AEEAWgBRAEIAegBBAEMAQQBBAGEAUQBCADAAQQBDAEEAQQBiAFEAQgBoAEEARwBzAEEAWgBRAEEAZwBBAEcARQBBAGIAZwBCADUAQQBDAEEAQQBaAGcAQgB2AEEASABJAEEAYgBRAEIAaABBAEcAdwBBAEkAQQBCAHoAQQBIAFEAQQBZAFEAQgAwAEEARwBVAEEAYgBRAEIAbABBAEcANABBAGQAQQBCAHoAQQBDAEEAQQBZAFEAQgBpAEEARwA4AEEAZABRAEIAMABBAEMAQQBBAGQAQQBCAG8AQQBHAFUAQQBJAEEAQgB4AEEASABVAEEAWQBRAEIAcwBBAEcAawBBAGQAQQBCADUAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYwB3AEIAaABBAEcAWQBBAFoAUQBCADAAQQBIAGsAQQBJAEEAQgB2AEEARwBZAEEASQBBAEIAawBBAEcARQBBAGQAQQBCAGgAQQBDAEEAQQBjAHcAQgBwAEEARwBjAEEAYgBnAEIAbABBAEcAUQBBAEkAQQBCADMAQQBHAGsAQQBkAEEAQgBvAEEAQwBBAEEAZABBAEIAbwBBAEcAVQBBAEkAQQBCAGoAQQBHADgAQQBjAGcAQgB5AEEARwBVAEEAYwB3AEIAdwBBAEcAOABBAGIAZwBCAGsAQQBHAGsAQQBiAGcAQgBuAEEAQwBBAEEAYwBBAEIAeQBBAEcAawBBAGQAZwBCAGgAQQBIAFEAQQBaAFEAQQBnAEEARwBzAEEAWgBRAEIANQBBAEMANAB3AFUAdwBZAEQAVgBSADAAagBCAEUAdwB3AFMAbwBBAFUAawBFAGEAMQBCAHIAOAAxAFEAdgBuAHcAeABrADUATABoAEMAOQA4AHAAaQBsAFMATAA4AGkAaABKADYAUQBsAE0AQwBNAHgASQBUAEEAZgBCAGcATgBWAEIAQQBNAFQARwBGAFIAdgBhADIAVgB1AEkARgBOAHAAWgAyADUAcABiAG0AYwBnAFUASABWAGkAYgBHAGwAagBJAEUAdABsAGUAWQBJAEoAQQBOAGoAcAA5AHgAUgBrADkATABlAEIATQBCADAARwBBADEAVQBkAEQAZwBRAFcAQgBCAFIAcwBPADgAbABPAEoAWABBAE0ATABvAEEAdwBUAFcAWQBPAGEARABTACsAVQBsADgAZwBWAFQAQQBKAEIAZwBjAHEAaABrAGoATwBPAEEAUQBEAEEAegBBAEEATQBDADAAQwBGAEEAcgBDAGEAQgBEAEMAMQBmAFcAcgAzADkAZQAwAHMANgBEAGYAbwBoAEYAUwBLAFAAcwAxAEEAaABVAEEAZwBVAC8AcgBLAG0AbABoAEkAegB4AHQAVwBzACsAZwBMAHAAVgA1AHAAYQA4ADIATABOAEEAQQA8AC8AQwBlAHIAdAA+ADwARQB4AHAAaQByAGUAZABUAGkAbQBlAD4AMgAwADEAMgAtADAAMgAtADAANgBUADEAMgA6ADEANgA6ADEAOQA8AC8ARQB4AHAAaQByAGUAZABUAGkAbQBlAD4APAAvAEMAZQByAHQASQBuAGYAbwA+AA==</Certificate></User></Data>
"
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows Defender]
"CachedProxyAccessType "="1"
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC]
"Data"="ct%3D1465470278%26hashalg%3DSHA256%26bver%3D12%26appid%3DDefault%26da%3D%253CEncryptedData%2520xmlns%253D%2522hxxp://www.w3.org/2001/04/xmlenc%2523%2522%2520Id%253D%2522devicesoftware%2522%2520Type%253D%2522hxxp://www.w3.org/2001/04/xmlenc%2523Element%2522%253E%253CEncryptionMethod%2520Algorithm%253D%2522hxxp://www.w3.org/2001/04/xmlenc%2523tripledes-cbc%2522%253E%253C/EncryptionMethod%253E%253Cds:KeyInfo%2520xmlns:ds%253D%2522hxxp://www.w3.org/2000/09/xmldsig%2523%2522%253E%253Cds:KeyName%253Ehxxp://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValue%253ECTDtR75SC156cr76Dnzlij8JT8NfuTMGduqhfpRFX1vYCPqS5J1wiAOBe/lQaHGN7hlL2Ii5z3XiGdQOJeab77eiI1Pb4vfEcF12LIc4/ABfLSRuxNTqnagT4AefkQeGl2e4kEeGL8kljGpl2f21LBlcjjTWVXFiZNjFc9onZxwAu1zIBjq6UMTUjfRnLDxn/9sI2nOhyC15TwtzFZnVmXqw%252BVXsbRXIO4EGmSPlZBlf2CZOIJg3N1VNckQEh7AD%252BH0hqC7fLnK9VlYH%252BNV/PRMh6s3FiqQf4Dc/Vy3ntek/Il4HJV90dnCnmkN9QQzrf0I66yW3eeMbTg4xYMzrdbh1DKLxnAdvVdxb%252B3cS4FTolAweGq2%252BfF6wgI7pTzRKl5J6ZkL4FK3pMyGfUbpMYAcNSesOsDxHgwtmt%252Baf0u/8wCNNAJklCw6PsB70zg5mk51lDYgxiT9Ts4uc8i/nKaZBocrtR3p4Wv%252BLaxP7pnBz%252BNGTCjV3uv2bMUvaAX4uYc8AA0Fs8eM5mi4Ku/WgtRZ5RvUQjXONq/iD2yd69jY1BiKzggjvddaUE/XtLhgQ67xfzkr%252BVF8/7d%252BGD4BzO9TiplRaSzetpMl9S7oYrqHmICxXk%252B3loPUOcmBq/lDeTFE3BeGaz9Kytg9Nvu6/vLPX4bnaALwW2Dwc/6gZHZdlCT%252BbAbetVbZrA5w7yfyIngTXq7gOUHGjb4ihs8FyltTHMtAQG9rZ0kATMcBpgwvQ%253C/CipherValue%253E%253C/CipherData%253E%253C/EncryptedData%253E%26nonce%3DbL46FOhl9h67lwgyR8euQ26ZdNOpbrG%252B%26hash%3DK6VVzyPssZOMmBhodKaHPB%252BgJwoBOILj4PkWG8wAHZs%253D%26dd%3D1; path=/; domain=login.live.com; secure; httponly"
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe"="0x534143500100000000000000070000002800000020CD0100566002000100000000000000000003067102000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000AF7A0000000000000400000004000000"
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d112e3504d0c94\588addd4]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPagePrivacyAccountInfo/Description}"="Einstellungen zum Datenschutz von Kontoinformationen"
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d112e3504d0c94\588addd4]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPagePrivacyAccountInfo/HighKeywords}"="Benutzerinformationen;user information"
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d112e3504d0c94\588addd4]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPagePrivacyAccountInfo/Keywords}"=""
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d112e3504d0c94\588addd4]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPagePrivacyAccountInfo/LowKeywords}"="Steuerelemente Steuerelement;steuern steuert;beschränken beschränkt beschränkend;einschränken eingeschränkt einschränkend;Name;Bild;Controls control;restrict restricts restricted restricting; name; picture"
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001_Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d112e3504d0c94\588addd4]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPagePrivacyAccountInfo/Description}"="Einstellungen zum Datenschutz von Kontoinformationen"
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001_Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d112e3504d0c94\588addd4]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPagePrivacyAccountInfo/HighKeywords}"="Benutzerinformationen;user information"
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001_Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d112e3504d0c94\588addd4]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPagePrivacyAccountInfo/Keywords}"=""
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001_Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d112e3504d0c94\588addd4]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPagePrivacyAccountInfo/LowKeywords}"="Steuerelemente Steuerelement;steuern steuert;beschränken beschränkt beschränkend;einschränken eingeschränkt einschränkend;Name;Bild;Controls control;restrict restricts restricted restricting; name; picture"
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\PhysicalDeviceID\01Hq3z_HjVR3pOA5JbHvzX0Q]
"DeviceId"="<Data><User username="01HQ3Z_HJVR3POA5JBHVZX0Q"><Pwd Det="true">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA9eEnOTAF30uuT787+mHWrQQAAAACAAAAAAAQZgAAAAEAACAAAABLUIqoSG1fiB0JojlZmWjrC0T+uA937a1WwsYSffxEegAAAAAOgAAAAAIAACAAAAB3c+YnAiQPrme01JBjuu0OzErU4/7REVDXZX0hcT2xkUAAAACm1rRYdve/eROFnCPIzHDgOur9VUSEU6WhAu88/QsbzkwS2GZtVE+wmOiFCwUN3tWjRSBApsQjhm5JvRgDqI9+QAAAAKHi/T8RTAZwxBrRAMiBLHSZvxIc6fWvnwCEGl03XFjekIlPGUfIcI9g/aWg+A+0eSOuH92Qr9OM69J8aDxGpfM=</Pwd><Certificate targetname="WindowsLive:(cert):name=01hq3z_hjvr3poa5jbhvzx0q;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEATgA3AEQAQwBLAHoAWABpAFkAawBpAEIAQgBzADYAUQBUADgATgBIADMAdwBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEEANQBJAHcAYwBXAHMANQBqAC8AeQAyAE0AZQAvAHUAQgBvADMAUwAvAHEARgBFADQAawBCAGkAMgBpADQAWgB3AHUAcgBXAC8AYQByAFIAcQB2AEIAQQBBAEEAQQBBAEEATwBnAEEAQQBBAEEAQQBJAEEAQQBDAEEAQQBBAEEARABZAHMAbgBYAHgAVgBKAEYAYwBzAGgAdgBKADMASwBmAG4AdgA2AHcAVwBjAHoAaQA1AGwASgA5ADMAUQA4AHYAbgBMAEEAcgA0AGsAKwBmAGEAZABtAEEAQwBBAEEAQgBTAHUAZAA3ADgASgBqAEQAdABnAFgARQA4AHoASgBrAGgAaABVADMAbQBjAG0AeQAyAEIAKwBGAFIAVQBoAGgAOQBiADcAbwBWAFEAbgBCAFgAcwAvAFQAOABEADUAawBzAGEAdgBtAGMAdQA0AFEANgA1AFMAUQA5AGcAZQBEAEsASABPADcAZQBlAFYATwBJAEcAYQBiAEoAUQBpAGUAOAA0AFcAdgBiAFgAcgBwAGYAbgBpACsAVgB5AGwAUQBVAHcAbQBlADMAYQBzADUALwBLAFEAKwBLAGwAdgB2ADcAbAAxACsANwB3AGQATQBDAFUARgBZADEAMgA5AFEASgBqAGkAYwBmADkAbwB0AGcAKwBVAGUAUgBXADAAOQBxAEIAawBCAHkAdQBhADIAawB1AGIASAA5AHMANgBmADQAOABXAEsAdwBiAHQAMwBLAEoAUQBMAEcAVQBHAGwANABDAGkAZQArAGoAcgBLAHIAbQBmAG0AVwBHAHQAWABVAEMAWgBXAFkAKwBqACsALwBOAHUAbABZADIAYwBPAFgANwB0AGUATgAxADcAcgBpAFQANgBJAGUAOQAvADAAdABZAGEAOABGAFQAOQBZAFgARwBIAC8AQgBKAHgAaABaAGUAegBMADQALwAzAFoARwBwAGsAaQB6AHYAaABHADgANgBCADMAZwAyAFgATAB4AHMAMAA4AFQARABhAHQAOQBYAEkAUQBYAHUANgBYACsANwA2AFkAaQB4AEkAUAAxAFgAKwBLAE4AQwA2AEMAUAArAG4AZQBaAHQANgA5ADkARQBGAEIAYwAvAHoAWABNAFgAeQBSADQANwBUADUASwBiADIAOAB0AGEAawBIAFIANgBDAE8AZwBtAEoARwBKAGIALwBPADUAbgBHAEcARwBmAFgAegB2AHIAeQBZAFEAeQBNAFkAVwBaAG4ARABRAEYAZQBzAEEAcABOAEoASwBOAE0AcgBoAGIAMAB4AEcASQBJADUAMQBtAFcAWQBzAHcAQwBSAHcAMQAzAFUAOABLAGEAaQBaADMATgB6AHUAZgBsAGEAdABtAFcAVQBkAEEAWABnADkAaABMAGQAcwB3AEgAbABwAEoAagBNACsAZQB1AHkASQBoAEcASABOAFQAOQA2ADMAMwBYADYAMABsAFkAeAA5ADAARgBjADcARwBmAGwASwArAEEAegB2AE4ANgBIAHIAWgB2ADYAdQBPAEsAUQAwAHkAQQA4AEIATwBKADAAKwBVAHQAZwBvAHAASQBtAHQANgBxAEkANwB2ADcANgBLAEIAYQBUAFkAcABHAFIATAAzACsAOQB3AGoAMwBWAE0AdQBsAHAAeABYAHUAUQBPAEgAQQBJAHIAVQA4AFgAWQBmAEEAdABRADQAQQBCAEwANgBWAEMAQQBuAFoAMwA5AHoAZgBpAEMARABxAFYARwB0AHYALwBuAE4AZQBDAHQAaQBGADcAagBMAFQAYwBKAE4ARgBXAFAAZgBsAHIATQBCAHcAVwBpAHUAcQArADEASgBWAGsAbABzADkAcQBYAC8AQgBJAE0ASAB4ADAAQwBlACsAOABnAGIAVAA3AGcAdwAzAHoAUQBBAGkAbABoAE0AZwBUAE4AaQB0AGoAdQBBAHYANQBGAEMAOQBVAHEAeQBJADkAMwBSADcAaABqAGwAYwB1AFYAZwB3AHYAbgBVAGMAagBCAEIAMgBQADIAbwBkAE8AQwBkAE8AcABQAHAAaABuADYANAA5AHYASAA3AGYAaABXAGgAdwBWAFcAaQBZAGEAZABOADIAZQBTAHoAcwBpAGYAZgBqAFcAdgB6AEcAeABPAG8AMgB6AFoAMwAxAHYAMgBLAFYAYwAxADEAcQBSAHoAQwBSAC8AUQBsAGsAVABNAGkASwB3AFcAcQBhAGEARAB5ACsAQwBGAHIAWABtAEwAVABnAFcASgByAHkASgA5ADEAVABRAHEAYQBOAEYAeQBLADcAbQBHADgAZwBFAEgAeAByAG0ARgBMADcAcABoAFMATABwAHAAeQBRAGQAegBWADUAbgB3AC8AVQBWAEMAaABNADUATQAwAEoANwBqADEAYQB4AHUAQwBQAEsAVwBlAE0AWABHAC8AUQA0AFQAeQAwAEEAQQBBAEEAQwBDAGkAeAA2AG0AYgBIAEcAVABDAFoAbABYAEkAWQBIAFMANgBzAEMAVQBQADUARgBZAEUATABVAGcATgBmAGIASwBiAEkAagBNAFIAQgBqAEoAMQB0AFYAMQBjAGMALwA3ADYAZQBEAEcAbQB0AFgASwBXAGMARwBQAG8ASwBRAFUAWQA4AHYALwA2AFIAYQBaAHcAOABzAGcAbwB4AHoARAA5AFQAeQBsADwALwBLAGUAeQBwAGEAaQByAD4APABLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA4ADwALwBLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA8AEMAZQByAHQAPgBNAEkASQBFAEkAVABDAEMAQQArAEMAZwBBAHcASQBCAEEAZwBJAFUAWgAvADkARgBZAHgANwBjAEQAbwA4AFEATQBRAHYAOAA1ADAAaQBDAFMAcwBiAGwAMwAwADAAdwBDAFEAWQBIAEsAbwBaAEkAegBqAGcARQBBAHoAQQBqAE0AUwBFAHcASAB3AFkARABWAFEAUQBEAEUAeABoAFUAYgAyAHQAbABiAGkAQgBUAGEAVwBkAHUAYQBXADUAbgBJAEYAQgAxAFkAbQB4AHAAWQB5AEIATABaAFgAawB3AEgAaABjAE4ATQBUAFUAdwBOAHoASQAwAE0AVABNAHgATgBqAFEAMwBXAGgAYwBOAE0AVABZAHcATQBUAEkAdwBNAFQATQB4AE4AagBRADMAVwBqAEEAdABNAFMAcwB3AEsAUQBZAEQAVgBRAFEARABIAGkASQBBAE0AQQBBAHcAQQBEAEUAQQBPAEEAQQB3AEEARABBAEEATQBBAEEAdwBBAEQAawBBAE4AQQBBAHcAQQBEAEkAQQBOAFEAQQA0AEEARQBNAEEAUgBnAEEAQQBNAEkARwBmAE0AQQAwAEcAQwBTAHEARwBTAEkAYgAzAEQAUQBFAEIAQQBRAFUAQQBBADQARwBOAEEARABDAEIAaQBRAEsAQgBnAFEAQwArAFUAQgBMAFMATABMADcAdgBXAGkAYgBvAEwAZwBYAHcAQwBFAGQAUgAwAEkAZwB0AG0AYgAzADEAZQB3AE4AYQAzAFoANgA1AEMAYQBYAHgAegBtAGYAdQBFAFIARABiAEkAZQBOAGUAbQBwAFcANABZADMAcAAxAG4ARABHAC8AeQBvAFcAMgBaAHMAMgBwADEAMQBEAHoATQBUAFQASwBDAGoANQBXAHQAUQAwAHMAWgA0AC8ATQBlAEUAUwB1AHIARwByAGgARwA5AGgARQBzAHkAUQAwADYAVwB2AHMANgBhAGUAdwBEAGMAMwBhAGYAWgBZAGsAUgBIADkAdgBWAHYAcgB3AFYAdABqAG4AcwBMAGEAVwBNAG0AbwBVAEgARwB4AGsAdQAxAGEAWQBLAHkAVABsADQATAAwAG4ASQBEAEgARABKAFYAMQBNAE4AdwBJAEQAQQBRAEEAQgBvADQASQBDAG8ARABDAEMAQQBwAHcAdwBEAGcAWQBEAFYAUgAwAFAAQQBRAEgALwBCAEEAUQBEAEEAZwBXAGcATQBCAE0ARwBBADEAVQBkAEoAUQBRAE0ATQBBAG8ARwBDAEMAcwBHAEEAUQBVAEYAQgB3AE0AQwBNAEkASQBCAC8AdwBZAEQAVgBSADAAZwBCAEkASQBCADkAagBDAEMAQQBmAEkAdwBnAGcASAB1AEIAZwBvAHIAQgBnAEUARQBBAFkASQAzAE0AdwBNAEMATQBJAEkAQgAzAGoAQwBDAEEAZABvAEcAQwBDAHMARwBBAFEAVQBGAEIAdwBJAEMATQBJAEkAQgB6AEIANgBDAEEAYwBnAEEAVABRAEIAcABBAEcATQBBAGMAZwBCAHYAQQBIAE0AQQBiAHcAQgBtAEEASABRAEEASQBBAEIAawBBAEcAOABBAFoAUQBCAHoAQQBDAEEAQQBiAGcAQgB2AEEASABRAEEASQBBAEIAMwBBAEcARQBBAGMAZwBCAHkAQQBHAEUAQQBiAGcAQgAwAEEAQwBBAEEAYgB3AEIAeQBBAEMAQQBBAFkAdwBCAHMAQQBHAEUAQQBhAFEAQgB0AEEAQwBBAEEAZABBAEIAbwBBAEcARQBBAGQAQQBBAGcAQQBIAFEAQQBhAEEAQgBsAEEAQwBBAEEAYQBRAEIAdQBBAEcAWQBBAGIAdwBCAHkAQQBHADAAQQBZAFEAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEMAQQBBAFoAQQBCAHAAQQBIAE0AQQBjAEEAQgBzAEEARwBFAEEAZQBRAEIAbABBAEcAUQBBAEkAQQBCAHAAQQBHADQAQQBJAEEAQgAwAEEARwBnAEEAYQBRAEIAegBBAEMAQQBBAFkAdwBCAGwAQQBIAEkAQQBkAEEAQgBwAEEARwBZAEEAYQBRAEIAagBBAEcARQBBAGQAQQBCAGwAQQBDAEEAQQBhAFEAQgB6AEEAQwBBAEEAWQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQQBnAEEARwA4AEEAYwBnAEEAZwBBAEcARQBBAFkAdwBCAGoAQQBIAFUAQQBjAGcAQgBoAEEASABRAEEAWgBRAEEAcwBBAEMAQQBBAGIAZwBCAHYAQQBIAEkAQQBJAEEAQgBrAEEARwA4AEEAWgBRAEIAegBBAEMAQQBBAGEAUQBCADAAQQBDAEEAQQBiAFEAQgBoAEEARwBzAEEAWgBRAEEAZwBBAEcARQBBAGIAZwBCADUAQQBDAEEAQQBaAGcAQgB2AEEASABJAEEAYgBRAEIAaABBAEcAdwBBAEkAQQBCAHoAQQBIAFEAQQBZAFEAQgAwAEEARwBVAEEAYgBRAEIAbABBAEcANABBAGQAQQBCAHoAQQBDAEEAQQBZAFEAQgBpAEEARwA4AEEAZABRAEIAMABBAEMAQQBBAGQAQQBCAG8AQQBHAFUAQQBJAEEAQgB4AEEASABVAEEAWQBRAEIAcwBBAEcAawBBAGQAQQBCADUAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYwB3AEIAaABBAEcAWQBBAFoAUQBCADAAQQBIAGsAQQBJAEEAQgB2AEEARwBZAEEASQBBAEIAawBBAEcARQBBAGQAQQBCAGgAQQBDAEEAQQBjAHcAQgBwAEEARwBjAEEAYgBnAEIAbABBAEcAUQBBAEkAQQBCADMAQQBHAGsAQQBkAEEAQgBvAEEAQwBBAEEAZABBAEIAbwBBAEcAVQBBAEkAQQBCAGoAQQBHADgAQQBjAGcAQgB5AEEARwBVAEEAYwB3AEIAdwBBAEcAOABBAGIAZwBCAGsAQQBHAGsAQQBiAGcAQgBuAEEAQwBBAEEAYwBBAEIAeQBBAEcAawBBAGQAZwBCAGgAQQBIAFEAQQBaAFEAQQBnAEEARwBzAEEAWgBRAEIANQBBAEMANAB3AFUAdwBZAEQAVgBSADAAagBCAEUAdwB3AFMAbwBBAFUAYQBJAFMAbwBsAG8AVgBsAGsAVgAvAFAANABKAEcAawBnAFUARwBqAGcAegBqAHIAVgBTAEMAaABKADYAUQBsAE0AQwBNAHgASQBUAEEAZgBCAGcATgBWAEIAQQBNAFQARwBGAFIAdgBhADIAVgB1AEkARgBOAHAAWgAyADUAcABiAG0AYwBnAFUASABWAGkAYgBHAGwAagBJAEUAdABsAGUAWQBJAEoAQQBLAHMAKwBGAFMAdwBrAHkAZQBjAGgATQBCADAARwBBADEAVQBkAEQAZwBRAFcAQgBCAFEAagBjADQATgBWADcATABCAHYANwBaAC8AYwBCADkAcQBNAHoARwBVAEgAMwA4ADgAeQAzAGoAQQBKAEIAZwBjAHEAaABrAGoATwBPAEEAUQBEAEEAegBBAEEATQBDADAAQwBGAEUAVwBCAGgAVgBUAEUAdAB4AFMANABNAHEAYQBwADcAegBuAHMAWABzAE4AWQBTADUASwBpAEEAaABVAEEAcwBoAFoAVgBpAG0AaABHAEgAUQA4AEwAdwB6AGIAaQB4AGsAdABYADgANQByAGUAQwBDAE0AeAA8AC8AQwBlAHIAdAA+ADwARQB4AHAAaQByAGUAZABUAGkAbQBlAD4AMgAwADEANgAtADAAMQAtADIAMABUADEAMwA6ADIAMQA6ADQANwA8AC8ARQB4AHAAaQByAGUAZABUAGkAbQBlAD4APAAvAEMAZQByAHQASQBuAGYAbwA+AA==</Certificate></User></Data>
"
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-689365640-92009327-2566536619-500\02tjtxrqaveq]
"DeviceId"="<Data><User username="02TJTXRQAVEQ"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA9eEnOTAF30uuT787+mHWrQQAAAACAAAAAAAQZgAAAAEAACAAAABnRXxkpHZOR0lbYOEi68MBFPPFM/AidJeAxxub0lLpJwAAAAAOgAAAAAIAACAAAACL1Tv/lRMZSGsOMX4La4CGTIT0bkoCHH4b8bwVw8LiNjAAAABQcBfGRGAFzFUtXNxEZos0ZDw2zIhahr4SAyAgncqyzMfXCRktZne/IrmDMkdwjjhAAAAAiZPKYI3HOz9Zlwkyb2y3rK/OKTEmaNzcyOiktbQ9zsvjAhjI/RGPWQxUGD+ZeWX+qehJvc/5pZAwEWXUJuBLlA==</Pwd><Certificate targetname="WindowsLive:(cert):name=02tjtxrqaveq;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAOQBlAEUAbgBPAFQAQQBGADMAMAB1AHUAVAA3ADgANwArAG0ASABXAHIAUQBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEEAOQArADEAcwBxAEIAMQBSADUAWgB1AFcAQgBTAE8AZgBaAEIAawBnAE4AWgA3AHoASQBNAEQAbAByAEYAUAB2AGoATgBUAHAAKwA4AGEAcQBPADUAdwBBAEEAQQBBAEEATwBnAEEAQQBBAEEAQQBJAEEAQQBDAEEAQQBBAEEAQgBUAEkAZAAwAE8AUgArAHcAVABCAFUAbABKAGoATgBHAFIAbABaADAATwBiADYAbgBOAGcAcQBYAFIATgBxAG4AOQBsAGsASwBRAGUAaQBHAGYATwBXAEEAQwBBAEEAQQBXAHQAMgBuADgAUABCAEsAVABBAHQATgBPAHIAUQBXAE0AcwBMAFIAbQBjADUAbAB2AHcASwB3AGQAQwBzAEoAZgBGAGMAcABHADIAawBzAFQARABYADgALwBFAGsARwBJAE8ALwBsAEMAcQBRAG0AVQA1AHoASABtAC8AbwBKADMAbQBPAEoAVQAyAHIANgBnAGYAeABRAFgAUwBQAHYAUgBzADcAMgBaAHoAKwAzAEIAZgBYAHUAMgBIADUARwAvADcAdwBkAGcARABEADYAOAB5AFkAeQArAHoANgBJADUAVgBUAEoAeQBsADcATgBuAC8ATgBIAE4AUABwADgAbwBsAFoARQBTAGQAVgAwADEAKwBVADgAWQB3AGkAeQBrAEQAZwB1AG0AaQBDAE4ANABXAHgATQBLAEMATgBFAEMAdwBBAG0AOAAyAG4ANAAvAE8AYwBXAEEAWgAwAFAAZQBrAFEAWABrAFkATABDAGsAOQBhAHQAQwBsAFIAbgB1AFQASABxAFMASwBGAE4AdABmAFcAUgBOADkATgA4AEUAVwBRAHgAdgBVAHYAcwB1ADgAYgBUAEYAZgA5AEMAMABzAEgARABTAGcAMwBmAEQAQgBFAHEAdQB4AGUAVgBBAEsAdQBRAFgARwBoAEoANQBIAEEAOQBuADQAeABzAHkAUAB2AGsAVABRAHAAdABBAHUAQgBiADQAQgBjAHgAQQBRAEUAawA2AGwASwBuAG0AbQA1AHAAeQBEAE0AQgBEADgAMQBoAFMAbAAwAFoAbQBQAHcALwBrAGgAWgBiAFYAWAAyAHIATgB1AEQATwBPAGEAVABUAGUAOQBBAEQAVwBXAEMAegB0ACsAOQBNAG4ARgBQAFgAdwBTAGgANwAyAEwAOAA2AGYAcgBQADYASgA4AG4AUgB3AE0ARgBGACsAZQBsAGQAMQBPADYANwA1AHcAMQBSAGgAUQBZAEUANQBEAEcAYwBxAEsAeQBUAHkAZgBPAHYAVwBSAGgAcgBOAC8AYQBFAEYAcABKADEAeQBKAEMAbgBDAHcAcwBVAGMAcABOAEsAdABEADUANQB3AFEARAA0AEYANQBkAHcAcwBZAHMAZAA4AHQAeQBwAGsAMwBNADgATgBTAEkAWQBTAHcAYQBwAHoAUgBLACsAQQBuAFoAQwAzAGsANwBHAGwAMwB6AG0AYgBoAFIANgA5AE0AdgBOADgAYgA0AFQAKwBHAGkAcwBuAFIAQQA3AHAATABXAFUATwBTAEYAdABrAEsAOQBWAEYAYgBrAE4AYgBRAGQAQwBiAFUAYQBBAGcAZwBZAG4AQgBGAHoALwBVADMAMQA0AHMAQwBCADcAYwBSADEASQBXAFcATQBjAFAARQBFAFoATQB2AEEAKwBsAFcAZQB5AHEAcgBrAHgAQgBaADEAbABJADUAdAA3AEUAMwBBAHEAVwAvADYAdwBnADQAKwBhAFoASQB3AEoAaABmAEMAVgBVADUASgBTAGUASgBDAFQAbAA1ADIARwB3AFUAMgBLADYAawBIADAAZwBwAEMASwBIAEcAMAAzAE4AbgA0AHMAYgB4AEwAQQBnAHMAcAAvAHQATAB2AGoAUQBEAFgAOQBxAEkARgA3ADgASwB2AG8AQgA2AGwASgA3AHgAMgBtAFEANQBTADAAbwB0AC8AYgBxAGEATQA4ADYAQwBHAGwALwBqAGwASQBsADIAcgB5AEwAdABsAGIAbABJAGgAUgB2AHoAcgBOADYAZgBWAC8AUAB1AFAARQBVAFoAQgBDAEwAcQA2AGkARQBOADIANABmAEkASgBXAGIATAA3AFUAYgAwAEIASgAxAFgASgBMADIAZwBQAG4AQQBmAHkAbQBKADgASABEAGEAaQArAHIARQAwAFAAZQBGADMASAB3AFQAbABRAFoAdQBBAE4AVQA4AHEAQQBQAC8AMABWAGUAYgBVAHIANwBiADUAYwBSAHYAaQBkAGQAdgBjAEsAWQBPAFIAcAA5AEgAYwB1AGIAcQBYAG8ATwA3AHoAbQAzAG4AQwBzADYAMgBxAGIATwBxAGgAOQBtAGIAdQAxAFAAUwBEAEwAUwBiADQAWABYAG4ARgBmAE4AQgBOAEkATgBPAFQAbwBJAEQAUwBrAEEAQQBBAEEARABqAFIATwBhAFMAYwBBAHQAeQBvAG8AKwBRAG4ASgBuAHMAUABKAE8AOQBaAEIAKwBPAGgAeAB3AHYAQwA0AGUATABBAEQAaQA3AHoAbQA5AEcAbQBEAFcAaABXAEsAeAArAGgAVAB0AHEAKwBxAGIAbABRAGYAKwBRAHQAYwBiAHgAZAA0AGwAcwA4AGIARABSAFcAOABnAE8AaQBPAEkAUwBGAE0ATwAwADwALwBLAGUAeQBwAGEAaQByAD4APABLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA4ADwALwBLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA8AEMAZQByAHQAPgBNAEkASQBFAEkAVABDAEMAQQArAEMAZwBBAHcASQBCAEEAZwBJAFUAZABCAEgAVABvAGgARQBhAEwAcABzAEUAYgAxAGMANwAwADQAdwB1AGwAYQBLAEIAUAA2AFEAdwBDAFEAWQBIAEsAbwBaAEkAegBqAGcARQBBAHoAQQBqAE0AUwBFAHcASAB3AFkARABWAFEAUQBEAEUAeABoAFUAYgAyAHQAbABiAGkAQgBUAGEAVwBkAHUAYQBXADUAbgBJAEYAQgAxAFkAbQB4AHAAWQB5AEIATABaAFgAawB3AEgAaABjAE4ATQBUAEUAdwBPAEQARQB3AE0AVABJAHgATQBUAEUANQBXAGgAYwBOAE0AVABJAHcATQBqAEEAMgBNAFQASQB4AE0AVABFADUAVwBqAEEAdABNAFMAcwB3AEsAUQBZAEQAVgBRAFEARABIAGkASQBBAE0AQQBBAHcAQQBEAEUAQQBPAEEAQQAzAEEARQBZAEEAUgBnAEIARgBBAEQAawBBAE0AdwBBADEAQQBFAFkAQQBOAEEAQQB6AEEARQBVAEEAUgBRAEEAQQBNAEkARwBmAE0AQQAwAEcAQwBTAHEARwBTAEkAYgAzAEQAUQBFAEIAQQBRAFUAQQBBADQARwBOAEEARABDAEIAaQBRAEsAQgBnAFEARABBAGUAKwA0AEEAOQBPAFcASABmAG8AKwBkAE8ASQBBAFkAbABXADgAQgBTAEEAdQBpAGMATwB3AGsALwBrAEEANwBSADMATwB1AEQAdwBJAGwAWgBqAGIAdgBnAEkAVwBGAHAATAB1AFAAWgBwAEQALwA0AFgAbwBlAHcAQwA2AGsAKwB5AFQAWgBkAGIALwBNAFUAUAA1AEYAWQBjAG8AdwBWAEoAcwBjAGEATgBYAG4AZwAwADcAcABQAG0AdgBzAGQASQAyAEEAbQB1AHIAQwA1AE8AYgA3AGcAZgBVADEALwBRAGcAZgBrAE4AdABaADEAZAAwAHoAbgB1AFEAawBUAHQAOQB1AHMAbABZADMAcgBhAFAAUwBpAG4AaQA3AEMAKwBZAGcANgBpADIAMgBIAEwAQgBxAGkASgBIAFkANQBoADIARgBOAHIAUQB6AFkAUQBJAEQAQQBRAEEAQgBvADQASQBDAG8ARABDAEMAQQBwAHcAdwBEAGcAWQBEAFYAUgAwAFAAQQBRAEgALwBCAEEAUQBEAEEAZwBXAGcATQBCAE0ARwBBADEAVQBkAEoAUQBRAE0ATQBBAG8ARwBDAEMAcwBHAEEAUQBVAEYAQgB3AE0AQwBNAEkASQBCAC8AdwBZAEQAVgBSADAAZwBCAEkASQBCADkAagBDAEMAQQBmAEkAdwBnAGcASAB1AEIAZwBvAHIAQgBnAEUARQBBAFkASQAzAE0AdwBNAEMATQBJAEkAQgAzAGoAQwBDAEEAZABvAEcAQwBDAHMARwBBAFEAVQBGAEIAdwBJAEMATQBJAEkAQgB6AEIANgBDAEEAYwBnAEEAVABRAEIAcABBAEcATQBBAGMAZwBCAHYAQQBIAE0AQQBiAHcAQgBtAEEASABRAEEASQBBAEIAawBBAEcAOABBAFoAUQBCAHoAQQBDAEEAQQBiAGcAQgB2AEEASABRAEEASQBBAEIAMwBBAEcARQBBAGMAZwBCAHkAQQBHAEUAQQBiAGcAQgAwAEEAQwBBAEEAYgB3AEIAeQBBAEMAQQBBAFkAdwBCAHMAQQBHAEUAQQBhAFEAQgB0AEEAQwBBAEEAZABBAEIAbwBBAEcARQBBAGQAQQBBAGcAQQBIAFEAQQBhAEEAQgBsAEEAQwBBAEEAYQBRAEIAdQBBAEcAWQBBAGIAdwBCAHkAQQBHADAAQQBZAFEAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEMAQQBBAFoAQQBCAHAAQQBIAE0AQQBjAEEAQgBzAEEARwBFAEEAZQBRAEIAbABBAEcAUQBBAEkAQQBCAHAAQQBHADQAQQBJAEEAQgAwAEEARwBnAEEAYQBRAEIAegBBAEMAQQBBAFkAdwBCAGwAQQBIAEkAQQBkAEEAQgBwAEEARwBZAEEAYQBRAEIAagBBAEcARQBBAGQAQQBCAGwAQQBDAEEAQQBhAFEAQgB6AEEAQwBBAEEAWQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQQBnAEEARwA4AEEAYwBnAEEAZwBBAEcARQBBAFkAdwBCAGoAQQBIAFUAQQBjAGcAQgBoAEEASABRAEEAWgBRAEEAcwBBAEMAQQBBAGIAZwBCAHYAQQBIAEkAQQBJAEEAQgBrAEEARwA4AEEAWgBRAEIAegBBAEMAQQBBAGEAUQBCADAAQQBDAEEAQQBiAFEAQgBoAEEARwBzAEEAWgBRAEEAZwBBAEcARQBBAGIAZwBCADUAQQBDAEEAQQBaAGcAQgB2AEEASABJAEEAYgBRAEIAaABBAEcAdwBBAEkAQQBCAHoAQQBIAFEAQQBZAFEAQgAwAEEARwBVAEEAYgBRAEIAbABBAEcANABBAGQAQQBCAHoAQQBDAEEAQQBZAFEAQgBpAEEARwA4AEEAZABRAEIAMABBAEMAQQBBAGQAQQBCAG8AQQBHAFUAQQBJAEEAQgB4AEEASABVAEEAWQBRAEIAcwBBAEcAawBBAGQAQQBCADUAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYwB3AEIAaABBAEcAWQBBAFoAUQBCADAAQQBIAGsAQQBJAEEAQgB2AEEARwBZAEEASQBBAEIAawBBAEcARQBBAGQAQQBCAGgAQQBDAEEAQQBjAHcAQgBwAEEARwBjAEEAYgBnAEIAbABBAEcAUQBBAEkAQQBCADMAQQBHAGsAQQBkAEEAQgBvAEEAQwBBAEEAZABBAEIAbwBBAEcAVQBBAEkAQQBCAGoAQQBHADgAQQBjAGcAQgB5AEEARwBVAEEAYwB3AEIAdwBBAEcAOABBAGIAZwBCAGsAQQBHAGsAQQBiAGcAQgBuAEEAQwBBAEEAYwBBAEIAeQBBAEcAawBBAGQAZwBCAGgAQQBIAFEAQQBaAFEAQQBnAEEARwBzAEEAWgBRAEIANQBBAEMANAB3AFUAdwBZAEQAVgBSADAAagBCAEUAdwB3AFMAbwBBAFUAawBFAGEAMQBCAHIAOAAxAFEAdgBuAHcAeABrADUATABoAEMAOQA4AHAAaQBsAFMATAA4AGkAaABKADYAUQBsAE0AQwBNAHgASQBUAEEAZgBCAGcATgBWAEIAQQBNAFQARwBGAFIAdgBhADIAVgB1AEkARgBOAHAAWgAyADUAcABiAG0AYwBnAFUASABWAGkAYgBHAGwAagBJAEUAdABsAGUAWQBJAEoAQQBOAGoAcAA5AHgAUgBrADkATABlAEIATQBCADAARwBBADEAVQBkAEQAZwBRAFcAQgBCAFIAcwBPADgAbABPAEoAWABBAE0ATABvAEEAdwBUAFcAWQBPAGEARABTACsAVQBsADgAZwBWAFQAQQBKAEIAZwBjAHEAaABrAGoATwBPAEEAUQBEAEEAegBBAEEATQBDADAAQwBGAEEAcgBDAGEAQgBEAEMAMQBmAFcAcgAzADkAZQAwAHMANgBEAGYAbwBoAEYAUwBLAFAAcwAxAEEAaABVAEEAZwBVAC8AcgBLAG0AbABoAEkAegB4AHQAVwBzACsAZwBMAHAAVgA1AHAAYQA4ADIATABOAEEAQQA8AC8AQwBlAHIAdAA+ADwARQB4AHAAaQByAGUAZABUAGkAbQBlAD4AMgAwADEAMgAtADAAMgAtADAANgBUADEAMgA6ADEANgA6ADEAOQA8AC8ARQB4AHAAaQByAGUAZABUAGkAbQBlAD4APAAvAEMAZQByAHQASQBuAGYAbwA+AA==</Certificate></User></Data>
"

====== Ende von Suche ======

Hallo Rafael,
habe jetzt folgende Fehlermeldung beim scannen erhalten.

"Updates funktionieren nicht. Ist ein Proxy eingerichtet?"
Was muss ich jetzt machen?

Guten morgen, kann es sein das meine letzte Nachricht eventuell untergegangen ist? Ich komme mit dem scannen nicht weiter, wegen der Fehlermeldung.

burningice · 10.06.2016, 18:09

Meistens klappt es nach 1-2 simplen Neustarts und/oder erneutem Herunterladen wieder problemlos

Caroblue · 10.06.2016, 21:30

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=46a9f6008bb7674baa5ef0d96556e1d0
# end=init
# utc_time=2016-06-09 11:19:51
# local_time=2016-06-09 01:19:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=37126
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
Update Finalize
Updated modules version: 29744
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=46a9f6008bb7674baa5ef0d96556e1d0
# end=init
# utc_time=2016-06-10 05:37:24
# local_time=2016-06-10 07:37:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 29758
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=46a9f6008bb7674baa5ef0d96556e1d0
# end=updated
# utc_time=2016-06-10 05:38:48
# local_time=2016-06-10 07:38:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=46a9f6008bb7674baa5ef0d96556e1d0
# engine=29758
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-06-10 07:53:30
# local_time=2016-06-10 09:53:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Kaspersky Total Security'
# compatibility_mode=1304 16777213 100 100 216796 29810662 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 117977 19402553 0 0
# scanned=299201
# found=34
# cleaned=32
# scan_time=8082
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\All Users\Malwarebytes\ Malwarebytes Anti-Malware \iSafeNetFilter.sys-k.mbam"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\All Users\Malwarebytes\ Malwarebytes Anti-Malware \iSafeNetFilter.sys-u.mbam"
sh=523DED566E785E6CE03F9A0F1E9387CE22220A7C ft=1 fh=c71c0011c52e71be vn="Variante von Win32/Adware.CloudGuard.B Anwendung (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\DNS Unlocker\ConsoleApplication1.dll.vir"
sh=ADBC200F6EEABA9A36744339919BCA923ED9B16A ft=1 fh=c71c0011b7c271b9 vn="Variante von Win32/ELEX.HS evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\ProgramData\awinpa\WFini.exe.vir"
sh=CE55B1856A3C604B5315E194448FC2188FA2E569 ft=1 fh=c71c0011450b013c vn="Variante von Win32/ELEX.HX evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\ProgramData\awinpa\xtemp\mib.exe.vir"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\WINDOWS\SysNative\drivers\iSafeNetFilter.sys.vir"
sh=C577BA4033EA592A41A5E50BEFCA2098DC9121CC ft=1 fh=9be0728652813877 vn="Variante von Win32/Packed.NSISmod.R verdÃ¤chtige Datei (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\Program Files\3d4c000a04d89a4d691861923d3e00f8\185a19c9f926fa9d8c455bcb810deb50.exe"
sh=F678EA93DB0BD549C5D4C7824E398F2DE0CC31C9 ft=1 fh=4c8f3bdca1489cf7 vn="Variante von Win32/ELEX.BP evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen (nach dem nÃ¤chsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iImportLib.dll"
sh=BFC712282D22A4DC02D4594EC5AF71C790347E36 ft=1 fh=91d61e330d1da7f8 vn="Variante von Win32/ELEX.CC evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen (nach dem nÃ¤chsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlCall64.dll"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen (nach dem nÃ¤chsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeNetFilter.sys"
sh=A99A057031BE5E697F08A6B32F08D279C673DB78 ft=1 fh=bf29d5f4060d2337 vn="Variante von Win32/ELEX.CC evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen (nach dem nÃ¤chsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeRKScanShell64.dll"
sh=A340BA98EC7BA228D8E66AC55C47F6A0F0FCCBD2 ft=1 fh=92c69192d39a3ccb vn="Variante von Win32/ELEX.CC evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen (nach dem nÃ¤chsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll"
sh=EF7D28C86AEA03A9BB290B1AE376AFC038BFF65C ft=1 fh=6f4875cd36564c65 vn="Variante von Win32/ELEX.CS evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen (nach dem nÃ¤chsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSvc.dll"
sh=20C5E9E139DBB09A63B1641739A50B7F82E97EAE ft=1 fh=d50fd859e0be4c10 vn="Variante von Win32/ELEX.CQ evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen (nach dem nÃ¤chsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSvc2.dll"
sh=5AF0B98E324EB8D81F97EEE2D11E3F996B5C91F5 ft=1 fh=955761e6ce5527b5 vn="Variante von Win32/ELEX.CC evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen (nach dem nÃ¤chsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\ouilibx.dll"
sh=62182165AE6E611C1A59076BB40AA02C089EB760 ft=1 fh=485b3e1c719876ae vn="Variante von Win32/ELEX.DB evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen (nach dem nÃ¤chsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \iSafeNetFilter.sys-k.mbam"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \iSafeNetFilter.sys-u.mbam"
sh=56C1908CBC0DE68EA4896A99C30DCA6F894C7D65 ft=1 fh=a1273a17b88e6a2a vn="Variante von Win32/ELEX.IC evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\Users\lucted\AppData\Local\Temp\istD5F2.tmp\tools\wzp\eUpgrade\eupgrade.exe"
sh=629619A3A54198ECBB99038D9423A88D1592E6F1 ft=1 fh=9c54cde5fe3020f0 vn="Variante von Win32/ELEX.IC evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\Users\lucted\AppData\Local\Temp\istD5F2.tmp\tools\wzp\OmigaZip_patch\winziper.exe"
sh=5F9FC152547007EB88CD4BBDDF3786EE92FDD87A ft=1 fh=d686fe28f8e3c80e vn="Variante von Win32/ELEX.HU evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\Users\lucted\AppData\Local\Temp\istD5F2.tmp\tools\wzp\OmigaZip_patch\winzipersvc.exe"
sh=B56591832EBB1FCB8417BA6E0619A60670C6B088 ft=1 fh=9289bff57409798f vn="Variante von Win32/ELEX.IH evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\Users\lucted\AppData\Local\Temp\istD5F2.tmp\tools\wzp\OmigaZip_patch\wzdl.exe"
sh=D7A39A84A81E1C5EAB6B9CE019C7D1173B156FBE ft=1 fh=e41d7fa28bf500b2 vn="Variante von Win32/ELEX.IC evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\Users\lucted\AppData\Local\Temp\istD5F2.tmp\tools\wzp\OmigaZip_patch\wzUninstall.exe"
sh=5F9E91B38E3622F69CA776F34255735794918574 ft=1 fh=917e71d6619d64f4 vn="Variante von Win32/ELEX.HW evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\Users\lucted\AppData\Local\Temp\istD5F2.tmp\tools\wzp\OmigaZip_patch\wzUpg.exe"
sh=2A479117E8D4FA069EF5271CB37EDDF6C314F7E3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com\chrome\content\toolbar.js"
sh=CD58E8AF0F578E66C616C8DCDC4A26B498A2208C ft=1 fh=905c6d65df2844f3 vn="Win32/SoftonicDownloader.E evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\Users\lucted\Downloads\COMPUTER_BILD_Download_Manager_fuer_euchler-haushaltsbuch.exe"
sh=CB7DD53F5495D977BB89F7DF77924FC314397E8C ft=1 fh=af24f1c2402b553b vn="Variante von MSIL/383Media.A evtl. unerwÃ¼nschte Anwendung (gelÃ¶scht)" ac=C fn="C:\Users\lucted\Downloads\Driverwhiz.exe"
sh=63EC29027CDDBC3361B2D658CAEDF21A13200705 ft=1 fh=f33f0f78ed1e7101 vn="Variante von Win32/InstallCore.AHS evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\Users\lucted\Downloads\JavaSetup(1).exe"
sh=96EF2D43E2C3CC7524FBAF84C4E7903093600D5A ft=1 fh=5f7e2854144fe522 vn="Variante von Win32/InstallCore.AFF.gen evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\Users\lucted\Downloads\JavaSetup.exe"
sh=ACE547CB4890417D4BEAA870433A673BBFBD66A8 ft=1 fh=0a700108666a1180 vn="Win32/SoftonicDownloader.E evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\Users\lucted\Downloads\SoftonicDownloader_fuer_chatflow.exe"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen (nach dem nÃ¤chsten Neustart))" ac=C fn="C:\Windows\System32\drivers\iSafeNetFilter.sys"
sh=B702A593F93147F4F1CAEBF3554E367BE8788A26 ft=1 fh=77fb28f89c4b04ed vn="Variante von Win32/Kryptik.CD Trojaner (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\Windows\Temp\WAXCD73.tmp"
sh=A9F6A3299D8E5A8B0F8F18915521C8B3E7C9F864 ft=1 fh=a874d3fc82897e2d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwÃ¼nschte Anwendung (gelÃ¶scht)" ac=C fn="D:\TOOLS\Medion MediaPack\medion_mediapack_2_ext.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/ELEX.BP evtl. unerwÃ¼nschte Anwendung (gelÃ¶scht (nach dem nÃ¤chsten Neustart))" ac=C fn="${Memory}"

Caroblue · 12.06.2016, 08:22

Hallo, ist mein PC jetzt gesäubert? Kann ich jetzt wieder Kaspersky Installieren? Brauche dringend meinen PC um Online dinge zu erledigen.
lg Caroblue

burningice · 12.06.2016, 11:55

Schritt: 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]
Task: {0AE78D91-A7DE-4F65-A9CD-E369C3479F09} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {319EB23E-559C-4E9E-9F0B-AAFDA9B7421D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {4AFB5D0A-7DF4-46BE-A82E-5241D88C8C60} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {75230950-0B37-4462-B7BA-CA2735954A56} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {7A6B14B7-677B-4BD6-917D-DC58503BCBFF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {7B04EE90-A8D1-4A8A-A32B-B09B2F6C57D1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {7E6C1EA1-F6F2-41F3-BD59-51B43EA13E44} - System32\Tasks\jIxmRfRBrowserUpdateUA => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: {887344DF-D754-4FF4-8651-860705AE50A3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {8CFCAFD0-C275-46BC-A536-D43A3EE24B92} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {97EAAE54-1A62-46E4-B3AA-F891A2C3005A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {B6D99E2F-9D9F-4969-9B47-65031077E91C} - System32\Tasks\irMonitor => C:\Windows\system32 [2016-06-08] ()
Task: {BEB05DFD-8F3D-4045-B1A5-BF088E87EF92} - System32\Tasks\jIxmRfRCheckTask => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: {DF49E67D-237B-4E9C-BE76-38CBDCA26153} - System32\Tasks\jIxmRfRBrowserUpdateCore => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: {E729A9E5-95D1-4339-8989-78C278042C83} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {FFDF00CD-C356-471E-BF42-9F6DAA5DFD8E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: C:\WINDOWS\Tasks\jIxmRfRBrowserUpdateCore.job => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\jIxmRfRCheckTask.job => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
C:\Program Files (x86)\Elex-tech
C:\Program Files (x86)\jIxmRfR
FirewallRules: [{89C3D9B3-C937-47C6-B68D-4B98A106A023}] => (Allow) C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe
FirewallRules: [{A4F0DB59-7443-437E-9FA6-5308DE692F5C}] => (Allow) C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe
FirewallRules: [{68096047-A42E-4D7A-A3D4-F57FF681E452}] => (Allow) C:\ProgramData\jIxmRfR\protect\protect.exe
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> DefaultScope {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL = 
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL = 
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL = 
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL = 
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Keine Datei
FF DefaultSearchEngine: v9
FF SelectedSearchEngine: v9
FF Keyword.URL: undefined://undefined/
CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2q4oabfe0m8m3c7b&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nice
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-05-24] (Elex do Brasil Participações Ltda)
S2 jIxmRfR_protect; "C:\ProgramData\jIxmRfR\protect\protect.exe" [X]
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-24] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda)
2016-06-08 09:32 - 2016-06-08 09:32 - 00000000 ____D C:\Users\lucted\AppData\Roaming\Elex-tech
2016-06-01 08:40 - 2016-06-01 08:40 - 00000000 ____D C:\Program Files (x86)\TXQQBrowser
2016-05-22 17:32 - 2016-05-22 17:32 - 00000000 ____D C:\Program Files\3d4c000a04d89a4d691861923d3e00f8
2016-05-22 17:31 - 2016-05-22 17:31 - 00079944 _____ C:\WINDOWS\system32\Drivers\9bbd853a1cc743e00bcc1b20a5622ae6.sys
2016-05-24 13:47 - 2016-03-26 10:41 - 00000000 ____D C:\Program Files\43479b7a0f48684bb2a08ceca5cd1e79
2016-05-22 17:31 - 2016-03-24 07:07 - 00649728 _____ C:\WINDOWS\185a19c9f926fa9d8c455bcb810deb50.exe
cmd: dir "C:\Program Files (x86)"
cmd: dir "C:\Program Files"

emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt: 2
Verwende das Kaspersky Removal Tool, weil du immer noch eine unvollständige Installation auf dem PC hast
Download: http://media.kaspersky.com/utilities...s/kavremvr.exe

Schritt: 3
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

Caroblue · 12.06.2016, 22:01

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
durchgeführt von lucted (2016-06-12 22:27:30) Run:1
Gestartet von C:\Users\lucted\Trojaner-Board#\FRST-OlderVersion
Geladene Profile: UpdatusUser & lucted (Verfügbare Profile: UpdatusUser & lucted & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]
Task: {0AE78D91-A7DE-4F65-A9CD-E369C3479F09} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {319EB23E-559C-4E9E-9F0B-AAFDA9B7421D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {4AFB5D0A-7DF4-46BE-A82E-5241D88C8C60} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {75230950-0B37-4462-B7BA-CA2735954A56} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {7A6B14B7-677B-4BD6-917D-DC58503BCBFF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {7B04EE90-A8D1-4A8A-A32B-B09B2F6C57D1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {7E6C1EA1-F6F2-41F3-BD59-51B43EA13E44} - System32\Tasks\jIxmRfRBrowserUpdateUA => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: {887344DF-D754-4FF4-8651-860705AE50A3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {8CFCAFD0-C275-46BC-A536-D43A3EE24B92} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {97EAAE54-1A62-46E4-B3AA-F891A2C3005A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {B6D99E2F-9D9F-4969-9B47-65031077E91C} - System32\Tasks\irMonitor => C:\Windows\system32 [2016-06-08] ()
Task: {BEB05DFD-8F3D-4045-B1A5-BF088E87EF92} - System32\Tasks\jIxmRfRCheckTask => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: {DF49E67D-237B-4E9C-BE76-38CBDCA26153} - System32\Tasks\jIxmRfRBrowserUpdateCore => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: {E729A9E5-95D1-4339-8989-78C278042C83} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {FFDF00CD-C356-471E-BF42-9F6DAA5DFD8E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: C:\WINDOWS\Tasks\jIxmRfRBrowserUpdateCore.job => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\jIxmRfRCheckTask.job => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
C:\Program Files (x86)\Elex-tech
C:\Program Files (x86)\jIxmRfR
FirewallRules: [{89C3D9B3-C937-47C6-B68D-4B98A106A023}] => (Allow) C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe
FirewallRules: [{A4F0DB59-7443-437E-9FA6-5308DE692F5C}] => (Allow) C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe
FirewallRules: [{68096047-A42E-4D7A-A3D4-F57FF681E452}] => (Allow) C:\ProgramData\jIxmRfR\protect\protect.exe
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> DefaultScope {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL = 
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL = 
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL = 
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL = 
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Keine Datei
FF DefaultSearchEngine: v9
FF SelectedSearchEngine: v9
FF Keyword.URL: undefined://undefined/
CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2q4oabfe0m8m3c7b&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nice
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-05-24] (Elex do Brasil Participações Ltda)
S2 jIxmRfR_protect; "C:\ProgramData\jIxmRfR\protect\protect.exe" [X]
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-24] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda)
2016-06-08 09:32 - 2016-06-08 09:32 - 00000000 ____D C:\Users\lucted\AppData\Roaming\Elex-tech
2016-06-01 08:40 - 2016-06-01 08:40 - 00000000 ____D C:\Program Files (x86)\TXQQBrowser
2016-05-22 17:32 - 2016-05-22 17:32 - 00000000 ____D C:\Program Files\3d4c000a04d89a4d691861923d3e00f8
2016-05-22 17:31 - 2016-05-22 17:31 - 00079944 _____ C:\WINDOWS\system32\Drivers\9bbd853a1cc743e00bcc1b20a5622ae6.sys
2016-05-24 13:47 - 2016-03-26 10:41 - 00000000 ____D C:\Program Files\43479b7a0f48684bb2a08ceca5cd1e79
2016-05-22 17:31 - 2016-03-24 07:07 - 00649728 _____ C:\WINDOWS\185a19c9f926fa9d8c455bcb810deb50.exe
cmd: dir "C:\Program Files (x86)"
cmd: dir "C:\Program Files"

emptytemp:
*****************

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000022), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe => konnte nicht entfernt werdenSchlüssel.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AE78D91-A7DE-4F65-A9CD-E369C3479F09}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AE78D91-A7DE-4F65-A9CD-E369C3479F09}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{319EB23E-559C-4E9E-9F0B-AAFDA9B7421D}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{319EB23E-559C-4E9E-9F0B-AAFDA9B7421D}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AFB5D0A-7DF4-46BE-A82E-5241D88C8C60}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AFB5D0A-7DF4-46BE-A82E-5241D88C8C60}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75230950-0B37-4462-B7BA-CA2735954A56}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75230950-0B37-4462-B7BA-CA2735954A56}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A6B14B7-677B-4BD6-917D-DC58503BCBFF}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A6B14B7-677B-4BD6-917D-DC58503BCBFF}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B04EE90-A8D1-4A8A-A32B-B09B2F6C57D1}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B04EE90-A8D1-4A8A-A32B-B09B2F6C57D1}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E6C1EA1-F6F2-41F3-BD59-51B43EA13E44}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E6C1EA1-F6F2-41F3-BD59-51B43EA13E44}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\jIxmRfRBrowserUpdateUA => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\jIxmRfRBrowserUpdateUA" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{887344DF-D754-4FF4-8651-860705AE50A3}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{887344DF-D754-4FF4-8651-860705AE50A3}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8CFCAFD0-C275-46BC-A536-D43A3EE24B92}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CFCAFD0-C275-46BC-A536-D43A3EE24B92}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97EAAE54-1A62-46E4-B3AA-F891A2C3005A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97EAAE54-1A62-46E4-B3AA-F891A2C3005A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B6D99E2F-9D9F-4969-9B47-65031077E91C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6D99E2F-9D9F-4969-9B47-65031077E91C}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\irMonitor => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\irMonitor" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BEB05DFD-8F3D-4045-B1A5-BF088E87EF92}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEB05DFD-8F3D-4045-B1A5-BF088E87EF92}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\jIxmRfRCheckTask => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\jIxmRfRCheckTask" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF49E67D-237B-4E9C-BE76-38CBDCA26153}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF49E67D-237B-4E9C-BE76-38CBDCA26153}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\jIxmRfRBrowserUpdateCore => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\jIxmRfRBrowserUpdateCore" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E729A9E5-95D1-4339-8989-78C278042C83}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E729A9E5-95D1-4339-8989-78C278042C83}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFDF00CD-C356-471E-BF42-9F6DAA5DFD8E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFDF00CD-C356-471E-BF42-9F6DAA5DFD8E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => Schlüssel erfolgreich entfernt
C:\WINDOWS\Tasks\jIxmRfRBrowserUpdateCore.job => erfolgreich verschoben
C:\WINDOWS\Tasks\jIxmRfRCheckTask.job => erfolgreich verschoben

"C:\Program Files (x86)\Elex-tech" Ordner verschieben:

Konnte nicht verschoben werden "C:\Program Files (x86)\Elex-tech" => ist geplant bei Neustart verschoben zu werden.

"C:\Program Files (x86)\jIxmRfR" => nicht gefunden.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{89C3D9B3-C937-47C6-B68D-4B98A106A023} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4F0DB59-7443-437E-9FA6-5308DE692F5C} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{68096047-A42E-4D7A-A3D4-F57FF681E452} => Wert erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Fehler beim Setzen des Wertes
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Schlüssel konnte nicht entfernt werden.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Fehler beim Setzen des Wertes
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Schlüssel konnte nicht entfernt werden.
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Schlüssel nicht gefunden. 
HKU\S-1-5-21-689365640-92009327-2566536619-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
HKU\S-1-5-21-689365640-92009327-2566536619-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4BB7C960-1C70-484C-B979-2CCADBE00A6F} => Schlüssel konnte nicht entfernt werden.
HKCR\CLSID\{4BB7C960-1C70-484C-B979-2CCADBE00A6F} => Schlüssel nicht gefunden. 
HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert nicht gefunden.
HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4BB7C960-1C70-484C-B979-2CCADBE00A6F} => Schlüssel nicht gefunden. 
HKCR\CLSID\{4BB7C960-1C70-484C-B979-2CCADBE00A6F} => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Schlüssel erfolgreich entfernt
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Schlüssel erfolgreich entfernt
Firefox DefaultSearchEngine erfolgreich entfernt
Firefox SelectedSearchEngine erfolgreich entfernt
Firefox "Keyword.URL" erfolgreich entfernt
Chrome DefaultSearchURL => erfolgreich entfernt
Chrome DefaultSearchKeyword => erfolgreich entfernt
iSafeService => Dienst konnte nicht gestoppt werden.
iSafeService => Dienst konnte nicht entfernt werden
jIxmRfR_protect => Dienst erfolgreich entfernt
iSafeKrnl => Dienst konnte nicht gestoppt werden.
iSafeKrnl => Dienst konnte nicht entfernt werden
iSafeKrnlKit => Dienst konnte nicht entfernt werden
iSafeKrnlMon => Dienst konnte nicht gestoppt werden.
iSafeKrnlMon => Dienst erfolgreich entfernt
iSafeKrnlR3 => Dienst konnte nicht gestoppt werden.
iSafeKrnlR3 => Dienst konnte nicht entfernt werden
iSafeNetFilter => Dienst konnte nicht entfernt werden

"C:\Users\lucted\AppData\Roaming\Elex-tech" Ordner verschieben:

Konnte nicht verschoben werden "C:\Users\lucted\AppData\Roaming\Elex-tech" => ist geplant bei Neustart verschoben zu werden.

C:\Program Files (x86)\TXQQBrowser => erfolgreich verschoben
C:\Program Files\3d4c000a04d89a4d691861923d3e00f8 => erfolgreich verschoben
C:\WINDOWS\system32\Drivers\9bbd853a1cc743e00bcc1b20a5622ae6.sys => erfolgreich verschoben
C:\Program Files\43479b7a0f48684bb2a08ceca5cd1e79 => erfolgreich verschoben
C:\WINDOWS\185a19c9f926fa9d8c455bcb810deb50.exe => erfolgreich verschoben

=========  dir "C:\Program Files (x86)" =========

 Datentr�ger in Laufwerk C: ist Boot
 Volumeseriennummer: 9604-B995

 Verzeichnis von C:\Program Files (x86)

12.06.2016  22:28    <DIR>          .
12.06.2016  22:28    <DIR>          ..
29.03.2016  09:37    <DIR>          Adobe
18.08.2011  16:47    <DIR>          AMI
10.08.2011  21:33    <DIR>          Cisco
08.06.2016  09:16    <DIR>          Common Files
18.12.2011  00:09    <DIR>          Corel
17.08.2011  14:35    <DIR>          CyberLink
26.12.2011  14:33    <DIR>          Deutsche Telekom
18.08.2011  16:24    <DIR>          Dolby Advanced Audio v2
21.04.2016  13:25    <DIR>          Elex-tech
18.12.2011  00:08    <DIR>          Google
30.03.2016  18:21    <DIR>          Hewlett-Packard
30.03.2016  18:21    <DIR>          HP
06.01.2016  13:43    <DIR>          Intel
11.10.2015  14:13    <DIR>          Intel Corporation
15.05.2016  14:14    <DIR>          Internet Explorer
12.12.2014  12:49    <DIR>          Java
07.06.2016  10:44    <DIR>          Kaspersky Lab
17.08.2011  14:14    <DIR>          Launch Manager
10.08.2011  23:02    <DIR>          Medion MediaPack 2
24.12.2014  15:59    <DIR>          Microsoft Office
18.01.2016  14:41    <DIR>          Microsoft Silverlight
24.12.2014  15:31    <DIR>          Microsoft SkyDrive
10.08.2011  18:48    <DIR>          Microsoft SQL Server Compact Edition
06.01.2016  13:43    <DIR>          Microsoft.NET
21.03.2016  11:57    <DIR>          Mozilla Firefox
21.03.2016  11:57    <DIR>          Mozilla Maintenance Service
06.01.2016  13:10    <DIR>          MSBuild
10.08.2011  17:29    <DIR>          MSXML 4.0
06.01.2016  13:43    <DIR>          NVIDIA Corporation
19.08.2011  01:09    <DIR>          Realtek
06.01.2016  13:10    <DIR>          Reference Assemblies
01.01.2013  11:29    <DIR>          Samsung
27.07.2013  21:45    <DIR>          Sony
27.07.2013  21:49    <DIR>          Sony Ericsson
31.01.2015  23:17    <DIR>          Sony Media Go Install
26.12.2011  14:32    <DIR>          T-Online
10.08.2011  21:46    <DIR>          Texas Instruments Inc
04.09.2015  14:34    <DIR>          TomTom International B.V
04.01.2012  15:33    <DIR>          usenet
18.12.2011  00:08    <DIR>          watchmi
30.10.2015  20:35    <DIR>          Windows Defender
10.08.2011  18:50    <DIR>          Windows Live
06.01.2016  13:43    <DIR>          Windows Mail
30.10.2015  20:35    <DIR>          Windows Media Player
18.03.2016  21:41    <DIR>          Windows Multimedia Platform
30.10.2015  09:24    <DIR>          Windows NT
30.10.2015  20:35    <DIR>          Windows Photo Viewer
18.03.2016  21:41    <DIR>          Windows Portable Devices
               0 Datei(en),              0 Bytes
              50 Verzeichnis(se), 614.259.970.048 Bytes frei

========= Ende von CMD: =========


=========  dir "C:\Program Files" =========

 Datentr�ger in Laufwerk C: ist Boot
 Volumeseriennummer: 9604-B995

 Verzeichnis von C:\Program Files

12.06.2016  22:28    <DIR>          .
12.06.2016  22:28    <DIR>          ..
06.01.2016  13:43    <DIR>          Common Files
11.10.2015  14:13    <DIR>          DVD Maker
06.01.2016  13:35    <DIR>          FSP
18.12.2011  00:08    <DIR>          Google
11.10.2015  14:13    <DIR>          Intel
15.05.2016  14:14    <DIR>          Internet Explorer
06.01.2016  13:43    <DIR>          Microsoft Games
18.12.2011  00:11    <DIR>          Microsoft Mathematics
27.05.2016  09:48    <DIR>          Microsoft Office 15
18.01.2016  14:41    <DIR>          Microsoft Silverlight
06.01.2016  13:10    <DIR>          MSBuild
06.01.2016  13:36    <DIR>          NVIDIA Corporation
18.12.2011  00:11    <DIR>          PlayReady
06.01.2016  13:35    <DIR>          Realtek
06.01.2016  13:10    <DIR>          Reference Assemblies
11.10.2015  14:13    <DIR>          Synaptics
30.10.2015  20:35    <DIR>          Windows Defender
15.05.2016  14:14    <DIR>          Windows Journal
10.08.2011  18:42    <DIR>          Windows Live
06.01.2016  13:43    <DIR>          Windows Mail
18.03.2016  21:41    <DIR>          Windows Media Player
18.03.2016  21:41    <DIR>          Windows Multimedia Platform
06.01.2016  14:10    <DIR>          Windows NT
30.10.2015  20:35    <DIR>          Windows Photo Viewer
18.03.2016  21:41    <DIR>          Windows Portable Devices
               0 Datei(en),              0 Bytes
              27 Verzeichnis(se), 614.259.957.760 Bytes frei

========= Ende von CMD: =========

EmptyTemp: => 1.3 GB temporäre Dateien entfernt.

Ergebnis der geplanten Datei-Verschiebungen (Start-Modus: Normal) (Datum&Uhrzeit: 2016-06-12 22:35:45)

C:\Program Files (x86)\Elex-tech => ist erfolgreich verschoben
C:\Users\lucted\AppData\Roaming\Elex-tech => ist erfolgreich verschoben

==== Ende von Fixlog 22:35:46 ====

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016 01
durchgeführt von lucted (Administrator) auf LUCTED-PC (12-06-2016 22:50:54)
Gestartet von C:\Users\lucted\Trojaner-Board#\FRST-OlderVersion
Geladene Profile: UpdatusUser & lucted (Verfügbare Profile: UpdatusUser & lucted & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\System32\FspService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Geek Software GmbH) C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6319440 2015-05-29] (Sentelic Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12661352 2011-08-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [LMgrOSD] => "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe"
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe [221216 2015-11-18] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-18] (Google Inc.)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-12-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2010-12-02]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{03825670-e143-4a1c-9d66-6b83c604caab}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{5327d1c1-1dac-4479-9385-c34c11de559b}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-12] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-12] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF DefaultSearchEngine: v9
FF SelectedSearchEngine: v9
FF Homepage: hxxp://www.web.de/
FF Keyword.URL: undefined://undefined/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-689365640-92009327-2566536619-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lucted\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-06-06] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js [2016-06-08]
FF user.js: detected! => C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2016-06-08]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\englische-ergebnisse.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\gmx-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\lastminute.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\webde-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\englische-ergebnisse.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\gmx-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\lastminute.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\webde-suche.xml [2013-03-22]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\browser-mailcheck@web.de [2016-03-26]
FF Extension: xRocket Toolbar - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com [2016-05-09] [ist nicht signiert]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\Extensions\browser-mailcheck@web.de [2016-03-26]
FF Extension: GsearchFinder - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-24]
FF Extension: Gooding Toolbar - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\gooding-toolbar@gooding.de.xpi [2016-04-09]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-03-19] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2q4oabfe0m8m3c7b&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nice
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Keine Datei
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => Keine Datei
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-21]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
R2 FspSvc; C:\Windows\System32\FspService.exe [2178896 2015-05-29] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] () [Datei ist nicht signiert]
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] () [Datei ist nicht signiert]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)
S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [209232 2015-05-29] (Sentelic Corporation)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2011-08-10] (ITE                      )
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; kein ImagePath
S1 iSafeKrnl; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [X]
S1 iSafeKrnlKit; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [X]
S1 iSafeKrnlR3; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-12 22:41 - 2016-06-12 22:41 - 12819016 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\kavremvr.exe
2016-06-08 08:39 - 2016-06-08 09:16 - 00000000 ____D C:\AdwCleaner
2016-06-08 07:53 - 2016-06-08 14:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-08 07:52 - 2016-06-08 07:52 - 00000919 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\Benutzer
2016-06-08 07:52 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-08 07:52 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-08 07:52 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-08 07:49 - 2016-06-08 07:49 - 00001653 _____ C:\Users\lucted\Desktop\mbam-setup-2.2.1.1043.exe - Verknüpfung.lnk
2016-06-07 14:48 - 2016-06-07 14:48 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-06-07 14:37 - 2016-06-07 15:03 - 00822490 _____ C:\TDSSKiller.3.1.0.9_07.06.2016_14.37.08_log.txt
2016-06-07 13:07 - 2016-06-12 22:50 - 00000000 ____D C:\FRST
2016-06-07 12:27 - 2016-06-12 22:25 - 00000000 ____D C:\Users\lucted\Trojaner-Board#
2016-06-07 10:41 - 2016-06-07 10:42 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994(1).exe
2016-06-06 22:44 - 2016-06-06 23:00 - 00000000 ____D C:\KVRT_Data
2016-06-06 22:43 - 2016-06-06 22:43 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (3).exe
2016-06-06 22:40 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (2).exe
2016-06-06 22:39 - 2016-06-06 22:44 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT.exe
2016-06-06 22:39 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (1).exe
2016-06-06 22:30 - 2016-06-06 22:33 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994.exe
2016-06-06 22:17 - 2016-06-06 22:27 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-27 10:29 - 2016-05-27 10:29 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-05-22 19:17 - 2016-05-22 19:17 - 00004336 _____ C:\Users\lucted\Downloads\MitteilungForm(1).pdf
2016-05-22 19:12 - 2016-05-22 19:12 - 00004394 _____ C:\Users\lucted\Downloads\MitteilungForm.pdf
2016-05-20 17:10 - 2016-05-20 17:10 - 00036153 _____ C:\Users\lucted\Downloads\Kontoumsaetze_848_031412000_20160520_171027.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-12 22:47 - 2011-12-18 00:08 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-12 22:46 - 2012-12-05 19:45 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-12 22:45 - 2016-01-06 14:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-12 22:45 - 2016-01-06 13:36 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-12 22:44 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-06-12 22:44 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-06-12 22:44 - 2012-01-19 23:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-12 22:43 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-12 22:43 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-12 22:41 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-12 22:41 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-12 22:41 - 2011-12-18 00:08 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-12 22:28 - 2016-03-21 17:07 - 00000000 ____D C:\Users\lucted\AppData\LocalLow\Temp
2016-06-12 22:23 - 2015-12-28 14:36 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{845ECAD7-6284-46CB-831F-F26619A16307}
2016-06-10 19:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-08 09:17 - 2016-04-21 13:26 - 00000000 ____D C:\WINDOWS\system32\log
2016-06-08 09:17 - 2016-03-26 10:41 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-06-08 07:47 - 2011-12-18 00:08 - 00002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 07:47 - 2011-12-18 00:08 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-07 12:27 - 2016-01-06 13:40 - 00000000 ____D C:\Users\lucted
2016-06-06 22:17 - 2014-05-17 20:56 - 597610651 _____ C:\WINDOWS\MEMORY.DMP
2016-05-27 12:34 - 2016-04-21 13:26 - 00002179 _____ C:\Users\lucted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-27 09:49 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-27 09:48 - 2014-12-24 15:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-24 18:41 - 2015-12-30 14:28 - 00000000 ____D C:\Users\lucted\Documents\Carola DAK
2016-05-20 18:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-20 17:20 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-19 07:26 - 2015-09-10 07:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-15 14:14 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-15 14:13 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-15 11:54 - 2013-07-14 22:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-15 11:31 - 2011-08-10 17:28 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-13 08:44 - 2015-10-11 14:37 - 00000000 ____D C:\Users\lucted\AppData\Local\Packages

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-03-18 21:30 - 2012-03-18 21:30 - 0017408 _____ () C:\Users\lucted\AppData\Local\WebpageIcons.db
2015-12-28 14:29 - 2016-03-30 18:12 - 0002385 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-06-06 20:32

==================== Ende von FRST.txt ===========================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
durchgeführt von lucted (2016-06-12 22:52:26)
Gestartet von C:\Users\lucted\Trojaner-Board#\FRST-OlderVersion
Windows 10 Home Version 1511 (X64) (2016-01-06 12:10:54)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-689365640-92009327-2566536619-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-689365640-92009327-2566536619-503 - Limited - Disabled)
Gast (S-1-5-21-689365640-92009327-2566536619-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-689365640-92009327-2566536619-1005 - Limited - Enabled)
lucted (S-1-5-21-689365640-92009327-2566536619-1001 - Administrator - Enabled) => C:\Users\lucted
UpdatusUser (S-1-5-21-689365640-92009327-2566536619-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMI VR-pulse OS Switcher (HKLM\...\{69A90894-D54A-4657-8172-6B0FCE93414E}) (Version: 1.2 - American Megatrends Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2414 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.0.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4020 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2930.52 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.3503 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.5 - Sentelic)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet J4500 Series 14.0 Rel. 6 (HKLM\...\{EACF146B-01D2-4185-B773-9604A0E5902A}) (Version: 14.0 - HP)
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IT9130 Driver v11.4.26.1 (HKLM-x32\...\IT9130 DriverInstaller_11.4.26.1) (Version:  - )
J4500 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.4 - Wistron Corp.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2608 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional 2013 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 269.24 - NVIDIA Corporation)
NVIDIA Graphics Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 269.24 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
PDF24 Creator 7.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.8.201307151333 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
Telekom Fotoservice (HKLM-x32\...\Telekom Fotoservice) (Version:  - )
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM-x32\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VR-pulse Installer (HKLM\...\{E3725525-DE3E-48C1-9B81-D5FF1BFA23BC}) (Version: 1.4.0 - American Megatrends Inc.)
watchmi (HKLM-x32\...\{AA4D1C5E-116A-4FF4-AA91-28F526868203}) (Version: 2.5.0 - Axel Springer Digital TV Guide GmbH)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ACHTUNG

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04BCB11B-17F1-4955-9C00-69977B36C809} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {117783BD-65A6-4DC1-9E57-4D81CD732B70} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {197BFA21-9421-417A-A970-70146ABD8F06} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {2175C1B2-482A-4A54-BB55-0CDD42FCACD7} - System32\Tasks\{F1346FE0-48B9-405C-B428-32C2807A08ED} => Chrome.exe 
Task: {282EB8E8-1E85-4C65-8674-346BAA7E4F34} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2B86DFC6-EB5D-4BD8-8398-CA427629B14B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {44B93389-5249-4E2B-A9B5-3D65E2BFAC17} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {471E3170-56D4-4523-86A6-1464157ACD0A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5057AEF1-568D-4FBC-AC9E-4A78E653BFA6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {62A99E50-A0D9-4911-8AF5-1C78217849C2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {62F1DEF1-2EE7-46AC-9183-887B0B9A4311} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {63C3E556-7059-4370-9A2A-470323E2C382} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {670DEE14-CBDC-42E9-91D0-0552EE63E821} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6A11C2BB-548A-4972-B321-955CC4F3952E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {6D585D27-5627-4974-BE14-99479A641455} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6E491ED6-FE8B-4B32-BF70-135C535CF8BE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {79523EC8-DECC-43B3-AA31-7B484566FFEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {7B995869-C825-446D-8392-BEB8EAD525B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {8C3D5683-CCAD-40F5-9375-5E6E1C5DDD73} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-15] (Microsoft Corporation)
Task: {962D96D8-D3AC-4B8E-98AE-A1E01A0E23A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {980027FC-1320-46C9-8285-64016C8A1EDC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {9B6E932B-A2D6-47F1-AA14-73C659390FEB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {ABB5E909-9D2C-47F4-9D50-CDE3BB3B99C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {C921D49D-10A4-4118-A3F9-3CF0397FB61A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D0DC9FC0-A8BF-49B3-89FD-EE03766974EF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {DEE673F8-F516-4176-963D-56B3DE107736} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DF2F5D2A-F185-46FA-9084-4DC72EA2D69D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {EA754882-3285-4AAC-834C-D4D4E2B6A4B4} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {F7E02F74-F9B2-404B-9F09-BF7D0D44E431} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {FA04D949-46B9-4BC1-A25D-12C4EBBDFDCC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FA059BAD-6409-4CF3-AEF4-B1A8C3BFBD8C} - System32\Tasks\{400F534C-CAAB-4BDF-87FF-62FCA9FD66B8} => Chrome.exe 
Task: {FDB06D6C-0F7A-4090-8C38-2EE877AAFA29} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONhome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONplay.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de/electronics/cat/MEDIONplay/gaming_browsergames_88 --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Blumen Service.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www1.aldi-blumenservice.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Reisen.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://nord.aldi-reisen.de/html_nord --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Startseite.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.aldi-essen.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Talk.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medionmobile.de --disable-quic

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-06 13:36 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-29 07:29 - 2015-05-29 07:29 - 02178896 _____ () C:\Windows\System32\FspService.exe
2014-12-25 20:49 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-17 14:26 - 2010-12-14 11:39 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-06 16:43 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 10:25 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 10:26 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 10:27 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-27 21:45 - 2015-06-10 11:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 01070080 _____ () C:\Program Files (x86)\watchmi\TvdTray.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2016-01-06 13:43 - 2016-01-06 13:43 - 00061952 _____ () C:\WINDOWS\assembly\GAC_MSIL\Tvd.Remote\2.5.0.5__f722db7bec59a14b\Tvd.Remote.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2013-07-27 21:45 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-07-27 21:45 - 2015-10-20 18:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00074272 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\zlib.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00052256 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\OperationUI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-689365640-92009327-2566536619-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C59151D1-7438-4CDC-876A-DB62AD37122E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E7067E1E-E8E1-4432-ABBA-8782D7AB663C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EE6A52BE-2D30-4997-A0D7-A23E594417F3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3FCF51C9-F2DB-47AB-8D72-AEC83275C08F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{32898F3D-8893-43B8-9BFA-0064D4085B27}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{820AEF7B-8D24-46AE-AFA1-6A90FFBE946B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{35320FA6-CBBB-4579-9515-59091B8A7C28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{5B9439B8-3BA7-4E0B-9983-8A089882248B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{58F29F08-83AF-4CCD-BDD0-929A86F366D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{986D1FD6-5279-4E3D-A63D-C85DC1FE7B1D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{39E89A1C-E0E7-4F2A-A537-6CF75B0B6F47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{3FA40793-3956-4AD1-B6D2-03FDCB040C68}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FA692561-CD09-4CB8-B535-6D45719D3374}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E7DAA948-9C3F-4104-BC8D-619C8F1D29A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{78A5C2F7-533F-4548-9CE2-E72263131BD9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{1DAFD66C-B77E-422B-90C1-14DC7ABE36C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{669D6B49-D269-423F-AC57-0BB6E1E48C80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{C9AA2C88-29A5-4104-B366-EFD59E2BD98B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F614D191-EA5E-449E-9505-C7A3EC2C44F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9C9EC504-17B1-4C47-BB36-FCF5E3D2E86C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AF6B72BA-D090-40DF-98EB-F86E0F449231}] => (Allow) LPort=2869
FirewallRules: [{E837ABE2-F877-4178-8B2E-2D30E71331C3}] => (Allow) LPort=1900
FirewallRules: [{78415ED0-ED22-46B5-8CF6-6330A38D9667}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{98730647-519B-40EA-AE33-AA5CB53581C6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C5686880-17D2-4944-9F78-78EFE22B0A7C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6F384575-BDEB-47D8-A16B-04950A53FF09}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{AEBF5336-40F2-45D9-8748-06C8EAB61AF2}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{51E9A207-6589-4FC7-9C95-4C2EB8644335}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{AD026405-E962-4384-B5E3-5E989E8CB3AE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{64B140A0-8BFF-409B-876B-DB99F0A4B6CC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{083DB4A0-AF82-4EEF-9414-77E8D4A89D91}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{CA6BC9E5-E136-433B-A373-844BFD421588}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{73EEFB9D-525E-4777-AEA6-36E5F61E7344}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{05D77498-21A2-46B7-9385-1DBBD1C342B3}] => (Allow) C:\Users\lucted\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{177BC7C4-05B2-49F0-B9BF-BA9190DCFCBB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{4D74C715-7AA0-47A7-816E-16C37BC869E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C10B5C9-42EE-4B9B-A629-699482688139}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37079CCD-0E6D-4D78-9DFA-613DC7B7BC57}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F544B605-B131-4B1B-9F16-B5B9E1FA50D1}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FBFEAA35-416F-41A8-A8FA-6A7117E66A1B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

07-06-2016 09:38:05 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/12/2016 10:47:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mediasrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5b7d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7f194cd3
ID des fehlerhaften Prozesses: 0x1608
Startzeit der fehlerhaften Anwendung: 0xmediasrv.exe0
Pfad der fehlerhaften Anwendung: mediasrv.exe1
Pfad des fehlerhaften Moduls: mediasrv.exe2
Berichtskennung: mediasrv.exe3
Vollständiger Name des fehlerhaften Pakets: mediasrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mediasrv.exe5

Error: (06/12/2016 10:47:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x102c
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (06/12/2016 10:47:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x33c
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/12/2016 10:45:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x838
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/12/2016 10:45:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x984
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (06/12/2016 10:44:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d7ba
Name des fehlerhaften Moduls: ESENT.dll, Version: 10.0.10586.212, Zeitstempel: 0x56fa1686
Ausnahmecode: 0xc0000602
Fehleroffset: 0x000000000022885f
ID des fehlerhaften Prozesses: 0xa8c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5

Error: (06/12/2016 10:44:43 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2700) Der Prozess wird aufgrund eines nicht behebbaren Fehlers beendet: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

Error: (06/12/2016 10:36:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mediasrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5b7d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7f194cd3
ID des fehlerhaften Prozesses: 0x10d0
Startzeit der fehlerhaften Anwendung: 0xmediasrv.exe0
Pfad der fehlerhaften Anwendung: mediasrv.exe1
Pfad des fehlerhaften Moduls: mediasrv.exe2
Berichtskennung: mediasrv.exe3
Vollständiger Name des fehlerhaften Pakets: mediasrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mediasrv.exe5

Error: (06/12/2016 10:36:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x1008
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (06/12/2016 10:36:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1278
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5


Systemfehler:
=============
Error: (06/12/2016 10:47:11 PM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Media ServiceNicht verfügbar{9AC233E9-AC75-4DB5-85C4-DAB13A484FEA}

Error: (06/12/2016 10:47:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Media Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/12/2016 10:47:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Media Service erreicht.

Error: (06/12/2016 10:47:11 PM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth OBEX ServiceNicht verfügbar{E9E0D51D-F407-4D91-B294-C111F721A3AF}

Error: (06/12/2016 10:47:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth OBEX Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/12/2016 10:47:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth OBEX Service erreicht.

Error: (06/12/2016 10:47:09 PM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/12/2016 10:47:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/12/2016 10:47:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (06/12/2016 10:46:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "watchmi" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


CodeIntegrity:
===================================
  Date: 2016-06-12 22:22:49.349
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-12 22:20:31.887
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 22:20:05.287
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 22:20:05.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 21:59:05.833
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 21:57:43.550
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:39:25.792
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:38:10.603
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:38:10.594
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-09 15:25:16.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Prozentuale Nutzung des RAM: 45%
Installierter physikalischer RAM: 4001.87 MB
Verfügbarer physikalischer RAM: 2191.94 MB
Summe virtueller Speicher: 8097.87 MB
Verfügbarer virtueller Speicher: 6334.02 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:581.46 GB) NTFS
Drive d: (Recover) (Fixed) (Total:48 GB) (Free:22.32 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=647.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende von Addition.txt ============================

Guten Abend Rafael,
ich habe alles durchgeführt, auch Kaspersky entfernt.
Wünsche Dir einen schönen Abend.
Lg Caroblue

burningice · 12.06.2016, 22:20

Es wird, es wird aber passt immer noch nicht ganz.

Schritt: 1
Mache einen erneuten Clean-Run mit AdwCleaner:
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt: 2
Du hast eine veraltete Version von FRST benutzt (zu erkennen an "C:\Users\lucted\Trojaner-Board#\FRST-OlderVersion". Bitte verwende die aktuellste Version. Wenn du gemäß Anleitung arbeiten würdest, wäre sie jetzt auf dem Desktop. Ansonsten lade sie dir neu herunter.

Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

Caroblue · 13.06.2016, 07:25

Code:

ATTFilter

# AdwCleaner v5.119 - Bericht erstellt am 13/06/2016 um 08:07:43
# Aktualisiert am 30/05/2016 von Xplode
# Datenbank : 2016-06-12.1 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : lucted - LUCTED-PC
# Gestartet von : C:\Users\lucted\Trojaner-Board#\AdwCleaner_5.119.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****

[-] Dienst gelöscht : iSafeKrnl
[-] Dienst gelöscht : iSafeKrnlKit
[-] Dienst gelöscht : iSafeKrnlR3
[-] Dienst gelöscht : iSafeService

***** [ Ordner ] *****

[-] Ordner gelöscht : C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\YourGSearchFinder_br

***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht : HKLM\SOFTWARE\Elex-tech
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe

***** [ Internetbrowser ] *****

[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("browser.search.searchengine.searchengine.uid", "[xpconnect wrapped nsIUUIDGenerator]");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.BUTTON_STRUCTURE", "[{\"b\":224520315,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224520316,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.browser.version.last", "45.0");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.firstKnownVersion", "7.38.8.45986");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.homepage", "/index.jhtml?n=782aa589");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.hp.enabled", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.hp.guardType", "HPR");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.initialized", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.installation.installDate", "2016060809");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.installation.success", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.lastActivePing", "1465797545417");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.lastKnownVersion", "7.38.8.45986");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.lssState", "{\"previousLocales\":[\"de\",\"en-US\",\"en\"],\"supportedLocales\":[\"de\",\"es\",\"pt\",\"ja\",\"en\"],\"defaultLocale\":\"en\",\"supp[...]
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.options.defaultSearch", false);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.options.homePageEnabled", false);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.options.keywordEnabled", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.options.tabEnabled", false);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.language", "en");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.type", "Toolbar");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.successUrl", "undefined");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.toolbarCollapsed", false);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.uninstallTasks", "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._brMembers_.\"],\"filesToDelete\":[\"C:\\\\Users\\\\lucted\\\\AppData\\\[...]
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "yourGSearchfinder@GSearch.com");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "yourGSearchfinder@GSearch.com");

*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [53987 Bytes] - [08/06/2016 09:16:30]
C:\AdwCleaner\AdwCleaner[C2].txt - [6463 Bytes] - [13/06/2016 08:07:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [53061 Bytes] - [08/06/2016 09:13:41]
C:\AdwCleaner\AdwCleaner[S2].txt - [6675 Bytes] - [13/06/2016 08:06:05]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [6683 Bytes] ##########

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016 01
durchgeführt von lucted (Administrator) auf LUCTED-PC (13-06-2016 08:19:21)
Gestartet von C:\Users\lucted\Downloads
Geladene Profile: UpdatusUser & lucted (Verfügbare Profile: UpdatusUser & lucted & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\FspService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Geek Software GmbH) C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6319440 2015-05-29] (Sentelic Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12661352 2011-08-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [LMgrOSD] => "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe"
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe [221216 2015-11-18] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-18] (Google Inc.)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-12-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2010-12-02]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{03825670-e143-4a1c-9d66-6b83c604caab}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{5327d1c1-1dac-4479-9385-c34c11de559b}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-12] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-12] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF DefaultSearchEngine: v9
FF SelectedSearchEngine: v9
FF Homepage: hxxp://www.web.de/
FF Keyword.URL: undefined://undefined/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-689365640-92009327-2566536619-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lucted\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-06-06] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js [2016-06-08]
FF user.js: detected! => C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2016-06-08]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\englische-ergebnisse.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\gmx-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\lastminute.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\webde-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\englische-ergebnisse.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\gmx-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\lastminute.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\webde-suche.xml [2013-03-22]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\browser-mailcheck@web.de [2016-03-26]
FF Extension: xRocket Toolbar - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com [2016-05-09] [ist nicht signiert]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\Extensions\browser-mailcheck@web.de [2016-03-26]
FF Extension: GsearchFinder - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-24]
FF Extension: Gooding Toolbar - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\gooding-toolbar@gooding.de.xpi [2016-04-09]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-03-19] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2q4oabfe0m8m3c7b&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nice
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Keine Datei
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => Keine Datei
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-21]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
R2 FspSvc; C:\Windows\System32\FspService.exe [2178896 2015-05-29] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] () [Datei ist nicht signiert]
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] () [Datei ist nicht signiert]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [209232 2015-05-29] (Sentelic Corporation)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2011-08-10] (ITE                      )
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-13 08:19 - 2016-06-13 08:19 - 00022360 _____ C:\Users\lucted\Downloads\FRST.txt
2016-06-13 08:18 - 2016-06-13 08:19 - 00000000 ____D C:\FRST
2016-06-13 08:17 - 2016-06-13 08:18 - 02385408 _____ (Farbar) C:\Users\lucted\Downloads\FRST64.exe
2016-06-13 08:17 - 2016-06-13 08:17 - 00001026 _____ C:\Users\lucted\Desktop\FRST64.exe - Verknüpfung.lnk
2016-06-13 08:04 - 2016-06-13 08:04 - 00001612 _____ C:\Users\lucted\Desktop\AdwCleaner_5.119.exe - Verknüpfung.lnk
2016-06-12 22:41 - 2016-06-12 22:41 - 12819016 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\kavremvr.exe
2016-06-08 08:39 - 2016-06-13 08:07 - 00000000 ____D C:\AdwCleaner
2016-06-08 07:53 - 2016-06-08 14:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-08 07:52 - 2016-06-08 07:52 - 00000919 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\Benutzer
2016-06-08 07:52 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-08 07:52 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-08 07:52 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-08 07:49 - 2016-06-08 07:49 - 00001653 _____ C:\Users\lucted\Desktop\mbam-setup-2.2.1.1043.exe - Verknüpfung.lnk
2016-06-07 14:48 - 2016-06-07 14:48 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-06-07 14:37 - 2016-06-07 15:03 - 00822490 _____ C:\TDSSKiller.3.1.0.9_07.06.2016_14.37.08_log.txt
2016-06-07 12:27 - 2016-06-13 08:15 - 00000000 ____D C:\Users\lucted\Trojaner-Board#
2016-06-07 10:41 - 2016-06-07 10:42 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994(1).exe
2016-06-06 22:44 - 2016-06-06 23:00 - 00000000 ____D C:\KVRT_Data
2016-06-06 22:43 - 2016-06-06 22:43 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (3).exe
2016-06-06 22:40 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (2).exe
2016-06-06 22:39 - 2016-06-06 22:44 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT.exe
2016-06-06 22:39 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (1).exe
2016-06-06 22:30 - 2016-06-06 22:33 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994.exe
2016-06-06 22:17 - 2016-06-06 22:27 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-27 10:29 - 2016-05-27 10:29 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-05-22 19:17 - 2016-05-22 19:17 - 00004336 _____ C:\Users\lucted\Downloads\MitteilungForm(1).pdf
2016-05-22 19:12 - 2016-05-22 19:12 - 00004394 _____ C:\Users\lucted\Downloads\MitteilungForm.pdf
2016-05-20 17:10 - 2016-05-20 17:10 - 00036153 _____ C:\Users\lucted\Downloads\Kontoumsaetze_848_031412000_20160520_171027.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-13 08:10 - 2011-12-18 00:08 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-13 08:09 - 2016-01-06 14:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-13 08:09 - 2016-01-06 13:36 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-13 08:08 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-06-13 08:00 - 2015-12-28 14:36 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{845ECAD7-6284-46CB-831F-F26619A16307}
2016-06-12 22:46 - 2012-12-05 19:45 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-12 22:44 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-06-12 22:44 - 2012-01-19 23:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-12 22:43 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-12 22:43 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-12 22:41 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-12 22:41 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-12 22:41 - 2011-12-18 00:08 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-12 22:28 - 2016-03-21 17:07 - 00000000 ____D C:\Users\lucted\AppData\LocalLow\Temp
2016-06-10 19:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-08 09:17 - 2016-04-21 13:26 - 00000000 ____D C:\WINDOWS\system32\log
2016-06-08 09:17 - 2016-03-26 10:41 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-06-08 07:47 - 2011-12-18 00:08 - 00002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 07:47 - 2011-12-18 00:08 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-07 12:27 - 2016-01-06 13:40 - 00000000 ____D C:\Users\lucted
2016-06-06 22:17 - 2014-05-17 20:56 - 597610651 _____ C:\WINDOWS\MEMORY.DMP
2016-05-27 12:34 - 2016-04-21 13:26 - 00002179 _____ C:\Users\lucted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-27 09:49 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-27 09:48 - 2014-12-24 15:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-24 18:41 - 2015-12-30 14:28 - 00000000 ____D C:\Users\lucted\Documents\Carola DAK
2016-05-20 18:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-20 17:20 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-19 07:26 - 2015-09-10 07:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-15 14:14 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-15 14:13 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-15 11:54 - 2013-07-14 22:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-15 11:31 - 2011-08-10 17:28 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-03-18 21:30 - 2012-03-18 21:30 - 0017408 _____ () C:\Users\lucted\AppData\Local\WebpageIcons.db
2015-12-28 14:29 - 2016-03-30 18:12 - 0002385 _____ () C:\ProgramData\hpzinstall.log

Einige Dateien in TEMP:
====================
C:\Users\lucted\AppData\Local\Temp\libeay32.dll
C:\Users\lucted\AppData\Local\Temp\msvcr120.dll
C:\Users\lucted\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-06-06 20:32

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
durchgeführt von lucted (2016-06-13 08:20:26)
Gestartet von C:\Users\lucted\Downloads
Windows 10 Home Version 1511 (X64) (2016-01-06 12:10:54)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-689365640-92009327-2566536619-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-689365640-92009327-2566536619-503 - Limited - Disabled)
Gast (S-1-5-21-689365640-92009327-2566536619-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-689365640-92009327-2566536619-1005 - Limited - Enabled)
lucted (S-1-5-21-689365640-92009327-2566536619-1001 - Administrator - Enabled) => C:\Users\lucted
UpdatusUser (S-1-5-21-689365640-92009327-2566536619-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMI VR-pulse OS Switcher (HKLM\...\{69A90894-D54A-4657-8172-6B0FCE93414E}) (Version: 1.2 - American Megatrends Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2414 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.0.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4020 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2930.52 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.3503 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.5 - Sentelic)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet J4500 Series 14.0 Rel. 6 (HKLM\...\{EACF146B-01D2-4185-B773-9604A0E5902A}) (Version: 14.0 - HP)
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IT9130 Driver v11.4.26.1 (HKLM-x32\...\IT9130 DriverInstaller_11.4.26.1) (Version:  - )
J4500 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.4 - Wistron Corp.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2608 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional 2013 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 269.24 - NVIDIA Corporation)
NVIDIA Graphics Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 269.24 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
PDF24 Creator 7.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.8.201307151333 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
Telekom Fotoservice (HKLM-x32\...\Telekom Fotoservice) (Version:  - )
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM-x32\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VR-pulse Installer (HKLM\...\{E3725525-DE3E-48C1-9B81-D5FF1BFA23BC}) (Version: 1.4.0 - American Megatrends Inc.)
watchmi (HKLM-x32\...\{AA4D1C5E-116A-4FF4-AA91-28F526868203}) (Version: 2.5.0 - Axel Springer Digital TV Guide GmbH)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04BCB11B-17F1-4955-9C00-69977B36C809} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {117783BD-65A6-4DC1-9E57-4D81CD732B70} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {197BFA21-9421-417A-A970-70146ABD8F06} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {2175C1B2-482A-4A54-BB55-0CDD42FCACD7} - System32\Tasks\{F1346FE0-48B9-405C-B428-32C2807A08ED} => Chrome.exe 
Task: {282EB8E8-1E85-4C65-8674-346BAA7E4F34} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2B86DFC6-EB5D-4BD8-8398-CA427629B14B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {44B93389-5249-4E2B-A9B5-3D65E2BFAC17} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {471E3170-56D4-4523-86A6-1464157ACD0A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5057AEF1-568D-4FBC-AC9E-4A78E653BFA6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {62A99E50-A0D9-4911-8AF5-1C78217849C2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {62F1DEF1-2EE7-46AC-9183-887B0B9A4311} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {63C3E556-7059-4370-9A2A-470323E2C382} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {670DEE14-CBDC-42E9-91D0-0552EE63E821} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6A11C2BB-548A-4972-B321-955CC4F3952E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {6D585D27-5627-4974-BE14-99479A641455} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6E491ED6-FE8B-4B32-BF70-135C535CF8BE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {79523EC8-DECC-43B3-AA31-7B484566FFEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {7B995869-C825-446D-8392-BEB8EAD525B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {8C3D5683-CCAD-40F5-9375-5E6E1C5DDD73} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-15] (Microsoft Corporation)
Task: {962D96D8-D3AC-4B8E-98AE-A1E01A0E23A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {980027FC-1320-46C9-8285-64016C8A1EDC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {9B6E932B-A2D6-47F1-AA14-73C659390FEB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {ABB5E909-9D2C-47F4-9D50-CDE3BB3B99C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {C921D49D-10A4-4118-A3F9-3CF0397FB61A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D0DC9FC0-A8BF-49B3-89FD-EE03766974EF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {DEE673F8-F516-4176-963D-56B3DE107736} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DF2F5D2A-F185-46FA-9084-4DC72EA2D69D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {EA754882-3285-4AAC-834C-D4D4E2B6A4B4} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {F7E02F74-F9B2-404B-9F09-BF7D0D44E431} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {FA04D949-46B9-4BC1-A25D-12C4EBBDFDCC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FA059BAD-6409-4CF3-AEF4-B1A8C3BFBD8C} - System32\Tasks\{400F534C-CAAB-4BDF-87FF-62FCA9FD66B8} => Chrome.exe 
Task: {FDB06D6C-0F7A-4090-8C38-2EE877AAFA29} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONhome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONplay.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de/electronics/cat/MEDIONplay/gaming_browsergames_88 --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Blumen Service.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www1.aldi-blumenservice.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Reisen.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://nord.aldi-reisen.de/html_nord --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Startseite.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.aldi-essen.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Talk.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medionmobile.de --disable-quic

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-06 13:36 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-29 07:29 - 2015-05-29 07:29 - 02178896 _____ () C:\Windows\System32\FspService.exe
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-25 20:49 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-08-17 14:26 - 2010-12-14 11:39 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-06 16:43 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 10:25 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 10:26 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 10:27 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-27 21:45 - 2015-06-10 11:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 01070080 _____ () C:\Program Files (x86)\watchmi\TvdTray.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2016-01-06 13:43 - 2016-01-06 13:43 - 00061952 _____ () C:\WINDOWS\assembly\GAC_MSIL\Tvd.Remote\2.5.0.5__f722db7bec59a14b\Tvd.Remote.dll
2015-10-30 09:18 - 2015-10-30 09:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2013-07-27 21:45 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-07-27 21:45 - 2015-10-20 18:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00074272 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\zlib.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00052256 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\OperationUI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-689365640-92009327-2566536619-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C59151D1-7438-4CDC-876A-DB62AD37122E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E7067E1E-E8E1-4432-ABBA-8782D7AB663C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EE6A52BE-2D30-4997-A0D7-A23E594417F3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3FCF51C9-F2DB-47AB-8D72-AEC83275C08F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{32898F3D-8893-43B8-9BFA-0064D4085B27}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{820AEF7B-8D24-46AE-AFA1-6A90FFBE946B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{35320FA6-CBBB-4579-9515-59091B8A7C28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{5B9439B8-3BA7-4E0B-9983-8A089882248B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{58F29F08-83AF-4CCD-BDD0-929A86F366D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{986D1FD6-5279-4E3D-A63D-C85DC1FE7B1D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{39E89A1C-E0E7-4F2A-A537-6CF75B0B6F47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{3FA40793-3956-4AD1-B6D2-03FDCB040C68}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FA692561-CD09-4CB8-B535-6D45719D3374}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E7DAA948-9C3F-4104-BC8D-619C8F1D29A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{78A5C2F7-533F-4548-9CE2-E72263131BD9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{1DAFD66C-B77E-422B-90C1-14DC7ABE36C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{669D6B49-D269-423F-AC57-0BB6E1E48C80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{C9AA2C88-29A5-4104-B366-EFD59E2BD98B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F614D191-EA5E-449E-9505-C7A3EC2C44F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9C9EC504-17B1-4C47-BB36-FCF5E3D2E86C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AF6B72BA-D090-40DF-98EB-F86E0F449231}] => (Allow) LPort=2869
FirewallRules: [{E837ABE2-F877-4178-8B2E-2D30E71331C3}] => (Allow) LPort=1900
FirewallRules: [{78415ED0-ED22-46B5-8CF6-6330A38D9667}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{98730647-519B-40EA-AE33-AA5CB53581C6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C5686880-17D2-4944-9F78-78EFE22B0A7C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6F384575-BDEB-47D8-A16B-04950A53FF09}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{AEBF5336-40F2-45D9-8748-06C8EAB61AF2}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{51E9A207-6589-4FC7-9C95-4C2EB8644335}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{AD026405-E962-4384-B5E3-5E989E8CB3AE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{64B140A0-8BFF-409B-876B-DB99F0A4B6CC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{083DB4A0-AF82-4EEF-9414-77E8D4A89D91}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{CA6BC9E5-E136-433B-A373-844BFD421588}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{73EEFB9D-525E-4777-AEA6-36E5F61E7344}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{05D77498-21A2-46B7-9385-1DBBD1C342B3}] => (Allow) C:\Users\lucted\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{177BC7C4-05B2-49F0-B9BF-BA9190DCFCBB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{4D74C715-7AA0-47A7-816E-16C37BC869E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C10B5C9-42EE-4B9B-A629-699482688139}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37079CCD-0E6D-4D78-9DFA-613DC7B7BC57}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F544B605-B131-4B1B-9F16-B5B9E1FA50D1}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FBFEAA35-416F-41A8-A8FA-6A7117E66A1B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

07-06-2016 09:38:05 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/13/2016 08:17:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1c58
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:17:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1db0
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:15:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1b0c
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:15:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1d78
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:14:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1d30
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:10:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mediasrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5b7d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7f194cd3
ID des fehlerhaften Prozesses: 0x11dc
Startzeit der fehlerhaften Anwendung: 0xmediasrv.exe0
Pfad der fehlerhaften Anwendung: mediasrv.exe1
Pfad des fehlerhaften Moduls: mediasrv.exe2
Berichtskennung: mediasrv.exe3
Vollständiger Name des fehlerhaften Pakets: mediasrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mediasrv.exe5

Error: (06/13/2016 08:10:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x38c
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (06/13/2016 08:10:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1668
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:09:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x908
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:09:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x9c8
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5


Systemfehler:
=============
Error: (06/13/2016 08:17:49 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/13/2016 08:17:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/13/2016 08:17:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (06/13/2016 08:17:22 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/13/2016 08:17:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/13/2016 08:17:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (06/13/2016 08:15:16 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/13/2016 08:15:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/13/2016 08:15:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (06/13/2016 08:15:10 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}


CodeIntegrity:
===================================
  Date: 2016-06-12 22:22:49.349
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-12 22:20:31.887
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 22:20:05.287
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 22:20:05.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 21:59:05.833
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 21:57:43.550
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:39:25.792
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:38:10.603
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:38:10.594
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-09 15:25:16.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Prozentuale Nutzung des RAM: 45%
Installierter physikalischer RAM: 4001.87 MB
Verfügbarer physikalischer RAM: 2194.34 MB
Summe virtueller Speicher: 8097.87 MB
Verfügbarer virtueller Speicher: 6326.55 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:581.33 GB) NTFS
Drive d: (Recover) (Fixed) (Total:48 GB) (Free:22.32 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=647.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende von Addition.txt ============================

Guten Morgen Rafael,
ich bin kein Fachmann ( Fachfrau) auf den Gebiet PC, daher weiss ich auch nicht wie ich eine alte Version von FRST auf den PC bekommen habe. Bitte um Entschuldigung, wenn ich Euch damit mehr Arbeit gemacht habe.
Lg Caro

burningice · 13.06.2016, 22:25

Bitte um Mithilfe
Hi Caro, dein PC ist mit einer sehr robusten Art von Schadsoftware infiziert und wie du vielleicht schon gemerkt hast, verläuft unsere Bereinigung darum etwas zäh.

Darum bitte ich dich um Mithilfe, um die Tools, die wir hier verwenden, zu verbessern. Dazu tue bitte folgendes:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

zip:C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1;C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\profiles.ini

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Benutzung des TrojanerBoard Upload Kanals:

Link zum Upload-Channel.
Deaktiviere dein Anti-Viren-Programm.
Auf deinem Desktop befindet sich eine Datei mit dem Namen:
Code:
ATTFilter
```
Upload.zip
         
```
Klicke auf der Seite des Upload-Channels auf und wähle die oben genannte Datei aus.
Fülle bitte das Formular weiter aus und lade mir die Datei hoch.

Danke für deine Hilfe!

Bitte teile mir mit, ob der Upload geklappt hat!

Schritt: 1
Bitte folge dieser Anleitung, um deinen Firefox zu bereinigen - lösche den "alte-Daten" Ordner auf deinem Desktop bitte noch nicht.
https://support.mozilla.org/de/kb/firefox-bereinigen

Schritt: 2
Bitte folge dieser Anleitung, um deinen Chrome zu bereinigen
https://support.google.com/chrome/answer/3296214?hl=de

Schritt: 3
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

Caroblue · 14.06.2016, 09:04

Schönen guten Morgen, ist ja eine ganze Menge, werde mein bestes geben.☺ Aber wie ist es möglich, trotz Kaspersky sich so ein teil einzufangen?

Beim durchlauf von FRST kommt die Fehlermeldung " ZIP-komprimierte Ordner-Fehler" Datei nicht gefunden oder keine Leseberechtigung.

Lauf wurde aber trotzdem beendet, nach dem ich ok gedrückt habe.

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:13-06-2016
durchgeführt von lucted (2016-06-14 08:10:04) Run:1
Gestartet von C:\Users\lucted\Trojaner-Board#
Geladene Profile: UpdatusUser & lucted (Verfügbare Profile: UpdatusUser & lucted & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
zip:C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1;C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\profiles.ini
*****************

================== Zip: ===================
C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 -> erfolgreich kopiert zu C:\Users\lucted\Desktop\Upload.zip
"C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\profiles.ini" -> nicht gefunden
=========== Zip: Ende ===========

==== Ende von Fixlog 08:12:51 ====

Habe jetzt folgendes Problem:
Auf der Upload Seite will er ein Link zum Thema im Forum, habe dort mein Thema eingegeben, aber es kommt immer die Meldung, ich soll den link zum thread überprüfen.
Hilfeeeeee was nun?

da ich dir nur ein Feedback geben sollte, oder der Upload funktioniert hat, habe ich die anderen 3 Schritte schon mal weiter gemacht.

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
durchgeführt von lucted (Administrator) auf LUCTED-PC (14-06-2016 08:48:29)
Gestartet von C:\Users\lucted\Trojaner-Board#
Geladene Profile: UpdatusUser & lucted (Verfügbare Profile: UpdatusUser & lucted & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\FspService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Geek Software GmbH) C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6319440 2015-05-29] (Sentelic Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12661352 2011-08-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [LMgrOSD] => "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe"
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe [221216 2015-11-18] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-18] (Google Inc.)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-12-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2010-12-02]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{03825670-e143-4a1c-9d66-6b83c604caab}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{5327d1c1-1dac-4479-9385-c34c11de559b}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-12] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-12] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-689365640-92009327-2566536619-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lucted\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-06-06] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js [2016-06-08]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\englische-ergebnisse.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\gmx-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\lastminute.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\webde-suche.xml [2013-03-22]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\extensions\browser-mailcheck@web.de [2016-03-26]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [nicht gefunden]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\9c59swmb.default-1465886105769\Extensions\toolbar@web.de [2016-06-14] [ist nicht signiert]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-03-19] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com => nicht gefunden

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\gcswf32.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Keine Datei
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => Keine Datei
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\pdf.dll => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
R2 FspSvc; C:\Windows\System32\FspService.exe [2178896 2015-05-29] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] () [Datei ist nicht signiert]
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] () [Datei ist nicht signiert]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [209232 2015-05-29] (Sentelic Corporation)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2011-08-10] (ITE                      )
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-14 08:35 - 2016-06-14 08:35 - 00000000 ____D C:\Users\lucted\Desktop\Alte Firefox-Daten
2016-06-14 08:10 - 2016-06-14 08:10 - 09022355 _____ C:\Users\lucted\Desktop\Upload.zip
2016-06-14 08:08 - 2016-06-14 08:08 - 00000000 ____D C:\Users\lucted\Downloads\FRST-OlderVersion
2016-06-13 08:20 - 2016-06-13 08:21 - 00052836 _____ C:\Users\lucted\Downloads\Addition.txt
2016-06-13 08:19 - 2016-06-13 08:21 - 00030736 _____ C:\Users\lucted\Downloads\FRST.txt
2016-06-13 08:18 - 2016-06-14 08:48 - 00000000 ____D C:\FRST
2016-06-13 08:17 - 2016-06-14 08:09 - 00001407 _____ C:\Users\lucted\Desktop\FRST64.exe - Verknüpfung.lnk
2016-06-13 08:04 - 2016-06-13 08:04 - 00001612 _____ C:\Users\lucted\Desktop\AdwCleaner_5.119.exe - Verknüpfung.lnk
2016-06-12 22:41 - 2016-06-12 22:41 - 12819016 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\kavremvr.exe
2016-06-08 08:39 - 2016-06-13 08:07 - 00000000 ____D C:\AdwCleaner
2016-06-08 07:53 - 2016-06-08 14:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-08 07:52 - 2016-06-08 07:52 - 00000919 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\Benutzer
2016-06-08 07:52 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-08 07:52 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-08 07:52 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-08 07:49 - 2016-06-08 07:49 - 00001653 _____ C:\Users\lucted\Desktop\mbam-setup-2.2.1.1043.exe - Verknüpfung.lnk
2016-06-07 14:48 - 2016-06-07 14:48 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-06-07 14:37 - 2016-06-07 15:03 - 00822490 _____ C:\TDSSKiller.3.1.0.9_07.06.2016_14.37.08_log.txt
2016-06-07 12:27 - 2016-06-14 08:48 - 00000000 ____D C:\Users\lucted\Trojaner-Board#
2016-06-07 10:41 - 2016-06-07 10:42 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994(1).exe
2016-06-06 22:44 - 2016-06-06 23:00 - 00000000 ____D C:\KVRT_Data
2016-06-06 22:43 - 2016-06-06 22:43 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (3).exe
2016-06-06 22:40 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (2).exe
2016-06-06 22:39 - 2016-06-06 22:44 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT.exe
2016-06-06 22:39 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (1).exe
2016-06-06 22:30 - 2016-06-06 22:33 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994.exe
2016-06-06 22:17 - 2016-06-06 22:27 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-27 10:29 - 2016-05-27 10:29 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-05-22 19:17 - 2016-05-22 19:17 - 00004336 _____ C:\Users\lucted\Downloads\MitteilungForm(1).pdf
2016-05-22 19:12 - 2016-05-22 19:12 - 00004394 _____ C:\Users\lucted\Downloads\MitteilungForm.pdf
2016-05-20 17:10 - 2016-05-20 17:10 - 00036153 _____ C:\Users\lucted\Downloads\Kontoumsaetze_848_031412000_20160520_171027.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-14 08:46 - 2012-12-05 19:45 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-14 08:41 - 2011-12-18 00:08 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-14 08:04 - 2015-12-28 14:36 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{845ECAD7-6284-46CB-831F-F26619A16307}
2016-06-14 08:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-13 08:10 - 2011-12-18 00:08 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-13 08:09 - 2016-01-06 14:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-13 08:09 - 2016-01-06 13:36 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-13 08:08 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-06-12 22:44 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-06-12 22:44 - 2012-01-19 23:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-12 22:43 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-12 22:43 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-12 22:41 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-12 22:28 - 2016-03-21 17:07 - 00000000 ____D C:\Users\lucted\AppData\LocalLow\Temp
2016-06-10 19:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-08 09:17 - 2016-04-21 13:26 - 00000000 ____D C:\WINDOWS\system32\log
2016-06-08 09:17 - 2016-03-26 10:41 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-06-08 07:47 - 2011-12-18 00:08 - 00002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 07:47 - 2011-12-18 00:08 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-07 12:27 - 2016-01-06 13:40 - 00000000 ____D C:\Users\lucted
2016-06-06 22:17 - 2014-05-17 20:56 - 597610651 _____ C:\WINDOWS\MEMORY.DMP
2016-05-27 12:34 - 2016-04-21 13:26 - 00002179 _____ C:\Users\lucted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-27 09:49 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-27 09:48 - 2014-12-24 15:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-24 18:41 - 2015-12-30 14:28 - 00000000 ____D C:\Users\lucted\Documents\Carola DAK
2016-05-20 18:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-20 17:20 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-19 07:26 - 2015-09-10 07:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-15 14:14 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-15 14:13 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-15 11:54 - 2013-07-14 22:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-15 11:31 - 2011-08-10 17:28 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-03-18 21:30 - 2012-03-18 21:30 - 0017408 _____ () C:\Users\lucted\AppData\Local\WebpageIcons.db
2015-12-28 14:29 - 2016-03-30 18:12 - 0002385 _____ () C:\ProgramData\hpzinstall.log

Einige Dateien in TEMP:
====================
C:\Users\lucted\AppData\Local\Temp\libeay32.dll
C:\Users\lucted\AppData\Local\Temp\msvcr120.dll
C:\Users\lucted\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-06-06 20:32

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:13-06-2016
durchgeführt von lucted (2016-06-14 08:49:22)
Gestartet von C:\Users\lucted\Trojaner-Board#
Windows 10 Home Version 1511 (X64) (2016-01-06 12:10:54)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-689365640-92009327-2566536619-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-689365640-92009327-2566536619-503 - Limited - Disabled)
Gast (S-1-5-21-689365640-92009327-2566536619-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-689365640-92009327-2566536619-1005 - Limited - Enabled)
lucted (S-1-5-21-689365640-92009327-2566536619-1001 - Administrator - Enabled) => C:\Users\lucted
UpdatusUser (S-1-5-21-689365640-92009327-2566536619-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMI VR-pulse OS Switcher (HKLM\...\{69A90894-D54A-4657-8172-6B0FCE93414E}) (Version: 1.2 - American Megatrends Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2414 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.0.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4020 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2930.52 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.3503 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.5 - Sentelic)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet J4500 Series 14.0 Rel. 6 (HKLM\...\{EACF146B-01D2-4185-B773-9604A0E5902A}) (Version: 14.0 - HP)
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IT9130 Driver v11.4.26.1 (HKLM-x32\...\IT9130 DriverInstaller_11.4.26.1) (Version:  - )
J4500 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.4 - Wistron Corp.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2608 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional 2013 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 269.24 - NVIDIA Corporation)
NVIDIA Graphics Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 269.24 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
PDF24 Creator 7.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.8.201307151333 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
Telekom Fotoservice (HKLM-x32\...\Telekom Fotoservice) (Version:  - )
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM-x32\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VR-pulse Installer (HKLM\...\{E3725525-DE3E-48C1-9B81-D5FF1BFA23BC}) (Version: 1.4.0 - American Megatrends Inc.)
watchmi (HKLM-x32\...\{AA4D1C5E-116A-4FF4-AA91-28F526868203}) (Version: 2.5.0 - Axel Springer Digital TV Guide GmbH)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04BCB11B-17F1-4955-9C00-69977B36C809} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {117783BD-65A6-4DC1-9E57-4D81CD732B70} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {197BFA21-9421-417A-A970-70146ABD8F06} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {2175C1B2-482A-4A54-BB55-0CDD42FCACD7} - System32\Tasks\{F1346FE0-48B9-405C-B428-32C2807A08ED} => Chrome.exe 
Task: {282EB8E8-1E85-4C65-8674-346BAA7E4F34} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2B86DFC6-EB5D-4BD8-8398-CA427629B14B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {44B93389-5249-4E2B-A9B5-3D65E2BFAC17} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {471E3170-56D4-4523-86A6-1464157ACD0A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5057AEF1-568D-4FBC-AC9E-4A78E653BFA6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {62A99E50-A0D9-4911-8AF5-1C78217849C2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {62F1DEF1-2EE7-46AC-9183-887B0B9A4311} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {63C3E556-7059-4370-9A2A-470323E2C382} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {670DEE14-CBDC-42E9-91D0-0552EE63E821} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6A11C2BB-548A-4972-B321-955CC4F3952E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {6D585D27-5627-4974-BE14-99479A641455} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6E491ED6-FE8B-4B32-BF70-135C535CF8BE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {79523EC8-DECC-43B3-AA31-7B484566FFEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {7B995869-C825-446D-8392-BEB8EAD525B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {8C3D5683-CCAD-40F5-9375-5E6E1C5DDD73} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-15] (Microsoft Corporation)
Task: {962D96D8-D3AC-4B8E-98AE-A1E01A0E23A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {980027FC-1320-46C9-8285-64016C8A1EDC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {9B6E932B-A2D6-47F1-AA14-73C659390FEB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {ABB5E909-9D2C-47F4-9D50-CDE3BB3B99C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {C921D49D-10A4-4118-A3F9-3CF0397FB61A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D0DC9FC0-A8BF-49B3-89FD-EE03766974EF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {DEE673F8-F516-4176-963D-56B3DE107736} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DF2F5D2A-F185-46FA-9084-4DC72EA2D69D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {EA754882-3285-4AAC-834C-D4D4E2B6A4B4} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {F7E02F74-F9B2-404B-9F09-BF7D0D44E431} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {FA04D949-46B9-4BC1-A25D-12C4EBBDFDCC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FA059BAD-6409-4CF3-AEF4-B1A8C3BFBD8C} - System32\Tasks\{400F534C-CAAB-4BDF-87FF-62FCA9FD66B8} => Chrome.exe 
Task: {FDB06D6C-0F7A-4090-8C38-2EE877AAFA29} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONhome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONplay.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de/electronics/cat/MEDIONplay/gaming_browsergames_88 --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Blumen Service.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www1.aldi-blumenservice.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Reisen.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://nord.aldi-reisen.de/html_nord --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Startseite.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.aldi-essen.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Talk.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medionmobile.de --disable-quic

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-06 13:36 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-29 07:29 - 2015-05-29 07:29 - 02178896 _____ () C:\Windows\System32\FspService.exe
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-25 20:49 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-08-17 14:26 - 2010-12-14 11:39 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-06 16:43 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 10:25 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 10:26 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 10:27 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-27 21:45 - 2015-06-10 11:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 01070080 _____ () C:\Program Files (x86)\watchmi\TvdTray.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2016-01-06 13:43 - 2016-01-06 13:43 - 00061952 _____ () C:\WINDOWS\assembly\GAC_MSIL\Tvd.Remote\2.5.0.5__f722db7bec59a14b\Tvd.Remote.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2013-07-27 21:45 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-07-27 21:45 - 2015-10-20 18:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00074272 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\zlib.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00052256 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\OperationUI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-689365640-92009327-2566536619-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C59151D1-7438-4CDC-876A-DB62AD37122E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E7067E1E-E8E1-4432-ABBA-8782D7AB663C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EE6A52BE-2D30-4997-A0D7-A23E594417F3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3FCF51C9-F2DB-47AB-8D72-AEC83275C08F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{32898F3D-8893-43B8-9BFA-0064D4085B27}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{820AEF7B-8D24-46AE-AFA1-6A90FFBE946B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{35320FA6-CBBB-4579-9515-59091B8A7C28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{5B9439B8-3BA7-4E0B-9983-8A089882248B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{58F29F08-83AF-4CCD-BDD0-929A86F366D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{986D1FD6-5279-4E3D-A63D-C85DC1FE7B1D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{39E89A1C-E0E7-4F2A-A537-6CF75B0B6F47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{3FA40793-3956-4AD1-B6D2-03FDCB040C68}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FA692561-CD09-4CB8-B535-6D45719D3374}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E7DAA948-9C3F-4104-BC8D-619C8F1D29A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{78A5C2F7-533F-4548-9CE2-E72263131BD9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{1DAFD66C-B77E-422B-90C1-14DC7ABE36C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{669D6B49-D269-423F-AC57-0BB6E1E48C80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{C9AA2C88-29A5-4104-B366-EFD59E2BD98B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F614D191-EA5E-449E-9505-C7A3EC2C44F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9C9EC504-17B1-4C47-BB36-FCF5E3D2E86C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AF6B72BA-D090-40DF-98EB-F86E0F449231}] => (Allow) LPort=2869
FirewallRules: [{E837ABE2-F877-4178-8B2E-2D30E71331C3}] => (Allow) LPort=1900
FirewallRules: [{78415ED0-ED22-46B5-8CF6-6330A38D9667}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{98730647-519B-40EA-AE33-AA5CB53581C6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C5686880-17D2-4944-9F78-78EFE22B0A7C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6F384575-BDEB-47D8-A16B-04950A53FF09}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{AEBF5336-40F2-45D9-8748-06C8EAB61AF2}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{51E9A207-6589-4FC7-9C95-4C2EB8644335}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{AD026405-E962-4384-B5E3-5E989E8CB3AE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{64B140A0-8BFF-409B-876B-DB99F0A4B6CC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{083DB4A0-AF82-4EEF-9414-77E8D4A89D91}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{CA6BC9E5-E136-433B-A373-844BFD421588}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{73EEFB9D-525E-4777-AEA6-36E5F61E7344}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{05D77498-21A2-46B7-9385-1DBBD1C342B3}] => (Allow) C:\Users\lucted\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{177BC7C4-05B2-49F0-B9BF-BA9190DCFCBB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{4D74C715-7AA0-47A7-816E-16C37BC869E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C10B5C9-42EE-4B9B-A629-699482688139}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37079CCD-0E6D-4D78-9DFA-613DC7B7BC57}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F544B605-B131-4B1B-9F16-B5B9E1FA50D1}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FBFEAA35-416F-41A8-A8FA-6A7117E66A1B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

07-06-2016 09:38:05 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/14/2016 08:09:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1f90
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/14/2016 08:07:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x36c
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:17:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1c58
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:17:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1db0
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:15:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1b0c
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:15:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1d78
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:14:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1d30
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:10:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mediasrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5b7d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7f194cd3
ID des fehlerhaften Prozesses: 0x11dc
Startzeit der fehlerhaften Anwendung: 0xmediasrv.exe0
Pfad der fehlerhaften Anwendung: mediasrv.exe1
Pfad des fehlerhaften Moduls: mediasrv.exe2
Berichtskennung: mediasrv.exe3
Vollständiger Name des fehlerhaften Pakets: mediasrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mediasrv.exe5

Error: (06/13/2016 08:10:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x38c
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (06/13/2016 08:10:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1668
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5


Systemfehler:
=============
Error: (06/14/2016 08:09:48 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/14/2016 08:09:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.


Error: (06/14/2016 08:09:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (06/14/2016 08:07:58 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/14/2016 08:07:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.


Error: (06/14/2016 08:07:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (06/14/2016 07:59:41 AM) (Source: i8042prt) (EventID: 41) (User: )
Description: Beim Aktivieren der Maus für die Informationsübertragung ist ein Fehler aufgetreten. Das Gerät wurde zurückgesetzt, um es wieder funktionstüchtig zu machen.

Error: (06/14/2016 07:59:39 AM) (Source: i8042prt) (EventID: 41) (User: )
Description: Beim Aktivieren der Maus für die Informationsübertragung ist ein Fehler aufgetreten. Das Gerät wurde zurückgesetzt, um es wieder funktionstüchtig zu machen.

Error: (06/13/2016 08:17:49 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/13/2016 08:17:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.



CodeIntegrity:
===================================
  Date: 2016-06-12 22:22:49.349
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-12 22:20:31.887
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 22:20:05.287
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 22:20:05.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 21:59:05.833
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 21:57:43.550
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:39:25.792
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:38:10.603
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:38:10.594
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-09 15:25:16.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Prozentuale Nutzung des RAM: 47%
Installierter physikalischer RAM: 4001.87 MB
Verfügbarer physikalischer RAM: 2090.95 MB
Summe virtueller Speicher: 8097.87 MB
Verfügbarer virtueller Speicher: 6134.64 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:581.72 GB) NTFS
Drive d: (Recover) (Fixed) (Total:48 GB) (Free:22.32 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=647.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende von Addition.txt ============================

Upload hat jetzt doch funktioniert, war erfolgreich

burningice · 14.06.2016, 21:56

Super danke dafür!

Downloade Dir HitmanPro

auf Deinen Desktop:

HitmanPro-32 Bit Version
HitmanPro-64 Bit Version

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Caroblue · 15.06.2016, 07:24

Schönen guten Morgen,
hier kommt das Ergebnis, wünsche noch einen schönen Tag.

Code:

ATTFilter

HitmanPro 3.7.14.265
www.hitmanpro.com

   Computer name . . . . : LUCTED-PC
   Windows . . . . . . . : 10.0.0.10586.X64/4
   User name . . . . . . : LUCTED-PC\lucted
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-06-15 07:54:53
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 23s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 52

   Objects scanned . . . : 1.993.276
   Files scanned . . . . : 41.429
   Remnants scanned  . . : 422.571 files / 1.529.276 keys

Suspicious files ____________________________________________________________

   C:\Users\lucted\AppData\Local\Microsoft\Windows\INetCache\IE\NVYPUT3I\FRST64[1].exe
      Size . . . . . . . : 2.385.920 bytes
      Age  . . . . . . . : 1.0 days (2016-06-14 08:08:32)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 2C7000FE2E1515B814DD4F212102FA4F93529D770EE0BAF529B90EEF6D0E8C99
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -1.0s C:\Users\lucted\AppData\Local\Microsoft\Windows\INetCookies\CS2SLTZC.txt
         -1.0s C:\Users\lucted\AppData\Local\Microsoft\Windows\INetCache\IE\50O556XB\82[1].htm
          0.0s C:\Users\lucted\AppData\Local\Microsoft\Windows\INetCache\IE\NVYPUT3I\FRST64[1].exe
          0.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\02\
          0.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\02\5F377FB81D0AC7DA.dat
          3.5s C:\Users\lucted\Downloads\FRST-OlderVersion\
          3.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\9F2AFEF7326C2C20.dat
          4.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\62\5AFE7EFB51798B5A.dat

   C:\Users\lucted\Downloads\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.385.408 bytes
      Age  . . . . . . . : 2.0 days (2016-06-13 08:17:02)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 8A9CEF7FD8019023414AB3462A909AAD1CDCD7CB038730D835910020732B004E
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\lucted\Trojaner-Board#\FRST64.exe
          0.0s C:\Users\lucted\Downloads\FRST-OlderVersion\FRST64.exe
         23.5s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_devmonsrv.exe_c49af33a3664445b19437d8291226d3b0fe4efc_692de7c9_055bf114\
         23.5s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_devmonsrv.exe_c49af33a3664445b19437d8291226d3b0fe4efc_692de7c9_055bf114\Report.wer
         27.0s C:\Users\lucted\Desktop\FRST64.exe - Verknüpfung.lnk
         49.1s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_devmonsrv.exe_c49af33a3664445b19437d8291226d3b0fe4efc_692de7c9_0d4454fe\
         49.1s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_devmonsrv.exe_c49af33a3664445b19437d8291226d3b0fe4efc_692de7c9_0d4454fe\Report.wer

   C:\Users\lucted\Trojaner-Board#\FRST64.exe
      Size . . . . . . . : 2.385.920 bytes
      Age  . . . . . . . : 2.0 days (2016-06-13 08:17:02)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 2C7000FE2E1515B814DD4F212102FA4F93529D770EE0BAF529B90EEF6D0E8C99
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         C:\Users\lucted\Desktop\FRST64.exe - Verknüpfung.lnk
      Forensic Cluster
          0.0s C:\Users\lucted\Trojaner-Board#\FRST64.exe
          0.0s C:\Users\lucted\Downloads\FRST-OlderVersion\FRST64.exe
         23.5s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_devmonsrv.exe_c49af33a3664445b19437d8291226d3b0fe4efc_692de7c9_055bf114\
         23.5s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_devmonsrv.exe_c49af33a3664445b19437d8291226d3b0fe4efc_692de7c9_055bf114\Report.wer
         27.0s C:\Users\lucted\Desktop\FRST64.exe - Verknüpfung.lnk
         49.1s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_devmonsrv.exe_c49af33a3664445b19437d8291226d3b0fe4efc_692de7c9_0d4454fe\
         49.1s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_devmonsrv.exe_c49af33a3664445b19437d8291226d3b0fe4efc_692de7c9_0d4454fe\Report.wer


Potential Unwanted Programs _________________________________________________

   C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\searchplugins\ask-web-search.xml (AskBar)
   HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}\ (Iminent)
   HKU\S-1-5-21-689365640-92009327-2566536619-1000\SOFTWARE\One System Care\ (OneSystemCare)
   HKU\S-1-5-21-689365640-92009327-2566536619-1000\SOFTWARE\System Healer\ (SystemHealer)
   HKU\S-1-5-21-689365640-92009327-2566536619-1000\SOFTWARE\WajIEnhance\ (Wajam)

burningice · 15.06.2016, 09:35

Na das schaut ja schon fast wieder aus wie ein computer bei dir

Danach sollte es wohl passen:
Schritt: 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\searchplugins\ask-web-search.xml
[-HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}]
[-HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}]
[-HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}]
[-HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}]
[-HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}]
[-HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}]
[-HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}]
[-HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}]
[-HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}]
[-HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}]
[-HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}]
[-HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}]
[-HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}]
[-HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}]
[-HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}]
[-HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}]
[-HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}]
[-HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}]
[-HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}]
[-HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}]
[-HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}]
[-HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}]
[-HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}]
[-HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}]
[-HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}]
[-HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}]
[-HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}]
[-HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}]
[-HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}]
[-HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}]
[-HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}]
[-HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}]
[-HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}]
[-HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}]
[-HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}]
[-HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}]
[-HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}]
[-HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}]
[-HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}]
[-HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}]
[-HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}]
[-HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}]
[-HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}]
[-HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}]
[-HKU\S-1-5-21-689365640-92009327-2566536619-1000\SOFTWARE\One System Care]
[-HKU\S-1-5-21-689365640-92009327-2566536619-1000\SOFTWARE\System Healer]
[-HKU\S-1-5-21-689365640-92009327-2566536619-1000\SOFTWARE\WajIEnhance]
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{5327d1c1-1dac-4479-9385-c34c11de559b}: [DhcpNameServer] 82.163.142.7
cmd: ipconfig /release
cmd: ipconfig /renew
cmd: ipconfig /flushdns
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =  
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =  
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =  
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL = 
FF user.js: detected! => C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js [2016-06-08]
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com => nicht gefunden

emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt: 2
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

Hast du noch irgendwelche Probleme mit deinem Rechner?

10.06.2016, 18:09	#19
burningice /// Malwareteam	Trojan:Win32/Xadupi Meistens klappt es nach 1-2 simplen Neustarts und/oder erneutem Herunterladen wieder problemlos __________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook ..........

Trojan:Win32/Xadupi

Plagegeister aller Art und deren Bekämpfung: Trojan:Win32/Xadupi