Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows8: permanente Virenfunde

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.04.2015, 19:52   #1
Ogotox
 
Windows8: permanente Virenfunde - Standard

Windows8: permanente Virenfunde



Huhu,

Habe mir vor 2 Tagen einen schönen neuen PC zusammengebaut, jedoch wie es mein Glück will direkt Viren eingefangen. Habe allgemein wenig Ahnung von dem Thema, weshalb ich lieber hier mal frage. Natürlich habe ich zuerst ein klein wenig auch alleine herumprobiert, jedoch kommen die Viren immer wieder nachdem ich sie in die Quarantäne verschiebe. Den Virenfund habe ich einfach mal in den Anhang hinzugefügt.

Die einzigen Programme die ich installiert hatte waren Avira, Steam, Malwarebytes Anti-Malware , Google-Chrome und 1 Spiel (counterStrike:GlobalOffensive). Hatte dann 2 Programme gefunden die ich dann einfach deinstalliert habe... Snapdo und Wajam... beides hat mir nichts gesagt aber ich glaube das hängt mit einem davon zusammen. Wenn ich den Browser öffne werden von Malwarebytes Anti-Malware 2 Virenfunde erneut gezeigt welche auch im Anhang zu finden sind. Zudem werde ich beim erstellen eines neuen Tabs auf folgenden Link automatisch weitergeleitet, was ich auch versucht habe auszustellen, aber es immer automatisch passiert (ACHTUNG... ICH WEIß NICHT WAS PASSIERT WENN EINER VON EUCH DARAUF GEHT)
hxxp://search.snapdo.com/?st=dn&q=
Ein wahrscheinlich auch großer Fehler war, dass ich Avira deinstalliert habe, weil ich dachte, dass sich vielleicht Avira und Antimalware beißen.

Naja, natürlich habe ich auch die von euch geforderten Logs in den Anhang hinzugefügt (Addition, FRST und gmer).
Solltet ihr noch irgendwelche anderen Infos oder Daten von mir brauchen, bin ich gerne bereit diese auch noch hinzuzufügen.
Ich hoffe dass mir einer on euch hier helfen kann.

mfg Ogotox
Angehängte Grafiken
Dateityp: png Virenfunde.PNG (34,4 KB, 82x aufgerufen)
Dateityp: png 1web.PNG (8,0 KB, 71x aufgerufen)
Dateityp: png 2web.PNG (7,8 KB, 77x aufgerufen)
Angehängte Dateien
Dateityp: txt FRST.txt (25,1 KB, 107x aufgerufen)
Dateityp: log gmer.log (2,3 KB, 81x aufgerufen)

Alt 10.04.2015, 20:15   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows8: permanente Virenfunde - Standard

Windows8: permanente Virenfunde



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 10.04.2015, 20:38   #3
Ogotox
 
Windows8: permanente Virenfunde - Standard

Windows8: permanente Virenfunde



Sorry... Achtung hier kommen die Logs!!! :
FRST.txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Ogotox (administrator) on OGOPC on 10-04-2015 18:49:53
Running from C:\Users\Ogotox\Downloads
Loaded Profiles: Ogotox (Available profiles: Ogotox)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\cvcngm.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ktajwm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Ogotox\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-02-20] (NVIDIA Corporation)
HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)
AppInit_DLLs: C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ktlmq.dll => C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ktlmq.dll [254560 2015-04-10] (TODO: <Company name>)
AppInit_DLLs-x32: C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\zeuvv.dll => C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\zeuvv.dll [127280 2015-04-10] (TODO: <Company name>)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51129;https=127.0.0.1:51129
HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwToBS8xCZWiHzg9JO494t1sqzf2lO_xi8VaMFuJJx1u4BMuz95XqpS1I3Dk3zfnQdTHYy0csNojl4WoIUKignNj6ocux9qzIO96W8T0gvOf25zYtHjbsYNE87Ad5AaKOLiE9FKtdbU3EwCHU17GO-WYc,&q={searchTerms}
HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwToBS8xCZWiHzg9JO494t1sqzf2lO_xi8VaMFuJJx1u4BMuz95XqpS1I3Dk3zfnQdTHYy0csNojl08nhbtU8yztTIj2V-onCRCaKW2lEDILbNzvoqOl3tkaT7GgmkIFsIYAJrOQYbKp1UN0PEmuANLqk,
HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwToBS8xCZWiHzg9JO494t1sqzf2lO_xi8VaMFuJJx1u4BMuz95XqpS1I3Dk3zfnQdTHYy0csNojl4WoIUKignNj6ocux9qzIO96W8T0gvOf25zYtHjbsYNE87Ad5AaKOLiE9FKtdbU3EwCHU17GO-WYc,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwToBS8xCZWiHzg9JO494t1sqzf2lO_xi8VaMFuJJx1u4BMuz95XqpS1I3Dk3zfnQdTHYy0csNojl4WoIUKignNj6ocux9qzIO96W8T0gvOf25zYtHjbsYNE87Ad5AaKOLiE9FKtdbU3EwCHU17GO-WYc,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwToBS8xCZWiHzg9JO494t1sqzf2lO_xi8VaMFuJJx1u4BMuz95XqpS1I3Dk3zfnQdTHYy0csNojl4WoIUKignNj6ocux9qzIO96W8T0gvOf25zYtHjbsYNE87Ad5AaKOLiE9FKtdbU3EwCHU17GO-WYc,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1772424110-1775628108-1297487835-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwToBS8xCZWiHzg9JO494t1sqzf2lO_xi8VaMFuJJx1u4BMuz95XqpS1I3Dk3zfnQdTHYy0csNojl4WoIUKignNj6ocux9qzIO96W8T0gvOf25zYtHjbsYNE87Ad5AaKOLiE9FKtdbU3EwCHU17GO-WYc,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1772424110-1775628108-1297487835-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwToBS8xCZWiHzg9JO494t1sqzf2lO_xi8VaMFuJJx1u4BMuz95XqpS1I3Dk3zfnQdTHYy0csNojl4WoIUKignNj6ocux9qzIO96W8T0gvOf25zYtHjbsYNE87Ad5AaKOLiE9FKtdbU3EwCHU17GO-WYc,&q={searchTerms}
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ogotox\AppData\Roaming\Mozilla\Firefox\Profiles\24mNpOke.default
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-09] (Google Inc.)
FF SearchPlugin: C:\Users\Ogotox\AppData\Roaming\Mozilla\Firefox\Profiles\24mNpOke.default\searchplugins\Web Search.xml [2015-04-10]
FF Extension: Avira Browser Safety - C:\Users\Ogotox\AppData\Roaming\Mozilla\Firefox\Profiles\24mNpOke.default\Extensions\abs@avira.com [2015-04-09]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-09]
CHR Extension: (Google Docs) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-09]
CHR Extension: (Google Drive) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-09]
CHR Extension: (YouTube) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-09]
CHR Extension: (Google Search) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-09]
CHR Extension: (Google Sheets) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-04-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-09]
CHR Extension: (Google Wallet) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-09]
CHR Extension: (Gmail) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-09]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 CopyEditor; C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor.exe [85504 2015-03-26] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-02-20] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-10 18:49 - 2015-04-10 18:49 - 02095616 _____ (Farbar) C:\Users\Ogotox\Downloads\FRST64.exe
2015-04-10 18:49 - 2015-04-10 18:49 - 00011034 _____ () C:\Users\Ogotox\Downloads\FRST.txt
2015-04-10 18:49 - 2015-04-10 18:49 - 00000000 ____D () C:\FRST
2015-04-10 18:47 - 2015-04-10 18:47 - 00050477 _____ () C:\Users\Ogotox\Downloads\Defogger.exe
2015-04-10 18:47 - 2015-04-10 18:47 - 00000474 _____ () C:\Users\Ogotox\Downloads\defogger_disable.log
2015-04-10 18:47 - 2015-04-10 18:47 - 00000000 _____ () C:\Users\Ogotox\defogger_reenable
2015-04-10 01:03 - 2015-04-10 00:07 - 00000000 ____D () C:\Windows\Panther
2015-04-10 00:12 - 2015-04-09 22:35 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1772424110-1775628108-1297487835-1001
2015-04-10 00:09 - 2015-04-10 16:04 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A5040671-7C3F-472A-A461-CCC16EFFDD79}
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 __SHD () C:\Users\Ogotox\AppData\Local\EmieUserList
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 __SHD () C:\Users\Ogotox\AppData\Local\EmieSiteList
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 __SHD () C:\Users\Ogotox\AppData\Local\EmieBrowserModeList
2015-04-10 00:07 - 2015-04-10 18:47 - 00000000 ____D () C:\Users\Ogotox
2015-04-10 00:07 - 2015-04-10 16:59 - 00381366 _____ () C:\Windows\WindowsUpdate.log
2015-04-10 00:07 - 2015-04-10 00:07 - 00001454 _____ () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-10 00:07 - 2015-04-10 00:07 - 00000020 ___SH () C:\Users\Ogotox\ntuser.ini
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Vorlagen
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Startmenü
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Netzwerkumgebung
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Lokale Einstellungen
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Eigene Dateien
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Druckumgebung
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Documents\Eigene Musik
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Documents\Eigene Bilder
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\AppData\Local\Verlauf
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\AppData\Local\Anwendungsdaten
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Anwendungsdaten
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\VirtualStore
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\Packages
2015-04-10 00:07 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-10 00:07 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-10 00:07 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-10 00:07 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-10 00:07 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-10 00:07 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2015-04-09 22:24 - 2015-04-09 22:24 - 00002271 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-09 22:24 - 2015-04-09 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-09 22:19 - 2015-04-10 18:24 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-09 22:19 - 2015-04-10 18:21 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-09 22:19 - 2015-04-09 22:19 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-09 22:19 - 2015-04-09 22:19 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-09 21:41 - 2015-04-10 18:21 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 21:41 - 2015-04-09 21:41 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-09 21:41 - 2015-04-09 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-09 21:41 - 2015-04-09 21:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-09 21:41 - 2015-04-09 21:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-09 21:41 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-09 21:41 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-09 21:41 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-09 21:29 - 2015-04-09 21:29 - 00002077 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-04-09 21:29 - 2015-04-09 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-09 21:28 - 2015-04-09 21:28 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\NVIDIA
2015-04-09 20:41 - 2015-04-09 22:23 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-09 20:41 - 2015-04-09 20:42 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\Google
2015-04-09 20:39 - 2015-04-09 20:39 - 00000000 ____D () C:\ProgramData\865c7f35000071a9
2015-04-09 20:38 - 2015-04-09 20:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-04-09 20:35 - 2015-04-09 20:35 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\Mozilla
2015-04-09 20:35 - 2015-04-09 20:35 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\Steam
2015-04-09 20:33 - 2015-04-09 22:01 - 00000000 ____D () C:\ProgramData\Avira
2015-04-09 20:33 - 2015-04-09 20:33 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\dlg
2015-04-09 20:32 - 2015-04-09 20:43 - 00000000 ____D () C:\ProgramData\{fc7b26be-6ff1-20f3-fc7b-b26be6ff9af9}
2015-04-09 20:31 - 2015-04-10 18:23 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\CopyEditor
2015-04-09 20:31 - 2015-04-09 21:11 - 00000000 ____D () C:\Program Files (x86)\ProductUI
2015-04-09 20:31 - 2015-04-09 20:58 - 00000000 ____D () C:\ProgramData\Packer9dc087ae-908f-4f18-9cdf-58cd3413437f
2015-04-09 20:31 - 2015-04-09 20:31 - 00000000 ____D () C:\ProgramData\0008d14346ba46409439f1f5f96545bb
2015-04-09 20:28 - 2015-04-10 17:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-09 20:28 - 2015-02-20 01:18 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-04-09 20:28 - 2015-02-20 01:18 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-09 20:28 - 2015-02-05 21:07 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-09 20:28 - 2015-02-05 21:06 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-09 20:28 - 2015-02-05 19:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-09 20:28 - 2015-02-05 14:50 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-09 20:27 - 2015-04-10 17:17 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-09 20:27 - 2015-04-09 20:27 - 00000979 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-04-09 20:27 - 2015-04-09 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-09 20:25 - 2015-04-09 20:25 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\Macromedia

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-10 18:03 - 2014-11-21 05:35 - 01686150 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 18:03 - 2014-11-21 04:45 - 00726688 _____ () C:\Windows\system32\perfh007.dat
2015-04-10 18:03 - 2014-11-21 04:45 - 00151380 _____ () C:\Windows\system32\perfc007.dat
2015-04-10 18:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-10 17:56 - 2014-11-20 20:24 - 00443412 _____ () C:\Windows\PFRO.log
2015-04-10 17:56 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-10 17:27 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-10 16:37 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\tracing
2015-04-10 16:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\InputMethod
2015-04-10 01:03 - 2013-08-22 17:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2015-04-10 00:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-10 00:04 - 2013-08-22 17:37 - 00002988 _____ () C:\Windows\DtcInstall.log
2015-04-10 00:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\Recovery
2015-04-10 00:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-04-10 00:04 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default
2015-04-09 22:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Registration
2015-04-09 21:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2015-04-09 21:51 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-09 21:28 - 2013-08-22 16:46 - 00013071 _____ () C:\Windows\setupact.log
2015-04-09 20:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Help

Some content of TEMP:
====================
C:\Users\Ogotox\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-09 22:35

==================== End Of Log ============================
         
--- --- ---



Addition.txt:
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Ogotox at 2015-04-10 18:50:03
Running from C:\Users\Ogotox\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {A713575E-3A8D-4926-9051-B4C0C09C2134} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-09] (Google Inc.)
Task: {EA4D20E5-F051-4C8B-A93C-0824FFFEFC46} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-09] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-26 15:40 - 2015-03-26 15:40 - 00085504 _____ () C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor.exe
2015-04-09 20:28 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-26 15:40 - 2015-03-26 15:40 - 01051136 _____ () C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.exe
2015-04-09 22:01 - 2015-04-10 18:21 - 00509120 _____ () C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\cvcngm.exe
2015-04-09 20:31 - 2015-04-10 18:21 - 01018240 _____ () C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\wsyh.dll
2015-04-09 21:52 - 2015-04-10 18:21 - 00031822 _____ () C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ktajwm.exe
2015-04-09 22:24 - 2015-03-30 22:38 - 01530184 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-09 22:24 - 2015-03-30 22:38 - 00091976 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-09 22:24 - 2015-03-30 22:39 - 11266376 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-09 22:24 - 2015-03-30 22:39 - 26792264 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
2015-04-10 18:47 - 2015-04-10 18:47 - 00050477 _____ () C:\Users\Ogotox\Downloads\Defogger.exe
2015-03-26 15:40 - 2015-03-26 15:40 - 02199552 _____ () C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.dll
2015-04-09 20:31 - 2015-04-09 20:31 - 06225408 _____ () C:\Users\Ogotox\AppData\Local\CopyEditor\arvfs.dll
2015-03-26 15:40 - 2015-03-26 15:40 - 01819136 _____ () C:\Users\Ogotox\AppData\Local\CopyEditor\izeranv.dll
2015-04-09 20:31 - 2015-04-10 18:21 - 00063644 _____ () C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\tbfhxkzi.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\...\StartupApproved\Run: => "Steam"

==================== Accounts: =============================

Administrator (S-1-5-21-1772424110-1775628108-1297487835-500 - Administrator - Disabled)
Gast (S-1-5-21-1772424110-1775628108-1297487835-501 - Limited - Disabled)
Ogotox (S-1-5-21-1772424110-1775628108-1297487835-1001 - Administrator - Enabled) => C:\Users\Ogotox

==================== Faulty Device Manager Devices =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2015 10:35:49 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (04/09/2015 10:01:39 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (04/09/2015 08:31:23 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (04/09/2015 08:22:45 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x80072EE7
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9a8645c4-8908-49bb-8eec-6671a533b17a;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Fehler beim Erwerb der Endbenutzerlizenz. hr=0x80072EE7
SKU-ID=9a8645c4-8908-49bb-8eec-6671a533b17a

Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Lizenzerwerb-Fehlerdetails. 
hr=0x80072EE7

Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Fehler beim Erwerb der Endbenutzerlizenz. hr=0x80072EE7
SKU-ID=9a8645c4-8908-49bb-8eec-6671a533b17a

Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Lizenzerwerb-Fehlerdetails. 
hr=0x80072EE7

Error: (04/10/2015 01:39:49 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x80072EE7
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9a8645c4-8908-49bb-8eec-6671a533b17a;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


System errors:
=============
Error: (04/10/2015 04:18:15 PM) (Source: DCOM) (EventID: 10010) (User: OgoPC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/10/2015 04:17:44 PM) (Source: DCOM) (EventID: 10010) (User: OgoPC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/09/2015 10:36:49 PM) (Source: DCOM) (EventID: 10010) (User: OgoPC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/09/2015 10:36:19 PM) (Source: DCOM) (EventID: 10010) (User: OgoPC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/09/2015 10:18:58 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (04/09/2015 10:18:46 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (04/09/2015 10:18:46 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (04/09/2015 10:18:46 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (04/09/2015 10:18:45 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.

Error: (04/09/2015 10:17:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (04/09/2015 10:35:49 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (04/09/2015 10:01:39 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (04/09/2015 08:31:23 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (04/09/2015 08:22:45 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x80072EE7RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9a8645c4-8908-49bb-8eec-6671a533b17a;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0x80072EE79a8645c4-8908-49bb-8eec-6671a533b17a

Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0x80072EE700010001(0x00000000, 20:22:45:423 - https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail)
00020001(0x00000000, 20:22:45:423)
00030001(0x00000000, 20:22:45:423 - https://activation-v2.sls.microsoft.com)
00030002(0x00000000, 20:22:45:423 - 0)
00040001(0x00000000, 20:22:45:423 - https://activation-v2.sls.microsoft.com)
00040002(0x00000000, 20:22:45:423 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 20:22:45:438 - 0, 1)
00040006(0x00000001, 20:22:45:438 - 0, https://activation-v2.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 20:22:45:438 - 0)
00020008(0x80072EE7, 20:22:45:438 - SOAPAction: "hxxp://microsoft.com/SL/ProductActivationService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema" xmlns:soapenc="hxxp://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>ProductActivation</TokenType><RequestType>hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xmlns:q1="hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[1]"><TokenEntry><Name>PublishLicense</Name><Value>8sN9qLmM7V0SjPjRee/fmuSQZ3HWJyjylf6H3YOxC10xzhotxPsoTcTK35GcK7D15hvf1318A5PLmdlGFWPzcTT/YUDNQ2HmB6BANGC4mWfvF3H4nH4XDo3lfKHGVuJGGw20rTXlcCBXYZn4S5V1K7s72eWfsc7M+v7nNawfVs5dj2TKZafvH+XhFnTh7+k6MjooYOo0qQnrFgHOd+L9653GXgLLXep9A+DLSD4gGM31bZQ9XYTqWFQ0fRuPjLxYDCovRO5UBIsHok9RiIvJLtxQk93lBU4D+fSBxuF3lXgM038rSSOAtX02LxuKlhXqPk9I95nyuLwlU/mkTsDFud6/GPDLqGj68HJbdslmtp/q/KCevur5rBCBjpFKmB2NhOqbxRPJqHHsDw3BjTodgyv50IWKxr2iWgXHAtpB+Nq3yD4x0np2YVse9/9t+VnM+IQUodGHiKrS2t0YCrWicFeqtIldmQRkjpNaHmazRN4OyLcRBtKx2NQy/V0VaRySxtsM9+zSrdp72Jg8b/CTZRf3RpontKl15MnQN9ePkvfdirdpS/X4lD9PVvjvhPaVggV3RtT4vxANHbH5A1BgWmf+VWpPvT8qPmobJXoQnSrX7ZUBJvS6hvQzL1MqNnCcXBj/OocTF0nRVTigVUenx3NWO5hKQuVm8AnnYN0bWxNcI0o9znTzZmPbJ6CDrcFg85Gwogb4b0p24pGCq9s2cZhB5jeHOjVB6FhZIaZet5sqNpSqFyn0YOFZ3l65wQ07nQ/9/ywcdyV47KsI+5qOEi4K9lE++9OGSpGtq0ORFrSbCB1/i5Vo00+LlAYdosLOi2z1yI4OV7GgPLVlulQkRdD3b4euYZVd0VPyx8/N6U1pY1EoJFsqfXXuT/Uqxieqv4tMRHXsymDcgoKKUoIKOEYBE6d6hgxIk4lSvOHEMxJWCZiUtJumcPzwgZU3NrwhfL/+x3R7XefwpLhaRNLFSQ9apqvbl3Tfz93cT8JF7HqkhOGie8dbQZmk/XRxVG0WsZe5WN1u+wzsKeq21D4hIB8yh+17fBEHlomLl7XCa//iWCC/gGSdMxeYUNV7Nexg+6uaRi7+ci87SIYsG59Cm6r+WVfXXSUv9ARszQy0zNK4+wA/wTfq+z0R3gkJ6DHYvRT5LoJC1hphmFY3pm6xiDL6taIxqnIfpBU4gZ5INnJhfMuWER3ynTHgor4cO/u76oL5Mo1XYE/XuDcPxzEx9jNLkWZS7yEfjaWV0f4c07ejhVpkfC99pi/BF1vtje24HfhRgop5MMWwysZhGwiFINYoDK4WBQCsjc6LW8EMG0nsAsTi69rH5NWcfsIiowJMN1E13zKL4IrktWiTr3fP3NbbBeDuTCSTgrmV7+p4J6csZ4xR70KN7X86z8hn5/x8fznyzTwMBB2iZQ+ca/jlAqeXKsIgrqLln4ODBharVGKZORPtE7I2jJcF1N5iWBqiF1J/XBgH2Q7uKCYvIZ+68de6+/8IsX4gdJ40q610EPBEceXxcw21YwXCPCC3+/fsooBAI6b4EESCoeBZxqzZifavHWyeZwgbn+yfG/Wyx9SBXFB42aKBSJelejcSp6za7NP1QyUpWcoJx9xEe/WCzr1xREDWvqcAeUenVJrRrUauQhRFKQz5QlmM/QglYHXIb01Z1AXe/ZHSrtDrMqXXMJtLSYx4WFivAdo2H631MURm6x+6V81wcnOePJAaqPh+0WfJ9TfBfqZxOG3UAmllPLjkpKkPjkM44n739Duz6hvcRr513XJ/avSe2gJ9vKtsvgYm4Esy7cT28i7cEcmE8sRIS8fUNprjfbxo29XObsy50iZBjbiT/8nIWGtlKhvPkDmG0SBWJY19KuHiyiDSRrRpLrVphXOny6lD7l8/xDLH8ShFjxk5G86SfgGW/HgoNSzCcjLcQCteUNkocojEaXQ7j5qIhY8EjJfoQUkPm175w2PXst4dsbgIu+M/mDAE7Eus52r+q94npzpFvau0tS6PlvWfPo9uiepDFvfE2wR9AVBx1Par/0gT10xrlpLIwrRd5R/Z481YgojCAe1/F9UR2kZuXhRpO29rxXlBc81Rml/GVL9fyJvVwlrLe2j/kooso57OLrcVuH/2rJcFyoJGpzmq2dGqCWN5ayg8y8LCfCQq4+gGHM5zNs067i7XfE/+OsdpPmx4ghY8je6z05NF1hinfB26m47gxlKHDlaaJwSB/0eoN8vJ6n3j9y4k6s126a4OQa3IiohTkSAYP9VF3KtlBQc3mmYbb9HPUo46tumwjVh3m7cOhVoKoHiQTOerg/Eaq2FgyUmSKBc7VmB0XD458TT80nr23DOZQe59y0hzoJ5OAYycYZCgzgy7f1fSa5FLZi9FyMS1OEKziSClp07xEKQZIzhLDhyvCogZ2SCp/uwFkBHj3XedPql8YSlmIJQ5PFHeo7J8SGI3YYtbzGwgIG6By60u1vdhAgrq5pMmI3UmDjCrLalv008196Nvwoomqn7ZNM5YwDWSYqMNSkryfmOk3m0iYVxh9j7z02E2Ow13m7gQ5RE2ic4n/y7MYDKQlKUejoCJysClZKbmTv7EE3jGBeQNYLegMQcg1JxUnzkAeAl3ESNAblv6bu+y5fd9bGnI1Iw6ZFVKDjJlLoo6zELXDFdRzuh9a3E74E1s+Rh6Ig4PBsELqLZADh6IJ6JmfK13zHrvJTOkdlWZ4ZPHP5Kfm1ymQiIE41s4E/j1l5p7rR/nI6Lk4dB3GW6oz40zzqiws9t0fX85kwKs+MwtXVKK+br3yMEkeT42virNcHLBUJ8g/DufUtT7vFDf2eqmG8RlQ1l2pUHuJNhhhul4v+NXEUDsYSmXc4DjzDvG/exRhmM7sn88JYhV53h5shtYAGZQYt623FvAAHlbHFzItJESBU1KIuKaS7Oe8qMIMgem2IUPZV0hTBH+VLEcvys52ZagMnXUO4O5Jue9xUdqViQ/eBeZwA4X2P9QyCLBFS5/gVnDa2jv7EiNukkVO15Uze/Q/4NE4Sj6IYyrxQ6ZA7hBj2X0rdK7zTp2duN89ecN54+U69yvN7lyjox3bAZNmrMEaYEBWEohbQqo5DvqAkFzG24ugkzlJQXOMSuuWSvpx1zHAfJ8DUu2i6SYJnPJJ5XcIMDqwrXsZxf4jLVLOsorvtjWngQVmHSxxm8o/ffcsjCR3Mfn1EbKcpx9yZdyAnGGgH77WSOrUuBWinDye/CSwWx5Q6tUgjFDOa3c+KbbwARHAGv8yN/BcySZU9gPPHyglaDcWFS6IBVRSSul4qZHsZvMK0cSQzZh9ZsRxlSyz1X7Pp5yQC9M/Ha0ZqU3QG+oB6cpVDuEnxfqaG+Si6FKp65BV9oVtNAVopHpllgZOcD1j4DrS6kEaKJeMUwwI4YdCXo4GYbbL5I+1lFnGwD99C6wrN1q/UDyThFt+bjFc07LRreGSMfQH1D7bmDa+cJ+1x1GnK8VllXBc18KpMYHCSW1UunVaU45Dg6t8XIhncGQWqALe1xe9eA/2dl/rr9P20HnqZnQ9xfEZoSGM0o5s/kx72wciX5VVJq7I1NbD7Z/b3N/q59jK2uyorsT3thl7wEWm1GUZ85vwVlJOliSldXO0Ej+fn/ijp2U+DENNnKVElzrgyB8Lu5ABtMsKBVEpP89Ga+uaLr8aWGJxtN6xe3cpuvmAMCRMWZUjNzVMfTF0w5YrF9Pnme+79mjAENfEmal11EwfE5P8GGshxgFA5V8edNE+8A6CrshH3picHo8MS/7DjO7sptr7YOW2xcPEUKUKXJKTB/cJmr605rldFtqgYh2zEvmS+ViCmaoXarYX+xlvpsz9INWZZ3aUOM0JuctDtIEsmtHjEcAy/vT/uYWPswXyatFZfTHHowHOwknQ0FIUM7WlHJtLzP1btOqjhE1SiOIuNyh4k/17qnMKq2Pw5ptiO6mbIcA9Tq0oc2JsovXmrBwh1CynmbJNkND11p2OaICg0YtXnHiGZ68Pc9EVoKRO2YU8r5vZoadFXUKzFmu7v/cEwoeNgm7zk7s8dotoMLsDc8wpuOJX2N2G4wViqmlVbKpE3Wjk51Ic0MDglgnNiiabnWhh5CclVHx1Rwx9Y0euC7ShDw4TbxFNeNtjp9rLUF4bXDHXNjdeTjQs3GAiBXsg3EMV7s1B1vBY0rrUNCgDS0vaxLUBy0vi1NO91I/KXVwc9Nug9buY9PyM9WAEVUh/nvxpocC+WMsv+WJQLUR8cLvap8LT8tTZaYiS9N90i8G+T+o2xVMXLseMhOjwpUAdeEktrelAeQVyb9hch604riKTN6diWJjsBegSH91otzBHeJ6PSRsJppwW/SigD05l1PkCZn7vGVAnyzjeAd4fiRylo6uNto42/u4t4+KnIc0668t0cTU82+B4KBlTxpxB9bgr7XCQw0vqawzKmGMknL2Cdzn9sV4q7iY6c3gLrnrkDZiL6rzaBIU3apuTBDyjBzqPUI7/OZEsB8waN6KmxPlOa+yoRoGGaE+KZ74JFgiFpV8QVVrFAb4j61mwpXdulfE7QehfVLs8Nnxn/9kYtm3l37H7kJRsPqyoz7fV7wLJyf7zXY285rCAI0TbhxcgHO9LXGIF4MNsxH118SWMhuTFMX5Khv+1KabY7L4+7faPEx23wkw/jitapvwm/QLc/yVOxJ1EYZkEkjjajPHqAGuMoozfLi4Yh6IXWN7GvCYONssN2RKnU2v7ZRvVcynxy9VEykPmu6V4SI7T92cDUDk4s0xX1a2u5ZRracNhDOP0FqBdv9o9953R/Szv/14CrgMfkhTJGi5XCwF5jJoNKMlSp1mnYhUyVYnkttDdsoyCzk6x/Kr6HdcZVdI0tmnsOq+Upx3K+uiqEqVQluOsvvyX/ksMBdVLASmE9K2vZlPQrHppnvE0RTuzgH1TjXWxDUxXx73C0vSTiGq11NsKjd4R6XCXpcs6wjXS5dsYbVO0zN8Hr0kdMvqt6lCl6KwP/FU16H8ELTIEgxcUEbnMpVsd2ncLl+L/y2VKBAcgb9YuYXmQhxwQWUszYV/vy2Yrfeuhv9E8SSfYg5zrx8TWW/3YLBhOp72OxKizivi6aXIrvyXNsDJkoZMDLewQSc45KrCe7Kmt8anLuhRN+mcmAByELjeC/MgB76EtajogDUHudyfE8ZhAk1k2yNp6meUsl0NOytNgZ7pv5Zz+4w9uBzFZG5gfY0iCmDMO4Khsgq/rTqsPaQ39wUYCUELr1++YFh41wG1Eid322QTkBYrIGEpdCtg92Wx6junr0hreSqsEfIKfAkaOPN41mfnQwlOFRL18yNusI44YK3nPlqB/hscbtd89CMY5MmVnYoyJCAgWS9k/tSl5Tu5BZwaYnQOckyoVHWkomn0YQRMiA5MdOiD/xvFbn9Hev5hfrNKTDJbeGCOfXmR68n+PcOsxdyV/RxTLL+hVSSDl1GnWnNqSCqEZvyNhwH/+mOxJlbVcMQ9wGg7V3a3dX3zU0BjCyxNCwrIEFIRX2XQO9nlFrk5BA4DUcaD3WJR2jUoB7Jhz+OcLVtg2ukFQ+VmsiFuEH1uriDQHSxwQweFtqjgHZDXqY0Xm4qefBDILX3VEewG/7ePX4qA4ZU2fuvkBbz+bXosoqqm6DlDgWNmge/IBYkre1iAPESBvaM9zPxXD9mvCgjGNTjO3sbx8hEtgIpXmJ5ZW/AYR6fz0PoL05PZqhGJU+1vt17s8rGbqZc1tZLteVqT+e+Hz+u7peMHjuKDn3SzzxDlj4YV9ep97UvMISABjEcYdPSqp07GokPHjomkoy5RRUN90X4msnx+YSi8igWySalHd+F1ACTrK1s7t+v/9eZBlc9I1ZjVoa7RXHNVpGoSmxlfTlwaR8C5QCVbk+HnxHf72Yegd4ExDr3mZD1weegUST6R2h9ow+2Rsc1OzH33XxRRzkhIaBydqDUrvE/L+ovhCcMarCMTA4Mr6du8370qMlLDUB9dEbKZProUjvbm0XEyXbrv2v0Ag98u/OWIx3TXtG+MlWVD56vhiMf4Is2yRhz8scPTkuQopjqqG/HgwS6Ybvi2FpuLh+qdyHJ7GJgvMn0lfHWNF+olTrrvPGYccyREubpBnjEzvkKaO0GPtyihdL09Jnk564RR/1ny6RjhoN7mzlcs7NfqzTsP25C4vMSKKRpIa5ZONBjtNDem9X8eywnGraP0TDzMt2IykeeNpod1+qDOklFw7qPCWO0uGXVXhr3F5IeH1zSqccF7JIXy9ghkwJGdJLM1KNeNUQU5H80KChVtdH6Q532kZMhvc/5ya1i3biAenVkJxELO6swSbkdEP2bHLyD6TQOxOOAUoM4VhliMNUz7PQvPgFwQwt4BFpqBruxx/al3EcZxeO9vASBbYhFjMgAPXcEsIuQV5iTri7mPb3TOlXce84s54CZT7kMYc3dnUngHRfGwph46LqiCyUbEsnvwps4L/ccmNKItEpfe9R2O+HDSXyeqrB46xeAJOMNjsBZ/I+hR/egpkmK2jCr+MFnmxucKrlIdT2rfRQol4zZdlkZ/QFjqkqX6VFMY/YaZxMn+lI3DvHz3ZR1fkorRDwa8m9Ln8TimVayLJXsb7fW2y9WwnA7p93IWqmTpBTECCq3EPMWKs0gInaFz1bnkAflJNt2DD77/d/0OapNSTWkaxxvChU9dtdXZRat4cSyQSwswi9bqAjqVnfXZFR6TTU9Xd6/2qk+KM3Sfxu8J7kOrqrmnB/0fdf8HoGRlg58FJjsRF2pqk2ZiVeW9YyJBIqVPIWSr/hAPKQrkpu05sLIUnpy6eRuJRYSfF5Zw3AU+ZA/iD2FhKsjasyvuURABWB1gMT68N314DLVqu4AZ/t4DpiRaY9aqlzG9hSlcYxohRnEVqm3DuPIjjT3x0fZSCUZJ7hhjq60yq6b1p6Ol+sII0nzFeIS5LLLmyVWqVBQskct0AUOez9gxzGYh/UAUxY+noZ1xhasnCPdI5MW4vExU/E8CheqF+964qq/Mpxwsta/4QtzvdM/PBKUYNpw/GpBunGFtY1HUo3SPXcPOkilOzzfgWK5ozIpCARENdZnwa+rihD0g+v8Hoj5fCJdtuHPz9nEgpOP30SZLbLZSRKKJEgrdYud1VP2OF+37QjRI5gs+GSlY44jg8FVBfXkZVcwBOeFi7ony/yapg5q002u95gUNgBHK2R+0HiVsets21T640PB1gHAQ6rEyy8HG+rs1yFjgpN31QcKdbPgl7g7hnAIcsYyyoxyk70+RcYbsbM202vX9JVYNi8y1yhnczyHs841Dc010RVMoLk9cY4s175T62xxxL8Xbcp6R0zduNzExEkRH14vfBH6LqQ+0/dts9WC6Q0jRSmfs1BNEqKKTUHgJRx0rBagFgOVIBCXUpjKBVOigylHcfj7kv35omSOdjXP6eZKkfBJwKk/la1CNeLll9Xcn14iI2v55SojPPuP5m8Hb6VGQpdus1GM9wjMqm4pqxJClnsezFmuyCfTOBXm9DUzo5RCsNcfKDKdd1EKe27FLPio7LJvdiwoY8TMcDHLogsCyRlHWEVKIJEyj/118/V8gGCUobONcw/jw4PDo/n5/4ySzfU5mK+1rhsoQoBF1T+a0rTD/eITtgVdlCyoZnpWcCIXHTDjcKQLywSXSjZUUEwpBtOM45cGIzmupWE+T84K4MVbn/KP5Pq4S9LaG9ZP1TOz8qMiM5CtVKuEn/F2d3FBauSVp/hXjaVRRMWzRykKkGREjjnauTtWaitmH5U8ZqbNy8+UVVd20pNVHw87C1YrCD74t9w2RKN7wNJUxVPqx8h0Lrx9+oNIbT+oi2PtSulEdTFhL8wH8Htu0ik5nIm7TpTMUQGjl4WesiI1boWxw+gi1tjBQKQQd7DwGP6mBybAIyJt3IVRR5syaLVKnQE+KKgw7Yfe/MbV7hNlxYAx2etkDIjsDa+F9QVI+FPyVdIQdYLXIthhxRTIMcjazCtxJ2fGAhmQp4aTpoqoZIPxv4VTfZEG35P295YRhbQbZ8XrbV6A2+h0xb+N7AHQD8vVrmAMK8BblHdhZvezMzlpsHvug0XLHDKDut4RHdLZsv2s4UcyiI3O88S+902gEpjbVFLxD3gCt7KYGN1yIUP2hBfxENpcR1Qx7yaHlXhLSFQGCQKM56mwc8poKRfxvZGjQGjx/tLYje8ptaEz0zJHuxiAiV8Kr2AP8x6fcYdvz1QZwjvXfar34TyWR7fSj6SrF30Grh+YPWMfqom8GyMp8q7el0jZ9X/PQQyGgcMLKXTFu0VLf6b9Bb82nMaEyhhHOR6cTGdnO0yPWftLzoQeuc9wHCXdjecTl3fpnPZLATtYog+Oq9prgdwUwUWDay2XFG2rOvg6pu5k0FI8ZgB+hApl3LiNt8Y1Oiv1wKqVyLoiXto65ExpTLnENtJi/XhHPESYSlc4i6wcAAKI7o5fwY3Rv6AaS6JMym7agex9MVSFSSP2gkbTYDGDvUSae4w1yAnoWF+IDKrMG60z9OwlaChqevv5MGycnGzL4iGhIlSciz0BIGi4Qc8mTLuDhEbT4V+kqGxFx1lmyVV60/W+Aq/Cingto1h5Gh3HVjGAuNgn2TrjF83bb36/pEOht7HOqL/AQeWdFO8TgxDeY8wxqra6Znh9P+On/5kwOdzelXbxOGs+kWK+FuTGHgMMDwL46TzLz9E0Il8Z2XKboLjxKxXXH2E+4EEX5yl/l/9RqtSUHwALxTqeGcFrFvlX5q+TVoJLqoOYnuc4IhkAiwWXJO7bWnjKac+n9ds3xjI6DkTeors5tzULI4nl8qeCYvW3OVRDCzRuJdTBaCwAU6Iz4v52ONqFqCKopuwHl0MPjP/WgHmfG4blPVCBhDmFwtVCUwOmdtB/R6llyE/nnOp7WdY1AfsgXrcV9tPzQ+p1d+3q8I4VoXqD37gRnqMwqYgMgxOCtsNXCkB07onMnKa7EaD0D4fq1ZsEWISp9bDfIVLrQqGawE/6aa45NpX5NNZxzhT6zjSYARBvKSXAoit22aSeEGmoTkU1Xpu/B29aU4KqlrdIba6RyhydsrhoFzrs8kIowVsW1rlSckD1yI2xSPRZN+7URySKWZ2PRJ7oC2FfSjgWvAf4XFd0L+j4t+DYlX8dU/DAUQa3hbQ7D7YMCFyY7yp4x4Eb8eyyXv53dsbKKAJV8li93HKjCKxOEXM+wZmHMtQ19ZdW800+s+tpj8Sj8yX028YGyh5FPUcfjQxzHtKqKRCMtoYG6FkHxunnbTZHRv5NesxYjRJGUT2bXxjz67v80DVG5w2SQSwJaRXmZEYTZi2fqfBb+mAGJiGcNuYVtitUX84SXTs8F0sYajTg5bv8yEB5w8Y9bjiCWhYPX0+2yF1M7c4iGk+2hXJ2vOixZIDdL3Uet3kZuywPU5VlCHMCAHm0QhN/4TXXCwV91PWK+a7bIfaLx17w1bggVa6LtvGH7xFw/PXds4L46y0/kLtTsMUOlpidfOjdUTfGTcxbEjCy5xWyLtBH7l9hXQtQTVYl0kylshPbfxA4EHdx8mzuNQvkvpRL44457FfCZnUysMBR/vg5jJ2AlIQLpFxQI0xkoiw/scm49AGpUOzQaHyr+UpiRaq22IkEbTqDHpsImvNKdD2tld+G4vPBgOZCgceF2rtw7lMHJvCE0JZzhm+CzCb4etZ1Ta1WFhKkKcwz5aN1jSpvs21TSIysQ5q6WyDr7Cu+P5gGVLEPIQ/C4KF2oW0Gu6Sjy18EJHgUSm1vfcS5roaDdvbYfBtPuraf9E4FvDBKCvWI6ms6fs3O2/UBatruc2mEPwS5hFsmR3hHvcIieDMz3HWm+XfIt8co1UPXpcWRAg1Tve8SdEInnKAiNgm6R0V/L6NDZ4S2ggk5sZC5SaNmpFq4zwjkkdjBPKcSI/Vbv3/F5KlN4DFgr6YO89qdRGjTJPqu0coPSvxavA9gJqMg9EVNeggAcTk8fOZC5ZCzufM7uOPnDFPWm1ELBBNlKZ7HI11JgzlOExzRLY/e9MM9j4Twkj9fjS4vf5HNAd5JBDmMRvCkA2W5prpw1OWR6GiM8OPB4aqt3LuyITuWJl2EeUX9S1FEoZWqcMqm60Suc+vFpEjUMKfATndRQgV/f9R/szyUcYpg2EDA+5f0wp9/URmR42isw/M7kSD3oh7DD7yUGgwqVoQQcXLy9mzJqRK+PVtRbAga0iwxS/5pIGqAM2L36aJyK+9fyizbRCUqzDi1ButIWN+HrSIKfThjejeKpq91PgYEPZ2Aq6JYVfgYVmr77vrqyf7Bw3Bj6Xlj1uCZ6FkEKY5nluxFW5rKZhLzZ7NrqOtZHqG9VlKSXF/l4ix8QD3lBCisCGXPqv/7cTHohZbwA3p0rWsWtzKibn+IvEg+O6lqHKHv4dk3Pl+pHD1GEUpc+O760vQq+N2OnoscWbg+WS6P1FwpRp2+7Mwm2hdVKdCYNBsSwKcn1xo1MLQW8gQGg441rjLHPD7P9FkEiHB3km3mzRJHLdPt+oiKKHrkAS0AYl0KRrPT5VyvYoWuaUdodAIBSJxFHwVzucWje6T64p6o4kr2WfdNTBCV2nwZvQHGTvyaZuMq+UliZv5bePNj8FWTKg8fpNn+2EHHkxRaAixdwoxRxvzT0UqLoGZZMZWFxkFqAtxrjWjgulI+W9xQgsiM9CN55RjCDvIxWUwCqFaraE3Ji1A3wW/Ka/bxTkz3HdpmShivdKF2IRcUnSlJ65VuXQoSz1kFeFQFWQYu3zWqVmeirhKJaPWF3aHp4DoWQMqA+uf/IKXGXxo9CWL20n1xmpHj4N603UJtHjpAAg3DoHiCCGFCkN1MJ7Njm3TG9oFBlnOHg7Z2zxru5A4vXtZ6e+T2xvnEm4l2ufwmXxlzwjwFDWj4a5ouowc78HovEsAlLftNmJOQd+VV1pv74sRDBbxPPJgfmdc8AgE4zGwKxsJX0AGhXuLXXJeYpHmUWDvPlJwLXZqdt/AcJNHlDfszULZG+9pLYs1pTQs8h/IoHO21mHTFNJIixzTGhtqYtUuhMm/NxOPTz/Y3qJ61ucI5jKCGp2vyuxA8AfuLnJBEkcJCgOlnDSGT4xUJI/y2c21Xn1k8UAPpAPJxTPYYbRX3zEfTmyWbKCs9nA8ChrrxBrOfV4kKjrgf9jaYFQ7lg/hUTwnvgToHHJ7LTEzuYQ4UiWt06K/Sp66nVVZUg1cSzcZf0wY/dWvXZ+bovfalp/SN7rewmgfe2JJMx7wlgAMtHC6feEcyGrYgWZbvFYDUYJH/vN1kvX0A2ZDs9Lc8LN8P6q3uX2LJA/dnMIT3VkI1pdZY9q+13YKoxUm3fJzsfcNtG1NspRhA9TwzxqTLQzgunjMt12z5+BRXfuiF4ajVra97mM+iQ8p6EkSxpwz2wLkUw1RbGRkmfBWQeo25SfG+3m5qh02lofTNwK++ePIphCSrel9Xt9f6hM5qv/WQc2MY4X3TlqVT3i/W3nOr6dGFbfOaxVO2SToUWVZUNq1CCFEnWerOb8gsgAxS0i8v/D89jT4EskXCi8x3r+F1ydyoigVzpqgW3gV6H0fWU7+fNl09gAjN1Fy8I09sATXEOAqBU7OCKwoVU96WjOlogwNInMEP0ycFqoDG8zUjd1+qWwiUXUPENYu4PqKalYZSYtG2h3PMlBJuXaUjPo7KlWna6EUkt2mc9xpSBbPUkjh0GUiow24TlteLEkFJyGTjjKj3ei0RDteAZRhXmwsQLgpy4SAAdiks7mvM6Tfd+isFHj/NnIAJBO10/8bVlVzw+hQV7c02O+6gWLn3Zg2q6nFk28A8Fa1zLbJE0ChoHpek/33E7cJI+x6y3YnWWDL8ZLl8QMrV49RZ//ZqTFeXZXD+1iq1Iregw4cFm5IyxbULPd+RnhSKK7pEt4IKPXOi6MhU6vqGo3ZXrj1iW39DRm2eixi5lBshLQO/cAAHygX5DEHcwgE6K0859+JCtJTaSRdOaEndbX3jypUUr/zUHNVo04YbpoiaKGDqoP0YyTiiudiVgeh/4Sd3JkH3UT37OpUgbmCoOC2NRJap4htgueleo3or2gh6Swd9doSUGsnQ75bFBlvbZNPkF135IEr9XECJ205s4JFrgedxCNHhdHMBrxQ7AsgD+jOI76O6lWgdPO7hJQmOmcJRgxnc57YPl6ECQ2RaD6suom42/J+Di5UbHI8bYWH+jCi/qeOQo8U7/UX/AjxH92AYuH3mynKDqEsuqLSpq08Tlnlw7PS5qytDpHh+w+XPhatmQP4T4VQ02+Psq43Lsm10hY6SV0kn5s1iJg/e3nAxS/l3GePOJ1VCfJhX7jPXoiSHhjypq2A98H+7xM9pXmbqnXssM1o5s2poQR6FslgfvrtHhX95agkOt6U3HZVhODq6hjzlWZhRKTIlUEpOjGw+nrDOw8xdq2l3cADiJqw4mDUqtYR/fxy3Nhn+k2a3hFXxa7T7Jrqf8q/xe6kaXuiMrwxP8Soyb074wcM1eh1rr8zhlSpDditNyN3UuQQBApxGIHUUnmqgWlZIypkDeSd6hbEoMnwGmtHonZPNcXWbeVUdC4C4ZoLef5vdyMxpwWVAuVwk8jafw8HST35CtXQ3g4yf7x3rxwplNMBT4FUKxc+ABX5KrjHd5FoC+dClBK+NqKvSlXl3HYhbYE9KMhY97/1UhYCIzd1ZGush8HAPwoMfL9vuefQjON2Z0W51wX5u+7l7YDCuojk7ap+dw9Zbip+AT8Q4FyjB9LeRMTYdWLwUIGfqbWihLJ5HJJDcO0twRWOt03kWf4IzvDhLiNd+KpZItriHOlY1wTBHo7+y1v5VhCFJN2oKDNnDgjfl7sBrN/0HukRJDQJUcvk4UVTYYre2YpkcqeExCpzF4+xkP0YTCwPqxZRo2S/qT13GZJdnfaa89HhSnedoZWikWsShwxdqFIXuMfKrozYYghMcQlk67EemmauObyw7jXx5cCN3Nx74eUvioelmFbPU2gaA8xsT3whsmDpID2Ntv6t2oLdauGOOoOKhCxywT9qxdrtigdHVINHb9GKcFmbm05coKjC22/nqBIjT8Rp3SamV0w+3eWsKlbxGdJCBBnApuEJpiCEh+GidsVKb9NAVzG932qbcAX0h7Glj/oL75I6LX4JUazM/wI6lkjprv6W3bsYowU/EccXQ20iPbAsRdixwHfAC3YzURRtuujp4FkRN1JSzHQfVLrPoV0b6QDrJkN5RnKf1bzBZFZEvzQKia8bzqA759YNCkM+Y4egYfFvJ61u+keDCIMCLtmUJhLoDzyTmiorY9+g7PjHE3d/9GZOfDAD2TAp1meobJNttAAaye5Zti667SVnQ540vRi9VcYvuUmZD+M4+unQkG7ffMURifYqhf7NKN/3dZ1Rw/qoHkhbEaadv2z2jfiJRcBKKDujucXvI2sZFDJ1G3x118o5oxHcLsIUEII/2mjkaFo2y8M4Kl8wlrAuwIIo4/HfM5vbDTErKmHw744Nlm8cDZalEnaq1Y66/OSlIVcw4chWqAy7T7C3DuATI5uVimqLc7CfY9GzGAQSW98lrSurO2FPG6bSvf58Q4uFDaktT+kANIMYfAItx5K2REZPvdTfolv9EnRPSOxZakHe4ZIo6Z4s7cM0ae01+DZWlAoEETzXRiZtyMbIl8uyPwEEEFHRKH/Bs1sNnaMF8HleEZ2NZS35nnwNIdoEflv6yodwDL2Jp41Ss4FAFUk0sYJSSXHY0T4myokaunkn85zlGsX2tpKZUeIkIPllaLhIP1OXiWK1Zp8lIwHg1Ojm6PFXFs9Jb5V3K1fdBKF2M8h/Y9uY4cKXbXzwnux4qgruGyxfFWitYlPbuXAXy7FUtwtbWHekVpINZAXZgizBVdOtFW2nFb87T2T5rq9RIPC0SvUGUfL8IK9nCvUvwTIQYY8apVzjS8u4sd3ZRlKCeQKmm8ikoQ6PrqmYWB7iz8mKunyZrgF3uulrbpAdmgDWvSF7+oww0g1J7Yb78r/AZC1pq4ho9/B6fayPgr6BxRe95guGoVuO+MKO1Og62+MlxXcvuAO05mrd3kOfYd+/JD6lrdxK+WcmBQ3zMf5A983SkuI6P40Qfu2idbHAThcnw36Uro/qDmM4DWkDUyIHuXZNFKtR+wTlEFqBH/3IA4tq7HgjKWgASRKT8iVeNVH9jkLJj1+ya56d1BX03KQRNNcGmNbj7R/gvt1M4XBVWZ20LILAqD2rKKp5/b0O/JlVF2fjK6llOeLKzNOwj840z20m5MX8hB90gNBt7HWyl5yn1YiFJBvZDfAu1141R0cdD22OTO6KiAqGgyi3d0RgjHq3vbFIpidmVmxOnKcnoTQQOlP6YbjtxPp4IDk7Gr15ZkAJxtnVThnZXasyRuGA/lr6gKNL3I4nvFjii68eZNHjLqzKx8Q7tHVg==</Value></TokenEntry></Values></UseKey><Claims><Values xmlns:q1="hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[17]"><TokenEntry><Name>SessionKey</Name><Value>pgOsjn2/vIwdvthKBPOmu/F/hN3FHX6vlEu+Y7iKQNGtObstjWyZyMRv4d8MBexDkRcqhwrkP679P0kDutqd8+HCnc9LudylO2QS035pSjooK3WiKHF3C0GlatwZYUqIwenNYLHUMmdJEckFJTZUYThwA1939xhDk/6sRw1Zk2sVgzL+jhLTlH2MrKxcbLMuKAIW1Esj1V0M27rQyYRd5iFAEps7x86e/7VQ9CZr5cLxvkolwf+2/o6e6lmtuteTibdSe36COM6BZhKluXPngRos48bZWa5xvB/+cs3V1HY0cYuREdXhi4A7he66e0aNZZSGg0u718GUkhfFXnhfeA==</Value></TokenEntry><TokenEntry><Name>BindingType</Name><Value>NhjZJlsq6TgcT1Sq2PQ9YQJGkw/BL+AQb+QrUb6BM/k=</Value></TokenEntry><TokenEntry><Name>Binding</Name><Value>KRiRgZjxFY/6+RuJ+0OkIWrRqZwxNT5GaEZLMPCzPMcKWT7xj1WnUfyj4DRvc5ZfSnrD2AnoICXHzi7BinK7bQ==</Value></TokenEntry><TokenEntry><Name>ProductKey</Name><Value>yHGwyrQ/viMaWN1TPe1yEMRysT6M+poIwrMtg+iDJfU=</Value></TokenEntry><TokenEntry><Name>ProductKeyType</Name><Value>NhjZJlsq6TgcT1Sq2PQ9YdQenuPPbEASwGBJkk4JyUQ=</Value></TokenEntry><TokenEntry><Name>ProductKeyActConfigId</Name><Value>CKRCBeS0Osq7oRSzrfNXLG7P7eJWkGVRgvlNKyWepaQbpd9bGmF9gpFhtDrzGGVW/C0+rLdqQKFlkAGW7VWyjR3Q+yVXm5nIARg3rouyEnk=</Value></TokenEntry><TokenEntry><Name>SppSvcVersion</Name><Value>JfDPpgAK/EuduRSelcg9WA==</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.licenseCategory</Name><Value>gRf7fLk4Uj9Ay/1wEVePkpXpMbQjyjMm7PFVjEUVA3s=</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.licenseCategory</Name><Value>gRf7fLk4Uj9Ay/1wEVePkmXrWx/PyTk3EDavkArJBvk=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.sysprepAction</Name><Value>5kccfQZz8huOu6S3Qnb7Jw==</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.sysprepAction</Name><Value>5kccfQZz8huOu6S3Qnb7Jw==</Value></TokenEntry><TokenEntry><Name>ClientInformation</Name><Value>wlfWzGeoJreAIjE00364QOrhSeO11CjQ2VGOiiG1/4ylI8/0MOYWiLcKpLeRnuiwT57gADfGwWz3BwMBwAIGkA==</Value></TokenEntry><TokenEntry><Name>ReferralInformation</Name><Value>EH8BhsMRtdVuGG+COJpxVOrgijmyFyoX+XqCUDriP1vvY9uf6+F6m+h7MKUiJFaLn2hOGiRAJcwbGTowUDHJqg==</Value></TokenEntry><TokenEntry><Name>ClientSystemTime</Name><Value>qEpJtOCYO6u2TXxQ3n2waOTJ/y09b0WOfhaeYJ8KUjc=</Value></TokenEntry><TokenEntry><Name>ClientSystemTimeUtc</Name><Value>qEpJtOCYO6u2TXxQ3n2waOTJ/y09b0WOfhaeYJ8KUjc=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.secureStoreId</Name><Value>n0WW/nDkxmCFUAvRnym9nYajZjhFrojKBvxg488j1MiLbEKxyKTUBSb2ZcVS3SGn</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.secureStoreId</Name><Value>n0WW/nDkxmCFUAvRnym9nYajZjhFrojKBvxg488j1MiLbEKxyKTUBSb2ZcVS3SGn</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EE7, 20:22:45:438 - <NULL>)
00010003(0x80072EE7, 20:22:45:438)

Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0x80072EE79a8645c4-8908-49bb-8eec-6671a533b17a

Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0x80072EE700010001(0x00000000, 20:22:44:673 - https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail)
00020001(0x00000000, 20:22:44:673)
00030001(0x00000000, 20:22:44:673 - https://activation-v2.sls.microsoft.com)
00030002(0x00000000, 20:22:44:673 - 0)
00040001(0x00000000, 20:22:44:673 - https://activation-v2.sls.microsoft.com)
00040002(0x00000000, 20:22:44:673 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 20:22:45:360 - 0, 1)
00040006(0x00000001, 20:22:45:360 - 0, https://activation-v2.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 20:22:45:360 - 0)
00020008(0x80072EE7, 20:22:45:360 - SOAPAction: "hxxp://microsoft.com/SL/ProductActivationService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema" xmlns:soapenc="hxxp://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>ProductActivation</TokenType><RequestType>hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xmlns:q1="hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[1]"><TokenEntry><Name>PublishLicense</Name><Value>b2dEvdnY9AO35wbyPxXnuIn1FBFNNGCBd3JHAJek+dIjEyvOBrvce0dhfWUL4E9rgPBFIXEm9RgqAvOjrTXr7XbnH4nIhLqTL2eBWjkfHp1fWE1Nn5+JUTOQ3Ah4s3RK7OlMMqEh7mlFbY9k9DEtr1QFa5k+1T3Znnd65YiDcxAoBgQO/dg1vrte4gaVipVSoCKZtqG2Z4EPzp20SxbsfkgkqZXLrW5yKj+V2ygRKZ+mJBa/QuIjNjGwwPToMVBkGdBNV0aU4E/bQTerHOwBlXZLKSY44nbou7C3fUnouvos33BPhge4907EyzFo2DrX5JraRIBx1axslc0EWBmWvubYvtNgwmlEthVhVFEY8ux7YNBbf7J9VOsALuQQFyx3tGhMQNziyMkm7ZBaBKZPNDittobrhT7UIBhJ5ONm0V42S0Laj9UfnJwQkiwR2tYvZg1SgeOZTShxtqp+S8Ncl1FME5tAzs6V2a/ExBBIQkq3TFzMDeIA8AP8zlOvwz++5rUfH5BBTfP8+AXxseqdHDsVbKWKSigOxG5URXiUql3sr+FSB+4Lq0owEqbXer515sGXuk5Z8fBYAj7RXVdXlgnxr+aSYvO0JuOhzpegkTeBvMhEoTDosyNsVcsjAVB8uqORvXzyu+h6PG1TDLWkc/ZtXnAi5xJ+dqM7z0JKQYqLIfhe4PIugQ5VY71pTdobG7at+lcf6gLjSxKpkaxW6hiHmCEbiZlwT+6oNtd8Mr+lqKpGA6fAguWkeO66Nh0OkZDqZotpWsdD6aHxaEH0ENjOkgohdzfIXaxcyFuxwRbyr/bDOCYnIoA9Xr+dJRPsYx8mZE8o+Pd98f2DMCkzs+FWjJRcXUhBw/u6l+dvJc7NY9GZGeu8U5EfcDX4CslcJMoIsqYOpTi+O6uRo8+JPCPu645mtE2N5PJrki4hI2EG7IIFi3IpZ/o9jmsQTNkMlzAo4TeWj2GLyvT06ZRrZUo1qMlGbsaulCf7vOCgYS5YoMwE4iWP5oKRRQur3Yb1V3IFDxD//vEF+wRqQ3Hd8dSyx4XlEsZgxlfGd7SvHpjkZMNIzlagWHpRPOIhqSWGKPlGSRxgYm4O7sBsGCnJdqP9SesDmbbwN6ge5VgD2KACSC+18fOTh1RE+q+09ahprvEOFmssqgG+Sf34ob4x2mU8x6E4SPSvC4KqkEZoagL752NBFIDCUGIHwQWRYbZDW77FbrOiXeuWVk7pztIecj0/IwmmfT60DdO4znWF/Ue2Bxs2n6QMxbjsjdRae3+0TDhJaXhr9lr6/GesmeUJcgvi+511EC2jV3T1GZdZynxVMerTqaa6ygTnyjhxqh1did9aM3cONKoKsFu/1oiN225/LcCCYa/SYGvmo1El7F7QZ6RbYY+kMhuD5Mbj1JjH1jigd9NxiOTmT6Pjj5CKVozb78X3nPu2W2tqkUkT5bp2UXrKx6Db6iC+7mcyK1lQaAgF+8GuFbvrHNoabHhJy0pHXPuc/NIHmBLBUkcp6L4mk2YpZK1qd+OKgvjGkr9gtfK7ZH4jkqLV33tvOpVCg/MhjK/pRJZcI0RtDjpVQHh3+sHPiqKJCdw9dEqtPZHfobsu5X/r0aD5n1xMr7iohsngEXywpmAfG+YkrVprO8O2C3sZxQNdjoCky7CSegdyXqSK3tfXM5gWSwjXsS5ma1te4iCLzGChhp5jYJScSYsMXkFOjv7pXSyEx+1Gxp9XFOg2CFJ4MgE9ORpOAzyrCVbOWhbHmPFfpkIMJCoptPCLpWOLWY0tmmIoo6BD0f+p7jMsHvGroiWJ37ynYNl+ni9/i++NG1m5RU+I3a3C1+GEHiu1KV/iRAmMKHORgAS/l0ebK0D1AfZhlrhEn6FTaTuuqiLJQKjJezUW1fJ2X3WdCC2e7jXoaPLQkemcWZxhn0MbZ/X7JOEqadMDrlY5N/xubaJwzm09NkIlLzcbxr/fWIcY/tSFNlj+Ez/+MFs6fCzo47rCMYNpAw0m6eIL0pSoPDodlIpKbXSTXdb84ZF31j57Xpfs3jMvE4n5ABsQHn+oHB3kGcFK+47aLlZjr8u26Pl/stxQT6uVm1GXuw7t2y9YD7+mkW+D1ZCvnwgvu4Uv7imJKo4HWLGly0eXMRMPpdcG188JY1IDUMoqTgWmf5OdohOTgqSC/hCO5BoEv0mS1eMz07+nNlv/ivYoCHu47zXADSZxEAweflZTAyxmUObghH2tXMykuVheQmWDaH7oEfsFRG/QNtXgPSx8MiBM9mrYzrfWHm6a0fSSTK4X6kRP9Lpb1Ra2FkhFqfmKIjkG93LWd2fooCuinHvh9zh2uXrX+/uIa1TVIY8zUe1lkBUVA+/S0ODnXi0DHDHbksM5/1u/Ib/T/ihkjcbPwWyF9rph2sqUVAZxG870LtWn5lwK5bM76zOZ5e4GkFD0VYSPHPbUSei5cqlH5DuxmIvNdcLp4z4HFDMIKxIpQzhqdN0n1px7s6ZRgtp8kzIH1QvTvdu3wlHmM2cvRnbZtUR1pZPITFXc/+Xvuzm0nHHoza2lngNgEbMKoV0gFqOy/Y2X01S73sPawTxeTB5t/kr6lORnTWHrUgrdjBUuFJHnQYjMR1b2Iaw1FSBloYLHQzw/nUzh/OUrRIWgyWAHIOopwB11tlSgeUjYkz+v+YjOBl03CGf3hu5UGjzEmII7X7OsUVZI8qvs2QL2Ci7+NvlFGqZJaY7qbGsb8n2zsfIm+HtlSDJFggmJgYK96b8KbWnnQsd8oF96MM42c980VsS0fwC6r46SfdewtdVbRB94akeE6AaYAaAjQnvhMEiWup0MOswVIK0F9h/2+WGklRw2mvIedltBu5te8pu8qU5sxScER49hug41MXdtU6bypnFNScJuM0dxEtU3vJYg0P/5d+wZIKeimdXdC13DVJT03SPEv2cUDGBAJ3EhCTx+5ZS9em3fBhJ1e7oapravHQHGDJoCf9voPsgKWvk5RrrcUbq9oD+uZyDv0hKEmx7etu15/8wM+3tJWg/k1DkFM+UahiF2TE9g16GyajHQutBbcnTT8wPsmXQrqUOtrax+WoGfxpP/cpwj+ZnxEZ8w841xFLXsVGFHIjwsY74aCoPoTGVnqwhis+BFRE0/GbXLqIoLCAnYODCRf9nMtzqdygrYLgQ+LmFyq2jFksJxM4m2nXLpeFWHzyMl9X59m9IylBoxiE+reL7nXpqp0Yp2drlJKgG0O3/Fy5GJeYiXB2kZ9AymkBrJoJuPMAhwOVKnGahqtHYz8V0wNMWSEzZUg1horMUA6x0nwahF0gC5OTXltPOTGIT6U/PKjocTF5K6SVw+6r6+wkhwKcsHU7buuoE4er1d8WS5OJBlRCh+lwnWd4ezzkI1zNsI7omS3IHAiNsRru5IOCo851inhJZVOLRorXeFceR41JE3yN0nFfBhj4oflzCutCVCOLUxMUnXQhYaDlBSyrWx4lckqJYCmi0MqYwn5GR/u9jV9tJ/sHTSG/8hWJikpa6OB31aSadhmyoVagMtFy61tvEHPObNghT3tyLrKI1Xkps3o4TAp2Nvj6pmCZ9IWQM+KG1J7n+IvwKNCacs9CPvMIG9CvzOa+ciE5onESP4EQcbJHluJBMd2Hu+oZiYrQ9QC9quIi8KN3QSt9KywkYHDwAOaeiiiIjB0UFqFlDe5khiXlrYQNfASnzrATSNClbMmwUi7NADaipueYqBhytDmARfbtcL5Al3YHrIf/kEvNpbvnbi+vrNjfCyuHMSaJwUCwiga+vkaEYYDwFrQmd9h5jzj2HRZNL8PYMazAgTI4vBup9dsapPGZjoz86avMnnD+BD7SRc5CRzT/l4qL8vShkWh003rR5/0Zdy/w7xyZp9r07wmpuDPRYo0PGVTB3g4/Lbdcj6K9kyJMZStVjffvIvKPgCr4jrO+NwpBNjxrbr6//NyJ5zhp5GNva7xpMKZaXUiJt0JHuJVsWC9Mvc8zcTGSC3B+O01iE304N5WbBg/JXlQL8QLSEdPzA67Vtc6wKHjdrHoWbrpwgLFKgxXAfDtYm0l+4jAeCGPI3FkUJPpooobeSZKmOi8xYfC+P2P/dVxukdfRzaqboy5dpJ1KktD8SaxwO29U4bksG1Sa570wphXciMp65gISGw99Z48H4jKwbmAsC4Eb6A+wzo0eVSjz0lK89BmnoVSBylHSMBruSYWumxN4pg6fuGThWJPgUfRJlNsGyCIvjrUgqWw4kRz7NHKF1XZZR6g+3OHHmWlr4TJmAJTZ3+hoBI7M8r86+sx3LdD+jisQ+wbi0J7JSsr2FBPoTiMZOmOPzLusvzirIJtbr90yADrmcx/DUGw4E8Ve/oKEpa9f9Il2oPeHsLHkEyblCoHjXisIV67WRlslcUQKYw60E8B+ItW2uAVsfZLh+LRZkFnYMRcfQc+qk2EtkpRYkefG/vq9xLuYzwYnyk/Vxav8yIPg5E1EXbUmJG7TFOlpgGqotePyZlfelkapnq4WdU0t0/RVTpbwfNcKyBfC5BwIT9j17nHtj/u+7dEUj9xM03ZERmwukCSZnS5vXw38g22p57KJHqyE1Eo/OFCMvZ33EBeZImWWqhnoQDTBZdcSxiyGA6KUXZhaINArmfNE8OmYvQ6zzzc1eJdN7HBEypbKxLxFJ3Llog3GBJDLSiNzC5vD08i3v77wfIOmwjSiDotkFArKSwHPnRNm8Jq0SN6yBnIEM9Xdwuhuuk/+ZuLtXiP4F0+fd8nay8WcR8XbVHS9M9hzti1JwhCxZej4Lk8EzgPQ1mwQ8LS5WFC+H0DyfXlSStMlYrelTajNVUt5yVLGtxWFqPjrtt+4POPKXFWWqMW6cMo0YDF5TyR55CPfB+2VBmAryYm7K2HZF+KI59thhA1uEX/XUrMHidsM9NZoIQfHvZ/px3fVZJArHmd0pINA/v80uQeHr2Gd31W+h5fPz82NS0EBlhzHIUECt8/aJ4IujBgTJDs0HPHVzIH8btVTv7u2L9t9JIWBX/YD8Vj3ykFQ2o9rDXRK57W3iAgqEzHRrFCFBZbca3B0MDvpDZTNyRGf1hPMw8okqQk5ITPbRR/n/7RSHfLmyuGfODZ1SL3p0WlSKek1jAoAPexiY7rfJRCOFbH8yq++4R62K2AUKJqSi3VH2vDh4ZXLLmWLMOrITeRnPkkPijpee+XJwtdz9GRZ1qoFkPW/lk/xfP45aYMSBscaJcuDlncgJEjSE6bWVVtC57XbKvAjAFbZXV2vCWNFRUa50hFRM18jC+0Y8LOrGETOGJrnj6hLe4XIaoeYel3ZW4LyActa+HNSj/B5BPw8J4zuGmGaKhJLv3TrlEdzGIfKeJ9HTWB95iEKQcAl6mTBcPfmYOPRtG2UywwEyI/ZtutZ4uhRtxixSs+XQwL5GCYtdsbL35Dr1yY9bBU9czOW9K46ki8HtFo7GdvJRseEMsYtOP0Os/6ywJWq2dkrqHGibyIrJ8saAOR0Dg/mtwKeRBupFq1zRH+TikdMrpBIH8DW/gjs81UiL+TCs9QUVYn8ftvVQ23JTXeObxnvwhle7g6pmE/2XzP4Kc+U5+hgfPzbshJVxuBWfK+YZB51Lcsu1JPYVTGChZ5qRoEHHxDQHxTXNE2+XzSg0UI6b/r4acwYBJNTbF6xy1hGre+gqMQxayrtJ+gfCGq7v0C1ACLNCK17DYfJNAcW4kJqxIld7kseUbRvYV793AS57UeV06wCFNd9Zmyg/8xutNWyIIvzS3W+7Nj+54sIBleCUp7TEnIy7F3tiibon0aKLusbl9CRRtoJzTwSs0kA5s7Zd2FpPEKIuGoQOSLQLF00LqpCW0/x91HkVJDh1BZeY0n1BHASzVBga2TvVtnMA8sv8LBv635aLGZ7YeCoIJc8ddeZh9I0y1AT5R8bc8rkAYwDLN2G0cul+xOAZ71c8jeA36XC5ONYgjqSS0G6+T9DY1SPe/kgbl/awmhkoQR0zhBnne82/1aN1ytAivBLcxgpJkw7Q6pAbFAZzhqbqAX4Hp1mv14mGFPu1Y322C04zB2QCPmQQ+/+CNiFnP39HFK7Utm8uxMOTIIPHZO3hxdGVJ4epA3/Y9+ZQHOd7e6blskahApz+tCgALFg4vuaGBmgNFvSJzgcCnyv/w3p+ydVVPxC/fM+XMqGPwdFpznl35sCDh1NBcuQZMmcuCuskEqItX6h6Tc+IrZFX9f3SPmURc/RgdGisPs7JlIMfOpYw0b9vOL3lR0ByPqGvY08mhvTGDr9KndlaCpLS8RBm2yzxFyWbolJNCQNf/VOx44Gied9UIKCG9p85HqrCbc9dd8Q3kDfMf6hHbRFGmEPa8kSBzJ+tS4d73/CTboUWkE6D5to8YK0ZHFCM3t/sJMFQM54gR0/I6X6G1PzlRPYngnMmVWW6IncjfjbvpyXjLommqsjUmhKuOF/P9fYtLryvurneLq76aa0CccljNe1Rx4gUJTLIvJjmHilheK2OvArs1w1b1g/1pliTu60rqSrALIlu5Gwp9EZnW9832iiEDJcY3sUfJbabd83ED8ygonqmfoAow5pLDka13HWoqGtkjADRRAKc9WysDFAiBytzVH+fcM0entaXRALO2bjS0+tF8h0TuHZdnvdTOBQV54eM6q8kEV/C8VIC1nBjlFVnf8t4wFsde3rfzGatcSKvAE3UXwytjtJfjyOxyDKwfWIxXi3MfYJF8slUrOMywcPG8P9nFTmFp0lugx5BuAhG68A+G5o8ksJF4LLb9hy98WZsczLsfbWbhm3jeymIe2DNvsXYkfsvXGUaKGR+KfeK04UbWDmIbkZWs25l7H7h/QhttLMOnkWNLRyT3W1jlXz690XSLxyeWp+1RdPb9psnTf2v9S1iQdnvV8q1ihgqbT5CS6PWnEosegl+v2b+nw64SzSaRVXhLwQdkW6qnHvBVFbx86B4CmA+BmAxm1uGJGgBrO1in0sWWfo9pLbw95IEgkfofpMaWNKYao6BHE5Vdyq5a39hVp1LCTbVTVRQlQ3MFg2fLKKLUzVDY3086u8JkqQSCfqy+c2iOltC8SrnQ/Bdwpv6fxgoIZ+1f6F5PQwFE8IgyW5otnQ/G2BrU7Fk8eNKfnkGv58K6gQsb8iYUhVkb+ySvM4UMoglrK5gLA4VyshgOBpDTnyyQbpFXCr5X/priZ7PQEzeGwbPSdoNjeE3ixNkiiBXeIHpiuTDfM8VVWdTx4/PEDhI/y5bAKDlAYBOIuHG5rRjaiBsBq6VCxT2bB00rxJ34bp5oY0jgp0fdqivlI9FAn7tZ0L/a6Fac+YQukT5PYz1I+ucF3QNvePXEHROnmlHjuHR9Z3IigVsOqYZq6MjCPks35DIbP1xo5ODkVW5Wo9xnWubJzdpFhYMPvwkv77+XDJrAPCR22YwyrbqrrLJtalDIGuUMkp71e/DuNngznaLy+xMbKa1HNt3c3X6nu9qXw9shvR/HXpOcoz0mLjYX6rOSC5kWyMZpAs6e0VZB3Lh4I/hoelCIYx/mcQHoFSpUcXQD+cLmUWkJ8W4MMdCik8MdAl5RRRx1c5bU3sK9uUlpTBiQLU+TniOHdrDPakxAi99bVXMmBC98DIzZ8lY2osZm6lrLnrXyLpPkkeUeC9xrt7RpbZ1URcn8tDVO7TFnIKex12DfROr+GOUhdPWcjzcLvs1xU6Frilee5wVdA9PvSZnIx4jlnGBvtb3euNf6dN2c/HGYOuBjbMgEKWTA34AYoORBHwdOW8B4Kq6UVf2GVoXAxQd4/obFcofLFOb2rzA4XHM36b4WzsuhB4uDoPcKtIYEMCbuvevp7DfLn+dWQQhrc6k29caHh7mkEuPYtrcUZEZPArpTGlNQTXf766lFLvBqRGN01aKq5oPx7GldHWVn5mM9pbhPHiyZTwC22e5m/GTmXDnH8BsJH0hRf4cUtCdN95ID+DwoRNVzQUxQAT7DTksQqwslNATqlvXm6H087OuHjpcVEwouzNhgbnlUp+Q1KehtIJGmY9ZP9xhqqEB1zZtvghte9evlJhEe6M6cZPo1VmBOhRF6nSzIXI/5LU6nnc9s9VnkUN9q8BGvgCe1FoUttSxRyMaswtw200ztoTT3n206VhEScQQJtO1Qa5np9IHA0h1+H8c4iLoSiHCxU2vnK74QtN0JF38ZK6bMbMBXZuOF94ikykUiqntlRahHLw0+luQ0pwTLdiHlLpg1XCNeZjdsNRab6xekOmzYBI0T3Yv84n/A8ErgzVXKo13JyfgXQNgXU3KJLmRbAiAtTLUVZdsyB2Gtp2944pfCjuuogUeVo1ORq1IP0lsQ/MLvr+ntr9FlyWDCEVjToAyWOom3LQfshe1BNE+NgNCyyCvgBD4PEKixArLvccg2WKegUX+prNFSN3zQmBimjl/HMafqEhbf78Q7KYXXQajicrPROlRK0/NVhTE+3vJUOMzJ9+0HTo5H9q4S2ZpTnWtvoSLnHPGDsrthp31WcXiW4iOxdI5ZqK23F9Qovp9gzZPt9AdC1P2ph3bsYDohSY9/8q+1jSM07+hpWShLae0yn5K+J8/cFe9iJhejBn8/RlJtQyC//UMghkB3MYArzRc6xKCAY0G9dDIe2jd25/QeZgfU+sEL1jO+sCO7gIVBUUbXemY0korBTTkSHZqB3ln9SBpPXN4h/XbNxqw+emu1eULcBuBrlqin/GUYBxOJE2wEOYSP06QXqTI9O5Pxw7kdp8BqYfhAjkd+rLtxUMd+8NdKNcDSXWTMw/gX+lCBv6MvnRaytGVjXuh8ws+pGR3lT9XI1bVWxCr4tJJZBGD0mwZ4bG5KksqcHNk3oSBQEl/TdEw5yg8+WLJo1L74qFSNNIHP1ealjGU0Y6tNG8Kbsfh4KvgaT5KbtioHSkkG0oKV7bP1xMf5CTynYIJ01Z7D0F1xFqJ5g+FPqlTEIUHEQK3Te4TkcWSsn/T/Jv2zmU8tp9KjqZos+5xDT9ChBoqxlZZKryOf2h4Bl1c2eNynveAE5q3COL69WMOPKpaUs/dO1sOuhnjXqQcIold0vNS/rRS8eldT15lhggCvxYPBfLLedMQQM+RF9Z+VFVpxmDitT1gYZMKEcG436rP5XTIvu5vuZECLqLxq/1XTXFdSHo18g7EVHle+FKY+KgqaH+qqHsgoVb4rLGdymxafHWLmYGc1VJf5iUO2qNmOPOS+yPoZ9rkuHODYTPoHkDuA1bM5QJQJN/IR4F0PKBmJtWMy1LHucgaUwZDhtBYisDSnUkOObc1qMt2sPAIGEU9y+br4OAMLcP8Y8k5xZnPf/vvUV01E2X99hwxK8o8GHOTUCzNe6rTmn+r1syLPep5i+CI8l6t7RFm0susVJNyIXbAUsmu8lodIMiPfsQvcVGw2BB652AHVF1eUKlapdaUhJ0daIA+7JID0xHweVZk9J2ZWpe9B3D8f0WgjK7UoB4cvGwyBdT2FKOP/6oFg3V0p1gSiJWpKVg0SAm82SzgHVo+ih2J0A2POZsqExK3Wls4yleYUKhfbaRRO+qkrEAjcg7FrDROL6Z5Ej9hYJQnSlpsFt0UwMAhbMFLqZracTkBbgSOwLSf2Hsv6QxbG8afcHONtBs4u5+zGSvtizhOSti6NYXvC1o7KnbzZw/Yb8TZCudbcHpaKgRTHcXml8Zvb6qUyl1tpmc2jCdheZhul4DbyHxLyaFJIJ63DT4QT3x4fXTFCuDLrLivFr9YpNt53gngVVH8wbhs/OsozZY1Q3eE3jeEnt3yLqv5XcL4YyI3QnDlyFI6kfT+2+7OoNPRcWeDmfYD1FhfsHHgg1h5zZq11mbR75SPxF505wmQbT1iSPqXtfOHtUjej2/wx4ujRCzLxYZruH2vsJ92TVordXK1BkdW1pj4hKZm0uqHKrCWvlqu9PwGEZCVDaNq4lDx3Lid6xCVcSik5KjppBDZjQHEynWqlwy+8RaOtpGWORhTnbNTm/Jh7wUUFuhhIZHNKsOJHhMd2InU9Rl20KM1t6WkBH/tZpCytFZ3TF8R3EvZ0HzIkHQRah7cKMTeLHcWIeQzmGhXQM6QVUjhllyhsgu5ZC0hvoqf8duTjw6ZTyqB18ZDGNHMyTlj4cD2LIPzXNxacoX2RohFRQyYaEY1MyW68oCcphqayI3oY/6g6N8k3WUu5pK4akvNBiZdO6YlGdm2V8SqL5xHUco+V0Eam7626GaZF7K9abcYb7c4qYXLMTx7MKdF3ZLx8XaOudVpVw2sUWv0dCGZ+EwRcrOxwwNgs7EjR+QBpgQMcHYCc7+2Gg+gbMQ+TEP67YvWWod7knQxEFMwbRjmMcyFOUrC/GAaIFSxeN88hCr+rTusqlOmlRnkcyXlAW2Yr0bGlMzGOT14oeBHzox3fGdwha78axL3tvjllS1lt173j8Bupt8T2WGrENNabizd50VM/dQXJvG4NymYqcVzsx3HXs6N+lZ9o3KjUSPp0CgNjwqAktot3HqdmYPC6Y3Fnd6n5B8lxdqPNJ2G4sKKTt37f0sWFc83fepfu7TynlrDLclIx3fVqKVVwDqdoGE2RBy+bIOtU1kg1tJPVMvyXS+ilmyocUe5/tqo+gL/cLkZAkvEJBD+qW9IFOpjvplZxFkhq1O9JiEcvPjCHZO737a6FTIPTj13uzgtvF+PzYO6nCFn4bpX3fPFJDrYH/ezYG/frFl81GJa+Nzrs7kZBKx4eFxvoJhD0KJJ5zHu9vb7YBQLbJ5T5qrBhZfEZ812Ni4AWkeHszBVkxctQB5tAE3dd+c9YfVHJhc0wsHBgfWZ1sHG79mVtfxzssnBK1MnIv8XjkxrAJuBa0PHUze2N1F10WmuWv6ubH5sLStO2A59O4DFTngPH9AHqeYT2Gdjin9TFMWaL3tOwEIyLZsbQ8s2ZC9jVtpy68lMc6agjMiWnnd9r3AzS2C9LJUIdQp7rqlG/aVu47G1tvuGaZ7FhAEYOVBd3vXx1AO41e/8yVHVtKpBraO4zj8A1s4k2qo3VAjGhdenk5HVLj/WPktydfi+oYnOdfO2tQNiqF0eX0+e5Y2TZ0ErS3ZwVPKKg8oNy458EuvTYSra218suWkBCGhBWzpbd96n0LuO1wsB97FFtl+wmu4r4Nk/YvI96KJ5LKlQSuimHCViNSQRuqjV95oEZ2OUiiezYKbSHS4GwX2U0cr9f6b1Z7Zom+8eL+yc/4Bx49qIR7vTNPW7wHeT2sK5n6POJwtPLL96qG4Ye0ALoHFX1R5wEh/zBIzjQOthw5k0N6OC0mZvmfOVdVnahqVU0toG6k9mjaJ6G7+KARNAqLSPqGFTNeaQKx9ZO1xXiQ/XQT1YPO1nH+QZs19RsL9GtZZM3gYIraRAheKECm98KYWJfAXMawEGPjSVeCaHyj0JeQ9attnMHVis6Pwc/VDYwPL3ahIyBL3qS5ACcC1P51tCW883niOIg6YYPsU39RuT3OrMFvZO6yLVP7x48iyJ6mxs4hqGsNiJMPSvMWfpDN2NOdxuRvMVMPhHtrP+tEpSjGZdqdbkGnKXigBmdG5ren/l3yjlbkWoVQtGsTnRhXZ8nPo1SHwi403UnHIHb3TH73YK1uUmIAMBjlevDp51vnMinjml+36umViv1h4XcwKNbBPyY8zcTwZWPnFfEp6ucBZRmysif9KffNgQgAh2IvTo4H6/LGg5nAmSYAwe3CqRoIVBz1Am1uFqL2Ig5qi8Bmy0hi5USjC6jT0r6xmt3GVB9PtNU6kAU+rOHob9XhOLGUGdymHbDvnkAV0iEqfh5ZZHZpFizmtdQ5IEecaQfG32/g0QV2vDtPoM8+0F5V3i/y+xu8P26UrdwUjuz7tjLkUVhSHy0klHzc8htYy7kiINZI77O2EYWLPST5XngQPnmVQObBYLRyUHZBwFu/oaOa7pRwbRifHwBgic9Vagbv+//Sj7leFL7RcGPT2SefV5GJvL/Hmw2YeqIdzwrP1ZvpgEQRd0aqRYhN8XVUYOfJX0rtEv8pCVR0cqIDeXDirk7DrGqyxGjzvMU+mJkca5YnxKH1f7BNNQ3ZUOKK7eVsRakyR4xIzXAngLghc8sS5aY6aI00tyroVRy3DJi/br8Gc18I5Y5K5zKf0WxsCNpSGtgOzUb6OvcH/FvoKPGfYSS8iZJsxxTUDpSzNvjCuQv/Y94rRLLln3kpfQgObJxGoGkXPN7vgMXg6ks7IW8ClKV91P0IvHAOfoRIzT85s8lUav/POpWumzcOcbTTn5ouayq1Go+FVQZE30BW6W4bsISA+RikXHd+QgYde+Xh596zWiY+NI12UrNnxFjHzOtDQXKhSV7on7Zw3P/XQMD18qm4gP4xIRsVA9W2qGbyPzFSTERTF2hVXXsv8ZXTSkcLDtz5DZtAxhDcM4DcgHG0p8YdqbkCtlxx0cpZGFqsvDpcFRHfhPm48y2HEz1Zl7kYj/ICjvvLAkCNH5Jh4GVh8LGZ8aQJP9sBzL7jv4OAHGQ6MeiD99lDT81oJeYu6eJkKyxM7V8SYL9MtEy4aqQr8bDyP16hWsShFAN6RfgJq2Hczo2ef2mnzKuTQch35/8YESU4cAQ9JrFJ/FFLybq59uipusC19N8n0+W7Jyen7eznUMHB7pmN9AHJ8LtRGp1zdZsKHjFFOGF3PYoGZ3kMNvjCVwAGKoAOL78DESh7hm0XLcEMZyPF2d1kcTNDvezNHXoEbI4eKOxsRuX4DswgSzWQS4et5Rkcyq2aAJxDEs0drkxmM9T56e4WZwi2pYcf69GkhRR47afg9AXmy//9JqVyRU19dCYMAzJNPcVjeeUN7OOYL9wqjJlD92ip6J8ghFdV2EBpVS5FG3J4uFUIL7vBxxN2wlNSfxvUIJo822Tmn3x15MdLQ6X2VjgolzEGxtnF0QwMpCOX8CnZhoA3Ivq/d6IF5JCbCEQLTtNpxUIcdU9UoGVlOcm9/kQxhTgPE8KaoyWfbEBkUzX4wohPoxu3bf8vYm8LKSaXToo2VmLofuyh5/GHz7pUAqSt5n5uxXXQUPRNayivKTiT954i5ZDL8+ZPQFNOsrsCFi3a1BLiiknIk1Xzgv3fVbD1Vpo96wIKbJtqERFulJl4n//ethEDkT5SuW1WAOaLG0IWZGyiNhrKtwVRKA8o3+/GxSdCy+zZ72Rv6PPMn14Xe31IT6iwJMu6gSZee2t2c809rNUMsSPs6qpQGb1fe7qDVs4eVdN/sQzbFuZu3Mh9aQx4OboOVRmqhhl3HEXAu1348sGP5/CoMQu0JhIBO8X8kWO+6+C5zNQrni6IkzRJXZbrv2Zp9XGyLmV5wq2vhsvFEDFiDDor7YEbyq5r210osZuNGoiQ3gGH2QvMYIY8KbkYkKbSXcUb8UJX8UJ1bIAYzKXPSaazn51+oNdZsz/lIQJAtngpOwqAHT7YzJnnU6Dou97SSJf8ZhAYpgpW56zrSjFBgImUORUCP2wrCEcrVKD8ZDCOPC2Pgy3kV3phSIQ80Px3wmKZJWD4TSepJAt6mB1GSHehrn1Z6XSyswN6j5ao6s5Gd3zxpY0RrSVkApSuCyaZVtE69DvCxRUObnce6joV4rNhX+EgbN85xKFy5YIRGeZRQi5xTcSAwpb0vMk/9u+gVM7piuViruOPmr3wSw1atBvSYpMhwSbAtysa5tWEZI6TlzryjdqeRLu0j88HuZ0vWqk6BOG8g0jmQS/k+gcF4R7uEdWRHLw/oUpGZPX10805pFAxow7wMlQB8y8wlUGRZlzKJMAMrAFGYntXGuFKgK8EBVLv/rW8Z/kbqK9Ctq7uweKyB6UnUzUNzHsR11tW6sTevxNUkE+duHQJC2qPavBhuL+X4r5JcRXIWrhP0dUck9HKFFAXarhq84Jxtd1ZWzdvNQMA2SnJmEuKUJUO0vBYDxc+kRIhzQFarYtE7XkjgKIiTggjDWUpqEeBdF+FyUeDnvmyyM9NlFMOY6hd+QsK7R1iJrLpSgKCa0898RSpSntSfBW8l8wIJOjfAIlKahEnE5I4ztMjx76G6+z0AyXFbGu2lZJCcWzBXwNp33EeIpz2I49V4AMCjykPGY5bOeLPIlQhgoIzbXRgXGtyYbcrfeTD9UIQPGyzDmyfMu8DYR2pGr7TX+gytz6P5xMZrhJ4yTaxDcVDROqazSg9Ns9heSfMpcijfIpm0vnOHUvXFXFboOJVbAbh3U2NHDvUTBVKY8cEXr8/UF/LjEGY/KQlBACvYFFFWLF9C60CZITyAhMW9FH10eKjuXiQ4BO/CunuodMd59d+ytZJ/OYjKMVGGEzjoQonsIcK4FQtdqnarrWRNaRECMNjX1YyqtpQUDZoPl4gGxmzhdImnH5x4blwgQ7dRYXwNV852S6KM6p63DlJpz8iBVqNjOOSgJO3SuFktJoiIfAOpixVF3lnIpgPVeT3cCjj9CIV7aJBk6swc+0MA==</Value></TokenEntry></Values></UseKey><Claims><Values xmlns:q1="hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[17]"><TokenEntry><Name>SessionKey</Name><Value>g493nGizDsrvwGZ8mw2eFT/o+XsgOnja9XMWSJkKN0vXan/VQ54WTQQQM0FqZMkJHN93BU5qAxxUZGI+deeuwjUudxafw1lOCB4cORhwn6bgKO1Ve9OeRgbtBsFIRqoe2n73cS8BQij3W+nxLMV/CBG4PJn1YMMH5rO0k3t5rIftRKlU/Mda4US4GTV2ZSHjUzRfssbat7W2gWuLIFFyGHyuCJ6MZTz/D/0XjbLJSLqERU8uhUQxunY7TuYWuYh+ZpKKwlPYQFW6QXrWZI4EJZY0hf54tTl6Rf+SOAq2dhtUOB7necW+EP5mRhng9XGtIIevJdMyeiBBO34laPaoSw==</Value></TokenEntry><TokenEntry><Name>BindingType</Name><Value>edXoVjG6IcZLSA+wJ1yHsrIOu5xt163ceyKuMwfe+xc=</Value></TokenEntry><TokenEntry><Name>Binding</Name><Value>5VcLeL/A/HFlvbo6E6DVglN9izaul6Gs7bgZ2oW12cV6ep60uwGGF0a0ExgUDz8JpQzkULHF3zKJ7oynRXSvNQ==</Value></TokenEntry><TokenEntry><Name>ProductKey</Name><Value>FmZutAnA57IaoP9/1FOQLmDgbdsaWwKt+pxLKOpLQ5M=</Value></TokenEntry><TokenEntry><Name>ProductKeyType</Name><Value>edXoVjG6IcZLSA+wJ1yHspFGW1N5pUWe6ysPjxAwrDI=</Value></TokenEntry><TokenEntry><Name>ProductKeyActConfigId</Name><Value>UINBSwAZ+myLWG6Ia/ZvdRWfGHBepg4pcTd4gAC8R6wSIUTikwooeznqfHUq0guuddONUt5hkgvD4NkZZR+eEJX7/BWVHdSFqBcnYKaswQE=</Value></TokenEntry><TokenEntry><Name>SppSvcVersion</Name><Value>upaUa8CXdF8tx/PLi1s5Fg==</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.licenseCategory</Name><Value>B8zmesyUAQc5H/5w1h9Gq/93PHDXU8OMGzSRwgXG/MY=</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.licenseCategory</Name><Value>B8zmesyUAQc5H/5w1h9Gqxqx+n2lO4NgQkvNM+OCixI=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.sysprepAction</Name><Value>tv/sKwoJCRLHbOhGUFaEEA==</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.sysprepAction</Name><Value>tv/sKwoJCRLHbOhGUFaEEA==</Value></TokenEntry><TokenEntry><Name>ClientInformation</Name><Value>O2+2xyuvz1B5Uj9Qh5V4RWOHgrs4vKX397OIeaOreI7rQ6GyWAFpppwq7axyEoykq+ekHlLDb8Gxp9Y7GnHYKg==</Value></TokenEntry><TokenEntry><Name>ReferralInformation</Name><Value>Z3CQy/lGZu4qaDnPp6Z2clymTqTgHlibBPKxe3u0UD+aVnDeszccdHMulVP1VVwy5t558gMaZhj9sHhhrAr+5Q==</Value></TokenEntry><TokenEntry><Name>ClientSystemTime</Name><Value>VL8Na3yu0tG6vjf96BYr3PuRpUGcjZnnZ6PudkkU9CA=</Value></TokenEntry><TokenEntry><Name>ClientSystemTimeUtc</Name><Value>VL8Na3yu0tG6vjf96BYr3PuRpUGcjZnnZ6PudkkU9CA=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.secureStoreId</Name><Value>ZFjBd0s2ktq6EYJSK1O3Srrip30r23gvv8EjkT6R/16Wy071GAs1VNUsy7EOBtUV</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.secureStoreId</Name><Value>ZFjBd0s2ktq6EYJSK1O3Srrip30r23gvv8EjkT6R/16Wy071GAs1VNUsy7EOBtUV</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EE7, 20:22:45:360 - <NULL>)
00010003(0x80072EE7, 20:22:45:360)

Error: (04/10/2015 01:39:49 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x80072EE7RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9a8645c4-8908-49bb-8eec-6671a533b17a;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 11%
Total physical RAM: 16335.7 MB
Available physical RAM: 14407.11 MB
Total Pagefile: 19279.7 MB
Available Pagefile: 16708.02 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.54 GB) (Free:196.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E10F5C09)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E10F5C72)
Partition 1: (Not Active) - (Size=500 GB) - (Type=06)
Partition 2: (Not Active) - (Size=1363 GB) - (Type=06)

==================== End Of Log ============================
         
--- --- ---


gmer.log:
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-10 19:04:09
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000037 Samsung_SSD_850_EVO_250GB rev.EMT01B6Q 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\Ogotox\AppData\Local\Temp\pxldapoc.sys


---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [2908:3016]                                                                                                                                   fffff960008112d0
---- Processes - GMER 2.1 ----

Process  C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor.exe (*** suspicious ***) @ C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor.exe [1460](2015-03-26 13:40:30)          0000000000b20000
Process  C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.exe (*** suspicious ***) @ C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.exe [1340](2015-03-26 13:40:30)  0000000000c30000
Library  C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.dll (*** suspicious ***) @ C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.exe [1340](2015-03-26 13:40:30)  0000000072ae0000
Library  C:\Users\Ogotox\AppData\Local\CopyEditor\arvfs.dll (*** suspicious ***) @ C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.exe [1340](2015-04-09 18:31:29)           0000000071d40000
Library  C:\Users\Ogotox\AppData\Local\CopyEditor\izeranv.dll (*** suspicious ***) @ C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.exe [1340](2015-03-26 13:40:32)         0000000072910000
Library  C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\tbfhxkzi.dll (*** suspicious ***) @ C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.exe [1340](2015-04-09 18:31:18)  0000000072df0000
Process  C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\cvcngm.exe (*** suspicious ***) @ C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\cvcngm.exe [732](2015-04-09 20:01:00)       0000000000d10000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                                           -1057907968
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown                                                                                              1

---- EOF - GMER 2.1 ----
         
--- --- ---
__________________

Alt 11.04.2015, 08:34   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows8: permanente Virenfunde - Standard

Windows8: permanente Virenfunde



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.04.2015, 13:54   #5
Ogotox
 
Windows8: permanente Virenfunde - Standard

Windows8: permanente Virenfunde



AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.201 - Bericht erstellt 11/04/2015 um 13:38:42
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Ogotox - OGOPC
# Gestarted von : C:\Users\Ogotox\Downloads\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\865c7f35000071a9
Ordner Gelöscht : C:\Program Files (x86)\ProductUI

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\406e900f-88f7-e386-6d30-4c0f3a85c84e
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:51129;hxxps=127.0.0.1:51129
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v41.0.2272.118


*************************

AdwCleaner[R0].txt - [1771 Bytes] - [11/04/2015 13:38:14]
AdwCleaner[S0].txt - [1405 Bytes] - [11/04/2015 13:38:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1464  Bytes] ##########
         
--- --- ---


JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 8.1 x64
Ran by Ogotox on 11.04.2015 at 13:44:20,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.04.2015 at 13:45:19,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Ogotox (administrator) on OGOPC on 11-04-2015 13:47:15
Running from C:\Users\Ogotox\Downloads
Loaded Profiles: Ogotox (Available profiles: Ogotox)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-02-20] (NVIDIA Corporation)
HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)
AppInit_DLLs: C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ktlmq.dll => C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ktlmq.dll [254560 2015-04-11] (TODO: <Company name>)
AppInit_DLLs-x32: C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\zeuvv.dll => C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\zeuvv.dll [127280 2015-04-11] (TODO: <Company name>)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ogotox\AppData\Roaming\Mozilla\Firefox\Profiles\24mNpOke.default
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-09] (Google Inc.)
FF SearchPlugin: C:\Users\Ogotox\AppData\Roaming\Mozilla\Firefox\Profiles\24mNpOke.default\searchplugins\Web Search.xml [2015-04-11]
FF Extension: Avira Browser Safety - C:\Users\Ogotox\AppData\Roaming\Mozilla\Firefox\Profiles\24mNpOke.default\Extensions\abs@avira.com [2015-04-09]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-09]
CHR Extension: (Google Docs) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-09]
CHR Extension: (Google Drive) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-09]
CHR Extension: (YouTube) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-09]
CHR Extension: (Google Search) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-09]
CHR Extension: (Google Sheets) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-04-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-09]
CHR Extension: (Google Wallet) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-09]
CHR Extension: (Gmail) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-09]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S2 CopyEditor; C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor.exe [85504 2015-03-26] () [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-02-20] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-11 13:47 - 2015-04-11 13:47 - 00007290 _____ () C:\Users\Ogotox\Downloads\FRST.txt
2015-04-11 13:45 - 2015-04-11 13:45 - 00001091 _____ () C:\Users\Ogotox\Desktop\JRT.txt
2015-04-11 13:44 - 2015-04-11 13:44 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-OGOPC-Windows-8.1-(64-bit).dat
2015-04-11 13:44 - 2015-04-11 13:44 - 00000000 ____D () C:\RegBackup
2015-04-11 13:43 - 2015-04-11 13:43 - 02686959 _____ (Thisisu) C:\Users\Ogotox\Downloads\JRT.exe
2015-04-11 13:41 - 2015-04-11 13:41 - 00001544 _____ () C:\Users\Ogotox\Desktop\AdwCleaner[S0].txt
2015-04-11 13:37 - 2015-04-11 13:38 - 00000000 ____D () C:\AdwCleaner
2015-04-11 13:33 - 2015-04-11 13:33 - 02217984 _____ () C:\Users\Ogotox\Downloads\AdwCleaner_4.201.exe
2015-04-10 19:04 - 2015-04-10 19:04 - 00002370 _____ () C:\Users\Ogotox\Desktop\gmer.log
2015-04-10 18:56 - 2015-04-10 18:56 - 00380416 _____ () C:\Users\Ogotox\Downloads\Gmer-19357.exe
2015-04-10 18:53 - 2015-04-10 18:53 - 00050477 _____ () C:\Users\Ogotox\Downloads\Defogger (1).exe
2015-04-10 18:50 - 2015-04-10 18:50 - 00051638 _____ () C:\Users\Ogotox\Desktop\Addition.txt
2015-04-10 18:49 - 2015-04-11 13:47 - 00000000 ____D () C:\FRST
2015-04-10 18:49 - 2015-04-10 18:50 - 00025683 _____ () C:\Users\Ogotox\Desktop\FRST.txt
2015-04-10 18:49 - 2015-04-10 18:49 - 02095616 _____ (Farbar) C:\Users\Ogotox\Downloads\FRST64.exe
2015-04-10 18:47 - 2015-04-10 18:47 - 00050477 _____ () C:\Users\Ogotox\Downloads\Defogger.exe
2015-04-10 18:47 - 2015-04-10 18:47 - 00000474 _____ () C:\Users\Ogotox\Downloads\defogger_disable.log
2015-04-10 18:47 - 2015-04-10 18:47 - 00000000 _____ () C:\Users\Ogotox\defogger_reenable
2015-04-10 01:03 - 2015-04-10 00:07 - 00000000 ____D () C:\Windows\Panther
2015-04-10 00:12 - 2015-04-09 22:35 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1772424110-1775628108-1297487835-1001
2015-04-10 00:09 - 2015-04-11 13:36 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A5040671-7C3F-472A-A461-CCC16EFFDD79}
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 __SHD () C:\Users\Ogotox\AppData\Local\EmieUserList
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 __SHD () C:\Users\Ogotox\AppData\Local\EmieSiteList
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 __SHD () C:\Users\Ogotox\AppData\Local\EmieBrowserModeList
2015-04-10 00:07 - 2015-04-11 13:35 - 00427552 _____ () C:\Windows\WindowsUpdate.log
2015-04-10 00:07 - 2015-04-10 18:47 - 00000000 ____D () C:\Users\Ogotox
2015-04-10 00:07 - 2015-04-10 00:07 - 00001454 _____ () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-10 00:07 - 2015-04-10 00:07 - 00000020 ___SH () C:\Users\Ogotox\ntuser.ini
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Vorlagen
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Startmenü
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Netzwerkumgebung
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Lokale Einstellungen
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Eigene Dateien
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Druckumgebung
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Documents\Eigene Musik
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Documents\Eigene Bilder
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\AppData\Local\Verlauf
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\AppData\Local\Anwendungsdaten
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Anwendungsdaten
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\VirtualStore
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\Packages
2015-04-10 00:07 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-10 00:07 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-10 00:07 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-10 00:07 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-10 00:07 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-10 00:07 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2015-04-09 22:24 - 2015-04-09 22:24 - 00002271 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-09 22:24 - 2015-04-09 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-09 22:19 - 2015-04-11 13:39 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-09 22:19 - 2015-04-10 19:24 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-09 22:19 - 2015-04-09 22:19 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-09 22:19 - 2015-04-09 22:19 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-09 21:41 - 2015-04-11 13:39 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 21:41 - 2015-04-09 21:41 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-09 21:41 - 2015-04-09 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-09 21:41 - 2015-04-09 21:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-09 21:41 - 2015-04-09 21:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-09 21:41 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-09 21:41 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-09 21:41 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-09 21:29 - 2015-04-09 21:29 - 00002077 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-04-09 21:29 - 2015-04-09 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-09 21:28 - 2015-04-09 21:28 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\NVIDIA
2015-04-09 20:41 - 2015-04-09 22:23 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-09 20:41 - 2015-04-09 20:42 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\Google
2015-04-09 20:38 - 2015-04-09 20:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-04-09 20:35 - 2015-04-09 20:35 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\Mozilla
2015-04-09 20:35 - 2015-04-09 20:35 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\Steam
2015-04-09 20:33 - 2015-04-09 22:01 - 00000000 ____D () C:\ProgramData\Avira
2015-04-09 20:33 - 2015-04-09 20:33 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\dlg
2015-04-09 20:32 - 2015-04-09 20:43 - 00000000 ____D () C:\ProgramData\{fc7b26be-6ff1-20f3-fc7b-b26be6ff9af9}
2015-04-09 20:31 - 2015-04-11 13:41 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\CopyEditor
2015-04-09 20:31 - 2015-04-09 20:58 - 00000000 ____D () C:\ProgramData\Packer9dc087ae-908f-4f18-9cdf-58cd3413437f
2015-04-09 20:31 - 2015-04-09 20:31 - 00000000 ____D () C:\ProgramData\0008d14346ba46409439f1f5f96545bb
2015-04-09 20:28 - 2015-04-11 13:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-09 20:28 - 2015-02-20 01:18 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-04-09 20:28 - 2015-02-20 01:18 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-09 20:28 - 2015-02-05 21:07 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-09 20:28 - 2015-02-05 21:06 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-09 20:28 - 2015-02-05 19:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-09 20:28 - 2015-02-05 14:50 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-09 20:27 - 2015-04-10 17:17 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-09 20:27 - 2015-04-09 20:27 - 00000979 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-04-09 20:27 - 2015-04-09 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-09 20:25 - 2015-04-09 20:25 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\Macromedia

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-11 13:43 - 2014-11-21 05:35 - 01686150 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 13:43 - 2014-11-21 04:45 - 00726688 _____ () C:\Windows\system32\perfh007.dat
2015-04-11 13:43 - 2014-11-21 04:45 - 00151380 _____ () C:\Windows\system32\perfc007.dat
2015-04-11 13:39 - 2014-11-20 20:24 - 00444724 _____ () C:\Windows\PFRO.log
2015-04-11 13:39 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-11 13:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\TAPI
2015-04-10 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-10 17:27 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-10 16:37 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\tracing
2015-04-10 16:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\InputMethod
2015-04-10 01:03 - 2013-08-22 17:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2015-04-10 00:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-10 00:04 - 2013-08-22 17:37 - 00002988 _____ () C:\Windows\DtcInstall.log
2015-04-10 00:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\Recovery
2015-04-10 00:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-04-10 00:04 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default
2015-04-09 22:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Registration
2015-04-09 21:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2015-04-09 21:51 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-09 21:28 - 2013-08-22 16:46 - 00013071 _____ () C:\Windows\setupact.log
2015-04-09 20:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Help

Some content of TEMP:
====================
C:\Users\Ogotox\AppData\Local\Temp\avgnt.exe
C:\Users\Ogotox\AppData\Local\Temp\Quarantine.exe
C:\Users\Ogotox\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-09 22:35

==================== End Of Log ============================
         
--- --- ---


Alt 12.04.2015, 08:05   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows8: permanente Virenfunde - Standard

Windows8: permanente Virenfunde




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Windows8: permanente Virenfunde

Alt 12.04.2015, 17:40   #7
Ogotox
 
Windows8: permanente Virenfunde - Standard

Windows8: permanente Virenfunde



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=46a80c3f7055b340aaa4c3d41de9ae45
# engine=23340
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-12 11:39:27
# local_time=2015-04-12 01:39:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 5921159 0 0
# scanned=139408
# found=8
# cleaned=0
# scan_time=504
sh=CEB8D59B9A1652CCBFAFC8CCA0E6EF1DE0F95855 ft=1 fh=da2a004dca05468f vn="Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ProductUI\uninstall.exe.vir"
sh=FC43D0B782136DD69B1342ECA09E5535C7015004 ft=1 fh=c71c0011abbc24ab vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\cvcngm.exe"
sh=5E6B1EE002F2130A58AE5CCEC8D2E17D4DDC522D ft=1 fh=c71c00110ed4918b vn="Variante von Win64/Toolbar.Linkury.A.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ddldxowo.dll"
sh=65808029CAC0FB87549557D02F13FDE09C308187 ft=1 fh=f706438655ddba66 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\djohvpvf.exe"
sh=BBD0B7F7445843568230A3C7CCABDF3B54349D1E ft=1 fh=3614f6bb1a5023c8 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\mouou.exe"
sh=740CBD99FEDB9C8BD394E07BDB48F07B82A1F492 ft=1 fh=c71c001184bb3793 vn="Variante von Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\rfme.dll"
sh=F6389A956DE9FD2471954F84EA6386CE6FAADC10 ft=1 fh=c71c0011af938b92 vn="Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ucfgcir.dll"
sh=2CA13DE81EB039D851339BEF387BB9A080E8E396 ft=1 fh=fc57b18e9842a978 vn="Win32/DownloadGuide.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ogotox\AppData\Local\Microsoft\Windows\INetCache\IE\QRL92YZN\avira_de_av___ws-Download.exe"
         
Code:
ATTFilter
 Results of screen317's Security Check version 1.00  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (41.0.2272.118) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Ogotox (administrator) on OGOPC on 12-04-2015 13:48:05
Running from C:\Users\Ogotox\Downloads
Loaded Profiles: Ogotox (Available profiles: Ogotox)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor.exe
() C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\cvcngm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-02-20] (NVIDIA Corporation)
HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)
HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\...\MountPoints2: {56303fa4-e103-11e4-8260-d8cb8a3c36bd} - "G:\LaunchU3.exe" -a
AppInit_DLLs: C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ktlmq.dll => C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ktlmq.dll [254560 2015-04-12] (TODO: <Company name>)
AppInit_DLLs-x32: C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\zeuvv.dll => C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\zeuvv.dll [127280 2015-04-12] (TODO: <Company name>)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51129;https=127.0.0.1:51129
HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ogotox\AppData\Roaming\Mozilla\Firefox\Profiles\24mNpOke.default
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-09] (Google Inc.)
FF SearchPlugin: C:\Users\Ogotox\AppData\Roaming\Mozilla\Firefox\Profiles\24mNpOke.default\searchplugins\Web Search.xml [2015-04-12]
FF Extension: Avira Browser Safety - C:\Users\Ogotox\AppData\Roaming\Mozilla\Firefox\Profiles\24mNpOke.default\Extensions\abs@avira.com [2015-04-09]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-09]
CHR Extension: (Google Docs) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-09]
CHR Extension: (Google Drive) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-09]
CHR Extension: (YouTube) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-09]
CHR Extension: (Google Search) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-09]
CHR Extension: (Google Sheets) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-04-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-09]
CHR Extension: (Google Wallet) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-09]
CHR Extension: (Gmail) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-09]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 CopyEditor; C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor.exe [85504 2015-03-26] () [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-02-20] (NVIDIA Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 13:46 - 2015-04-12 13:46 - 00000667 _____ () C:\Users\Ogotox\Desktop\checkup.txt
2015-04-12 13:28 - 2015-04-12 13:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-04-12 13:22 - 2015-04-12 13:22 - 00852616 _____ () C:\Users\Ogotox\Desktop\SecurityCheck.exe
2015-04-12 13:16 - 2015-04-12 13:17 - 02347384 _____ (ESET) C:\Users\Ogotox\Downloads\esetsmartinstaller_deu.exe
2015-04-12 02:05 - 2015-04-12 13:02 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-12 02:05 - 2015-04-12 02:05 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-12 02:05 - 2015-04-12 02:05 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-11 14:48 - 2015-04-11 14:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-11 14:48 - 2015-02-26 21:14 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-11 14:31 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-04-11 14:31 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-04-11 14:31 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-04-11 14:31 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-04-11 14:31 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-04-11 14:31 - 2014-11-10 04:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2015-04-11 14:31 - 2014-11-10 03:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2015-04-11 14:30 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-11 14:30 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-11 14:30 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-11 14:30 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-11 14:30 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-11 14:30 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-11 14:30 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-11 14:30 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-11 14:30 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-11 14:30 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-11 14:30 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-11 14:30 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-04-11 14:30 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-11 14:30 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-11 14:30 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-11 14:30 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-11 14:30 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-11 14:30 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-11 14:30 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-11 14:30 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-04-11 14:30 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-04-11 14:30 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-11 14:30 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-04-11 14:30 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-11 14:30 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-11 14:30 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-11 14:30 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-11 14:30 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-11 14:30 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-11 14:30 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-11 14:30 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-11 14:30 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-11 14:30 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-04-11 14:30 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-11 14:30 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-11 14:30 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-11 14:30 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-11 14:30 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-11 14:30 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-11 14:30 - 2015-02-07 01:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-04-11 14:30 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-04-11 14:30 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-04-11 14:30 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-04-11 14:30 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-04-11 14:30 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-04-11 14:30 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-04-11 14:30 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-04-11 14:30 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-04-11 14:30 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-04-11 14:30 - 2015-01-30 05:01 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-04-11 14:30 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-04-11 14:30 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-04-11 14:30 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-04-11 14:30 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-04-11 14:30 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-04-11 14:30 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-04-11 14:30 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-04-11 14:30 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-11 14:30 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-04-11 14:30 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-04-11 14:30 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-11 14:30 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-04-11 14:30 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-04-11 14:30 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-04-11 14:30 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-04-11 14:30 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-04-11 14:30 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-04-11 14:30 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-04-11 14:30 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-04-11 14:30 - 2015-01-19 20:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-04-11 14:30 - 2015-01-16 00:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-11 14:30 - 2015-01-16 00:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-11 14:30 - 2015-01-14 06:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-04-11 14:30 - 2015-01-14 05:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-04-11 14:30 - 2015-01-12 03:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-11 14:30 - 2015-01-12 03:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-11 14:30 - 2014-12-19 10:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-11 14:30 - 2014-12-19 10:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-11 14:30 - 2014-12-19 08:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-04-11 14:30 - 2014-12-13 23:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-04-11 14:30 - 2014-12-13 23:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-04-11 14:30 - 2014-12-12 04:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-11 14:30 - 2014-12-12 02:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-04-11 14:30 - 2014-12-09 05:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-04-11 14:30 - 2014-12-09 03:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-11 14:30 - 2014-12-09 03:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-04-11 14:30 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-11 14:30 - 2014-11-22 04:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-11 14:30 - 2014-10-31 01:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-04-11 14:30 - 2014-10-31 01:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-04-11 14:29 - 2015-03-03 15:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-04-11 14:29 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-11 14:29 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-11 14:29 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-11 14:29 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-11 14:29 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-11 14:29 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-11 14:29 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-11 14:29 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-11 14:29 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-04-11 14:29 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-04-11 14:29 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-11 14:29 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-11 14:29 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-11 14:29 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-11 14:29 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-11 14:29 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-04-11 14:29 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-04-11 14:29 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-04-11 14:29 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-04-11 14:29 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-04-11 14:29 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-04-11 14:29 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-04-11 14:29 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-04-11 14:29 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-11 14:29 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-11 14:29 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-11 14:29 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-11 14:29 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-11 14:29 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-11 14:29 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-11 14:29 - 2015-01-12 04:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-11 14:29 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-11 14:29 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-04-11 14:29 - 2014-12-06 05:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-04-11 14:29 - 2014-12-06 03:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-04-11 14:29 - 2014-11-22 04:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-11 14:29 - 2014-11-10 01:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-11 14:29 - 2014-11-10 01:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-11 14:29 - 2014-11-10 01:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-11 14:29 - 2014-11-10 01:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-11 14:29 - 2014-10-31 00:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-04-11 14:29 - 2014-10-31 00:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-04-11 14:29 - 2014-10-29 04:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-11 14:29 - 2014-10-29 04:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-11 14:29 - 2014-10-29 03:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-11 14:29 - 2014-10-29 03:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-11 14:29 - 2014-10-29 03:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-11 14:29 - 2014-10-29 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-11 14:29 - 2014-10-29 03:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-11 14:29 - 2014-10-29 03:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-11 14:28 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-11 14:28 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-11 14:28 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-11 14:28 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-11 14:28 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-04-11 14:28 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-04-11 14:27 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-04-11 14:27 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-04-11 14:27 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-04-11 14:27 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-04-11 14:27 - 2014-12-08 21:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-04-11 14:27 - 2014-12-08 21:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-04-11 14:27 - 2014-12-08 21:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-04-11 14:27 - 2014-12-08 21:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-04-11 14:27 - 2014-12-08 21:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-04-11 14:27 - 2014-12-08 21:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-11 14:27 - 2014-12-08 21:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-04-11 14:27 - 2014-12-08 21:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-04-11 14:27 - 2014-12-06 03:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-04-11 13:49 - 2015-04-11 13:49 - 00023058 _____ () C:\Users\Ogotox\Desktop\FRST2.txt
2015-04-11 13:48 - 2015-04-11 13:48 - 00006349 _____ () C:\Users\Ogotox\Desktop\Addition2.txt
2015-04-11 13:47 - 2015-04-12 13:48 - 00008071 _____ () C:\Users\Ogotox\Downloads\FRST.txt
2015-04-11 13:47 - 2015-04-11 13:47 - 00006349 _____ () C:\Users\Ogotox\Downloads\Addition.txt
2015-04-11 13:45 - 2015-04-11 13:45 - 00001091 _____ () C:\Users\Ogotox\Desktop\JRT.txt
2015-04-11 13:44 - 2015-04-11 13:44 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-OGOPC-Windows-8.1-(64-bit).dat
2015-04-11 13:44 - 2015-04-11 13:44 - 00000000 ____D () C:\RegBackup
2015-04-11 13:43 - 2015-04-11 13:43 - 02686959 _____ (Thisisu) C:\Users\Ogotox\Downloads\JRT.exe
2015-04-11 13:41 - 2015-04-11 13:41 - 00001544 _____ () C:\Users\Ogotox\Desktop\AdwCleaner[S0].txt
2015-04-11 13:37 - 2015-04-11 13:38 - 00000000 ____D () C:\AdwCleaner
2015-04-11 13:33 - 2015-04-11 13:33 - 02217984 _____ () C:\Users\Ogotox\Downloads\AdwCleaner_4.201.exe
2015-04-10 19:04 - 2015-04-10 19:04 - 00002370 _____ () C:\Users\Ogotox\Desktop\gmer.log
2015-04-10 18:56 - 2015-04-10 18:56 - 00380416 _____ () C:\Users\Ogotox\Downloads\Gmer-19357.exe
2015-04-10 18:53 - 2015-04-10 18:53 - 00050477 _____ () C:\Users\Ogotox\Downloads\Defogger (1).exe
2015-04-10 18:50 - 2015-04-10 18:50 - 00051638 _____ () C:\Users\Ogotox\Desktop\Addition.txt
2015-04-10 18:49 - 2015-04-12 13:48 - 00000000 ____D () C:\FRST
2015-04-10 18:49 - 2015-04-10 18:50 - 00025683 _____ () C:\Users\Ogotox\Desktop\FRST.txt
2015-04-10 18:49 - 2015-04-10 18:49 - 02095616 _____ (Farbar) C:\Users\Ogotox\Downloads\FRST64.exe
2015-04-10 18:47 - 2015-04-10 18:47 - 00050477 _____ () C:\Users\Ogotox\Downloads\Defogger.exe
2015-04-10 18:47 - 2015-04-10 18:47 - 00000474 _____ () C:\Users\Ogotox\Downloads\defogger_disable.log
2015-04-10 18:47 - 2015-04-10 18:47 - 00000000 _____ () C:\Users\Ogotox\defogger_reenable
2015-04-10 01:03 - 2015-04-10 00:07 - 00000000 ____D () C:\Windows\Panther
2015-04-10 00:12 - 2015-04-12 13:12 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1772424110-1775628108-1297487835-1001
2015-04-10 00:09 - 2015-04-12 13:05 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A5040671-7C3F-472A-A461-CCC16EFFDD79}
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 __SHD () C:\Users\Ogotox\AppData\Local\EmieUserList
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 __SHD () C:\Users\Ogotox\AppData\Local\EmieSiteList
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 __SHD () C:\Users\Ogotox\AppData\Local\EmieBrowserModeList
2015-04-10 00:07 - 2015-04-12 13:42 - 01765110 _____ () C:\Windows\WindowsUpdate.log
2015-04-10 00:07 - 2015-04-10 18:47 - 00000000 ____D () C:\Users\Ogotox
2015-04-10 00:07 - 2015-04-10 00:07 - 00001454 _____ () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-10 00:07 - 2015-04-10 00:07 - 00000020 ___SH () C:\Users\Ogotox\ntuser.ini
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Vorlagen
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Startmenü
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Netzwerkumgebung
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Lokale Einstellungen
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Eigene Dateien
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Druckumgebung
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Documents\Eigene Musik
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Documents\Eigene Bilder
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\AppData\Local\Verlauf
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\AppData\Local\Anwendungsdaten
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Anwendungsdaten
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\VirtualStore
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\Packages
2015-04-10 00:07 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-10 00:07 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-10 00:07 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-10 00:07 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-10 00:07 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-10 00:07 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2015-04-09 22:24 - 2015-04-09 22:24 - 00002271 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-09 22:24 - 2015-04-09 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-09 22:19 - 2015-04-12 13:24 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-09 22:19 - 2015-04-12 13:02 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-09 22:19 - 2015-04-09 22:19 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-09 22:19 - 2015-04-09 22:19 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-09 21:41 - 2015-04-12 13:24 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 21:41 - 2015-04-09 21:41 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-09 21:41 - 2015-04-09 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-09 21:41 - 2015-04-09 21:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-09 21:41 - 2015-04-09 21:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-09 21:41 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-09 21:41 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-09 21:41 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-09 21:29 - 2015-04-09 21:29 - 00002077 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-04-09 21:29 - 2015-04-09 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-09 21:28 - 2015-04-09 21:28 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\NVIDIA
2015-04-09 20:41 - 2015-04-09 22:23 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-09 20:41 - 2015-04-09 20:42 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\Google
2015-04-09 20:38 - 2015-04-09 20:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-04-09 20:35 - 2015-04-09 20:35 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\Mozilla
2015-04-09 20:35 - 2015-04-09 20:35 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\Steam
2015-04-09 20:33 - 2015-04-09 22:01 - 00000000 ____D () C:\ProgramData\Avira
2015-04-09 20:33 - 2015-04-09 20:33 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\dlg
2015-04-09 20:32 - 2015-04-09 20:43 - 00000000 ____D () C:\ProgramData\{fc7b26be-6ff1-20f3-fc7b-b26be6ff9af9}
2015-04-09 20:31 - 2015-04-12 13:29 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\CopyEditor
2015-04-09 20:31 - 2015-04-09 20:58 - 00000000 ____D () C:\ProgramData\Packer9dc087ae-908f-4f18-9cdf-58cd3413437f
2015-04-09 20:31 - 2015-04-09 20:31 - 00000000 ____D () C:\ProgramData\0008d14346ba46409439f1f5f96545bb
2015-04-09 20:28 - 2015-04-12 13:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-09 20:28 - 2015-02-20 01:18 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-04-09 20:28 - 2015-02-20 01:18 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-09 20:28 - 2015-02-05 21:07 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-09 20:28 - 2015-02-05 21:06 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-09 20:28 - 2015-02-05 19:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-09 20:28 - 2015-02-05 14:50 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-09 20:27 - 2015-04-10 17:17 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-09 20:27 - 2015-04-09 20:27 - 00000979 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-04-09 20:27 - 2015-04-09 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-09 20:25 - 2015-04-09 20:25 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\Macromedia

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 13:41 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-04-12 13:29 - 2014-11-21 05:35 - 01686150 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 13:29 - 2014-11-21 04:45 - 00726688 _____ () C:\Windows\system32\perfh007.dat
2015-04-12 13:29 - 2014-11-21 04:45 - 00151380 _____ () C:\Windows\system32\perfc007.dat
2015-04-12 13:28 - 2013-08-22 16:46 - 00013831 _____ () C:\Windows\setupact.log
2015-04-12 13:07 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-12 13:02 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 13:02 - 2013-08-22 16:44 - 00338016 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-12 02:05 - 2014-11-21 12:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-12 02:05 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-11 19:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-11 14:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-11 14:47 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\restore
2015-04-11 14:47 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-11 14:30 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-04-11 13:39 - 2014-11-20 20:24 - 00444724 _____ () C:\Windows\PFRO.log
2015-04-11 13:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\TAPI
2015-04-10 16:37 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\tracing
2015-04-10 16:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\InputMethod
2015-04-10 01:03 - 2013-08-22 17:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2015-04-10 00:04 - 2013-08-22 17:37 - 00002988 _____ () C:\Windows\DtcInstall.log
2015-04-10 00:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\Recovery
2015-04-10 00:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-04-10 00:04 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default
2015-04-09 22:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Registration
2015-04-09 21:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2015-04-09 20:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Help

Some content of TEMP:
====================
C:\Users\Ogotox\AppData\Local\Temp\avgnt.exe
C:\Users\Ogotox\AppData\Local\Temp\Quarantine.exe
C:\Users\Ogotox\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-09 22:35

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Zitat:
Noch Probleme?
Leider ja. beim Öffnen der Browsers kommt immernoch Snapdo...
Trotzdem schonmal vielen Dank für die Hilfe.

Huhu nochmal.

Ich weiß, dass es hier nicht gerne gesehen wird, aber ich habe doch nochmal alleine gehandelt. Habe dabei genau das selbe was du mir geraten hast gemacht mit AdwCleaner und JRT, habe jedoch danach noch 2 Scans hinterhergeschickt von Malewarebytes Anti-Malware und von Hitman. Habe dabei einfach die Anleitung benutzt: Remove Adware.Linkular and Adware.Win32.Linkular (Removal Guide)
Trotzdem weiß ich es sehr zu schätzen, dass mir hier so schnell geholfen wurde und bedanke mich vorallem für deine Hilfe, Schrauber. Nicht böse sein, dass ich auf einmal alleine gehandelt habe!
Wünsche dir trotzdem noch viel Spaß weiterhin... Vielleicht sieht man sich ja noch einmal bei dem ein oder anderen Virus.

mfg Ogotox

Alt 13.04.2015, 09:29   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows8: permanente Virenfunde - Standard

Windows8: permanente Virenfunde



Da ist trotzdem noch was

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Ogotox\AppData\Local\CopyEditor
RemoveProxy:
Emtpytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows8: permanente Virenfunde
allgemein, anti-malware, antimalware, automatisch, avira, brauche, browser, einfach, fehler, folge, fund, gmer, hängt, link, malwarebytes, neue, neuen, nichts, programme, quarantäne, steam, thema, viren, weitergeleitet, wenig ahnung, windows



Ähnliche Themen: Windows8: permanente Virenfunde


  1. Permanente CPU-Last von 100% auch nach Neuinstallation
    Plagegeister aller Art und deren Bekämpfung - 15.10.2015 (9)
  2. Schädlingsbefall mit TR/BitCoinMiner.Gen - permanente Meldungen in Avira Antivirus Pro
    Log-Analyse und Auswertung - 12.09.2015 (8)
  3. Permanente Werbefenster und links sind doppelt unterstrichen was tun?
    Plagegeister aller Art und deren Bekämpfung - 06.09.2014 (16)
  4. Trojana Windows8 SpeedupmyPC2014
    Log-Analyse und Auswertung - 28.08.2014 (3)
  5. permanente Werbebanner und Aufforderung Virenscan unter Windows 8
    Plagegeister aller Art und deren Bekämpfung - 08.03.2014 (16)
  6. Windows 7: rvzr-a.akamaihd.net - permanente Werbe PopUps
    Plagegeister aller Art und deren Bekämpfung - 09.12.2013 (10)
  7. Win XP: Nach Protugal Hotel WIFI, permanente Werbung Popup
    Log-Analyse und Auswertung - 05.10.2013 (5)
  8. Permanente Werbeeinblednungen und PopUps - gqs.donedrive.net und andere
    Log-Analyse und Auswertung - 13.09.2013 (16)
  9. GVU Trojaner auf Windows8
    Plagegeister aller Art und deren Bekämpfung - 19.05.2013 (17)
  10. Trojaner und andere Malware gefunden // permanente Werbebanner
    Plagegeister aller Art und deren Bekämpfung - 11.02.2013 (41)
  11. permanente Aktivität im Status des WLANs festzustellen
    Plagegeister aller Art und deren Bekämpfung - 10.11.2010 (29)
  12. Lavasoft Ad-Watch: permanente Registry Einträge
    Antiviren-, Firewall- und andere Schutzprogramme - 19.10.2010 (2)
  13. permanente 20-30%ige Auslastung des Systems
    Plagegeister aller Art und deren Bekämpfung - 16.05.2009 (1)
  14. permanente windows-warnhinweise und avira-virenmeldungen
    Log-Analyse und Auswertung - 01.09.2008 (11)
  15. Permanente Reboots nach fujacks-befall
    Plagegeister aller Art und deren Bekämpfung - 10.12.2007 (3)
  16. Permanente Cookies / Problem ??
    Alles rund um Windows - 14.10.2007 (5)
  17. permanente cpu-auslastung - virus?
    Log-Analyse und Auswertung - 24.12.2005 (4)

Zum Thema Windows8: permanente Virenfunde - Huhu, Habe mir vor 2 Tagen einen schönen neuen PC zusammengebaut, jedoch wie es mein Glück will direkt Viren eingefangen. Habe allgemein wenig Ahnung von dem Thema, weshalb ich lieber - Windows8: permanente Virenfunde...
Archiv
Du betrachtest: Windows8: permanente Virenfunde auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.