| |
| |||||||
Log-Analyse und Auswertung: Windows8: permanente VirenfundeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.04.2015, 18:52
| #1 |
| |  Windows8: permanente Virenfunde Huhu, Habe mir vor 2 Tagen einen schönen neuen PC zusammengebaut, jedoch wie es mein Glück will direkt Viren eingefangen. Habe allgemein wenig Ahnung von dem Thema, weshalb ich lieber hier mal frage. Natürlich habe ich zuerst ein klein wenig auch alleine herumprobiert, jedoch kommen die Viren immer wieder nachdem ich sie in die Quarantäne verschiebe. Den Virenfund habe ich einfach mal in den Anhang hinzugefügt. Die einzigen Programme die ich installiert hatte waren Avira, Steam, Malwarebytes Anti-Malware , Google-Chrome und 1 Spiel (counterStrike:GlobalOffensive). Hatte dann 2 Programme gefunden die ich dann einfach deinstalliert habe... Snapdo und Wajam... beides hat mir nichts gesagt aber ich glaube das hängt mit einem davon zusammen. Wenn ich den Browser öffne werden von Malwarebytes Anti-Malware 2 Virenfunde erneut gezeigt welche auch im Anhang zu finden sind. Zudem werde ich beim erstellen eines neuen Tabs auf folgenden Link automatisch weitergeleitet, was ich auch versucht habe auszustellen, aber es immer automatisch passiert (ACHTUNG... ICH WEIß NICHT WAS PASSIERT WENN EINER VON EUCH DARAUF GEHT) hxxp://search.snapdo.com/?st=dn&q= Ein wahrscheinlich auch großer Fehler war, dass ich Avira deinstalliert habe, weil ich dachte, dass sich vielleicht Avira und Antimalware beißen. Naja, natürlich habe ich auch die von euch geforderten Logs in den Anhang hinzugefügt (Addition, FRST und gmer). Solltet ihr noch irgendwelche anderen Infos oder Daten von mir brauchen, bin ich gerne bereit diese auch noch hinzuzufügen.  Ich hoffe dass mir einer on euch hier helfen kann. mfg Ogotox |
|
10.04.2015, 19:15
| #2 |
| /// the machine /// TB-Ausbilder    | Windows8: permanente Virenfunde Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
10.04.2015, 19:38
| #3 |
| | Windows8: permanente Virenfunde Sorry... Achtung hier kommen die Logs!!! :
__________________FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Ogotox (administrator) on OGOPC on 10-04-2015 18:49:53 Running from C:\Users\Ogotox\Downloads Loaded Profiles: Ogotox (Available profiles: Ogotox) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe () C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\cvcngm.exe (Microsoft Corporation) C:\Windows\System32\SnippingTool.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ktajwm.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\Ogotox\Downloads\Defogger.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-02-20] (NVIDIA Corporation) HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation) AppInit_DLLs: C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ktlmq.dll => C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ktlmq.dll [254560 2015-04-10] (TODO: <Company name>) AppInit_DLLs-x32: C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\zeuvv.dll => C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\zeuvv.dll [127280 2015-04-10] (TODO: <Company name>) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:51129;https=127.0.0.1:51129 HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwToBS8xCZWiHzg9JO494t1sqzf2lO_xi8VaMFuJJx1u4BMuz95XqpS1I3Dk3zfnQdTHYy0csNojl4WoIUKignNj6ocux9qzIO96W8T0gvOf25zYtHjbsYNE87Ad5AaKOLiE9FKtdbU3EwCHU17GO-WYc,&q={searchTerms} HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwToBS8xCZWiHzg9JO494t1sqzf2lO_xi8VaMFuJJx1u4BMuz95XqpS1I3Dk3zfnQdTHYy0csNojl08nhbtU8yztTIj2V-onCRCaKW2lEDILbNzvoqOl3tkaT7GgmkIFsIYAJrOQYbKp1UN0PEmuANLqk, HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwToBS8xCZWiHzg9JO494t1sqzf2lO_xi8VaMFuJJx1u4BMuz95XqpS1I3Dk3zfnQdTHYy0csNojl4WoIUKignNj6ocux9qzIO96W8T0gvOf25zYtHjbsYNE87Ad5AaKOLiE9FKtdbU3EwCHU17GO-WYc,&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwToBS8xCZWiHzg9JO494t1sqzf2lO_xi8VaMFuJJx1u4BMuz95XqpS1I3Dk3zfnQdTHYy0csNojl4WoIUKignNj6ocux9qzIO96W8T0gvOf25zYtHjbsYNE87Ad5AaKOLiE9FKtdbU3EwCHU17GO-WYc,&q={searchTerms} SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwToBS8xCZWiHzg9JO494t1sqzf2lO_xi8VaMFuJJx1u4BMuz95XqpS1I3Dk3zfnQdTHYy0csNojl4WoIUKignNj6ocux9qzIO96W8T0gvOf25zYtHjbsYNE87Ad5AaKOLiE9FKtdbU3EwCHU17GO-WYc,&q={searchTerms} SearchScopes: HKU\S-1-5-21-1772424110-1775628108-1297487835-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwToBS8xCZWiHzg9JO494t1sqzf2lO_xi8VaMFuJJx1u4BMuz95XqpS1I3Dk3zfnQdTHYy0csNojl4WoIUKignNj6ocux9qzIO96W8T0gvOf25zYtHjbsYNE87Ad5AaKOLiE9FKtdbU3EwCHU17GO-WYc,&q={searchTerms} SearchScopes: HKU\S-1-5-21-1772424110-1775628108-1297487835-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwToBS8xCZWiHzg9JO494t1sqzf2lO_xi8VaMFuJJx1u4BMuz95XqpS1I3Dk3zfnQdTHYy0csNojl4WoIUKignNj6ocux9qzIO96W8T0gvOf25zYtHjbsYNE87Ad5AaKOLiE9FKtdbU3EwCHU17GO-WYc,&q={searchTerms} Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Ogotox\AppData\Roaming\Mozilla\Firefox\Profiles\24mNpOke.default FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-09] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-09] (Google Inc.) FF SearchPlugin: C:\Users\Ogotox\AppData\Roaming\Mozilla\Firefox\Profiles\24mNpOke.default\searchplugins\Web Search.xml [2015-04-10] FF Extension: Avira Browser Safety - C:\Users\Ogotox\AppData\Roaming\Mozilla\Firefox\Profiles\24mNpOke.default\Extensions\abs@avira.com [2015-04-09] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.de/" CHR Profile: C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-09] CHR Extension: (Google Docs) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-09] CHR Extension: (Google Drive) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-09] CHR Extension: (YouTube) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-09] CHR Extension: (Google Search) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-09] CHR Extension: (Google Sheets) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-09] CHR Extension: (Avira Browser Safety) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-04-09] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-09] CHR Extension: (Google Wallet) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-09] CHR Extension: (Gmail) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-09] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation) R2 CopyEditor; C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor.exe [85504 2015-03-26] () [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation) R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-02-20] (NVIDIA Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-10 18:49 - 2015-04-10 18:49 - 02095616 _____ (Farbar) C:\Users\Ogotox\Downloads\FRST64.exe 2015-04-10 18:49 - 2015-04-10 18:49 - 00011034 _____ () C:\Users\Ogotox\Downloads\FRST.txt 2015-04-10 18:49 - 2015-04-10 18:49 - 00000000 ____D () C:\FRST 2015-04-10 18:47 - 2015-04-10 18:47 - 00050477 _____ () C:\Users\Ogotox\Downloads\Defogger.exe 2015-04-10 18:47 - 2015-04-10 18:47 - 00000474 _____ () C:\Users\Ogotox\Downloads\defogger_disable.log 2015-04-10 18:47 - 2015-04-10 18:47 - 00000000 _____ () C:\Users\Ogotox\defogger_reenable 2015-04-10 01:03 - 2015-04-10 00:07 - 00000000 ____D () C:\Windows\Panther 2015-04-10 00:12 - 2015-04-09 22:35 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1772424110-1775628108-1297487835-1001 2015-04-10 00:09 - 2015-04-10 16:04 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A5040671-7C3F-472A-A461-CCC16EFFDD79} 2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 __SHD () C:\Users\Ogotox\AppData\Local\EmieUserList 2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 __SHD () C:\Users\Ogotox\AppData\Local\EmieSiteList 2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 __SHD () C:\Users\Ogotox\AppData\Local\EmieBrowserModeList 2015-04-10 00:07 - 2015-04-10 18:47 - 00000000 ____D () C:\Users\Ogotox 2015-04-10 00:07 - 2015-04-10 16:59 - 00381366 _____ () C:\Windows\WindowsUpdate.log 2015-04-10 00:07 - 2015-04-10 00:07 - 00001454 _____ () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-10 00:07 - 2015-04-10 00:07 - 00000020 ___SH () C:\Users\Ogotox\ntuser.ini 2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Vorlagen 2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Startmenü 2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Netzwerkumgebung 2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Lokale Einstellungen 2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Eigene Dateien 2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Druckumgebung 2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Documents\Eigene Musik 2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Documents\Eigene Bilder 2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\AppData\Local\Verlauf 2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\AppData\Local\Anwendungsdaten 2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Anwendungsdaten 2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\VirtualStore 2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\Packages 2015-04-10 00:07 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-04-10 00:07 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-04-10 00:07 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-04-10 00:07 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-04-10 00:07 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-04-10 00:07 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Startmenü 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Programme 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Vorlagen 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Startmenü 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Dokumente 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien 2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Dokumente und Einstellungen 2015-04-09 22:24 - 2015-04-09 22:24 - 00002271 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-04-09 22:24 - 2015-04-09 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-04-09 22:19 - 2015-04-10 18:24 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-09 22:19 - 2015-04-10 18:21 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-09 22:19 - 2015-04-09 22:19 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-04-09 22:19 - 2015-04-09 22:19 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-04-09 21:41 - 2015-04-10 18:21 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-09 21:41 - 2015-04-09 21:41 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-04-09 21:41 - 2015-04-09 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-09 21:41 - 2015-04-09 21:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-09 21:41 - 2015-04-09 21:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-04-09 21:41 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-09 21:41 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-09 21:41 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-09 21:29 - 2015-04-09 21:29 - 00002077 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk 2015-04-09 21:29 - 2015-04-09 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-04-09 21:28 - 2015-04-09 21:28 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\NVIDIA 2015-04-09 20:41 - 2015-04-09 22:23 - 00000000 ____D () C:\Program Files (x86)\Google 2015-04-09 20:41 - 2015-04-09 20:42 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\Google 2015-04-09 20:39 - 2015-04-09 20:39 - 00000000 ____D () C:\ProgramData\865c7f35000071a9 2015-04-09 20:38 - 2015-04-09 20:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf 2015-04-09 20:35 - 2015-04-09 20:35 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\Mozilla 2015-04-09 20:35 - 2015-04-09 20:35 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\Steam 2015-04-09 20:33 - 2015-04-09 22:01 - 00000000 ____D () C:\ProgramData\Avira 2015-04-09 20:33 - 2015-04-09 20:33 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\dlg 2015-04-09 20:32 - 2015-04-09 20:43 - 00000000 ____D () C:\ProgramData\{fc7b26be-6ff1-20f3-fc7b-b26be6ff9af9} 2015-04-09 20:31 - 2015-04-10 18:23 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\CopyEditor 2015-04-09 20:31 - 2015-04-09 21:11 - 00000000 ____D () C:\Program Files (x86)\ProductUI 2015-04-09 20:31 - 2015-04-09 20:58 - 00000000 ____D () C:\ProgramData\Packer9dc087ae-908f-4f18-9cdf-58cd3413437f 2015-04-09 20:31 - 2015-04-09 20:31 - 00000000 ____D () C:\ProgramData\0008d14346ba46409439f1f5f96545bb 2015-04-09 20:28 - 2015-04-10 17:56 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2015-04-09 20:28 - 2015-02-20 01:18 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2015-04-09 20:28 - 2015-02-20 01:18 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2015-04-09 20:28 - 2015-02-05 21:07 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-04-09 20:28 - 2015-02-05 21:07 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2015-04-09 20:28 - 2015-02-05 21:07 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-04-09 20:28 - 2015-02-05 21:07 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-04-09 20:28 - 2015-02-05 21:07 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-04-09 20:28 - 2015-02-05 21:06 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-04-09 20:28 - 2015-02-05 19:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2015-04-09 20:28 - 2015-02-05 14:50 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin 2015-04-09 20:27 - 2015-04-10 17:17 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-04-09 20:27 - 2015-04-09 20:27 - 00000979 _____ () C:\Users\Public\Desktop\Steam.lnk 2015-04-09 20:27 - 2015-04-09 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2015-04-09 20:25 - 2015-04-09 20:25 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\Macromedia ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-10 18:03 - 2014-11-21 05:35 - 01686150 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-10 18:03 - 2014-11-21 04:45 - 00726688 _____ () C:\Windows\system32\perfh007.dat 2015-04-10 18:03 - 2014-11-21 04:45 - 00151380 _____ () C:\Windows\system32\perfc007.dat 2015-04-10 18:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2015-04-10 17:56 - 2014-11-20 20:24 - 00443412 _____ () C:\Windows\PFRO.log 2015-04-10 17:56 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-10 17:27 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-04-10 16:37 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\tracing 2015-04-10 16:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\InputMethod 2015-04-10 01:03 - 2013-08-22 17:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template 2015-04-10 00:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-04-10 00:04 - 2013-08-22 17:37 - 00002988 _____ () C:\Windows\DtcInstall.log 2015-04-10 00:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\Recovery 2015-04-10 00:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT 2015-04-10 00:04 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default 2015-04-09 22:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Registration 2015-04-09 21:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera 2015-04-09 21:51 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-04-09 21:28 - 2013-08-22 16:46 - 00013071 _____ () C:\Windows\setupact.log 2015-04-09 20:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Help Some content of TEMP: ==================== C:\Users\Ogotox\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-09 22:35 ==================== End Of Log ============================ Addition.txt: FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Ogotox at 2015-04-10 18:50:03
Running from C:\Users\Ogotox\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {A713575E-3A8D-4926-9051-B4C0C09C2134} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-09] (Google Inc.)
Task: {EA4D20E5-F051-4C8B-A93C-0824FFFEFC46} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-09] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-03-26 15:40 - 2015-03-26 15:40 - 00085504 _____ () C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor.exe
2015-04-09 20:28 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-26 15:40 - 2015-03-26 15:40 - 01051136 _____ () C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.exe
2015-04-09 22:01 - 2015-04-10 18:21 - 00509120 _____ () C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\cvcngm.exe
2015-04-09 20:31 - 2015-04-10 18:21 - 01018240 _____ () C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\wsyh.dll
2015-04-09 21:52 - 2015-04-10 18:21 - 00031822 _____ () C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ktajwm.exe
2015-04-09 22:24 - 2015-03-30 22:38 - 01530184 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-09 22:24 - 2015-03-30 22:38 - 00091976 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-09 22:24 - 2015-03-30 22:39 - 11266376 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-09 22:24 - 2015-03-30 22:39 - 26792264 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
2015-04-10 18:47 - 2015-04-10 18:47 - 00050477 _____ () C:\Users\Ogotox\Downloads\Defogger.exe
2015-03-26 15:40 - 2015-03-26 15:40 - 02199552 _____ () C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.dll
2015-04-09 20:31 - 2015-04-09 20:31 - 06225408 _____ () C:\Users\Ogotox\AppData\Local\CopyEditor\arvfs.dll
2015-03-26 15:40 - 2015-03-26 15:40 - 01819136 _____ () C:\Users\Ogotox\AppData\Local\CopyEditor\izeranv.dll
2015-04-09 20:31 - 2015-04-10 18:21 - 00063644 _____ () C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\tbfhxkzi.dll
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\...\StartupApproved\Run: => "Steam"
==================== Accounts: =============================
Administrator (S-1-5-21-1772424110-1775628108-1297487835-500 - Administrator - Disabled)
Gast (S-1-5-21-1772424110-1775628108-1297487835-501 - Limited - Disabled)
Ogotox (S-1-5-21-1772424110-1775628108-1297487835-1001 - Administrator - Enabled) => C:\Users\Ogotox
==================== Faulty Device Manager Devices =============
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/09/2015 10:35:49 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/09/2015 10:01:39 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (04/09/2015 08:31:23 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (04/09/2015 08:22:45 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x80072EE7
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9a8645c4-8908-49bb-8eec-6671a533b17a;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Fehler beim Erwerb der Endbenutzerlizenz. hr=0x80072EE7
SKU-ID=9a8645c4-8908-49bb-8eec-6671a533b17a
Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Lizenzerwerb-Fehlerdetails.
hr=0x80072EE7
Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Fehler beim Erwerb der Endbenutzerlizenz. hr=0x80072EE7
SKU-ID=9a8645c4-8908-49bb-8eec-6671a533b17a
Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Lizenzerwerb-Fehlerdetails.
hr=0x80072EE7
Error: (04/10/2015 01:39:49 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x80072EE7
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9a8645c4-8908-49bb-8eec-6671a533b17a;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
System errors:
=============
Error: (04/10/2015 04:18:15 PM) (Source: DCOM) (EventID: 10010) (User: OgoPC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (04/10/2015 04:17:44 PM) (Source: DCOM) (EventID: 10010) (User: OgoPC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (04/09/2015 10:36:49 PM) (Source: DCOM) (EventID: 10010) (User: OgoPC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (04/09/2015 10:36:19 PM) (Source: DCOM) (EventID: 10010) (User: OgoPC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (04/09/2015 10:18:58 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (04/09/2015 10:18:46 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (04/09/2015 10:18:46 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (04/09/2015 10:18:46 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (04/09/2015 10:18:45 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.
Error: (04/09/2015 10:17:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (04/09/2015 10:35:49 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)
Error: (04/09/2015 10:01:39 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (04/09/2015 08:31:23 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (04/09/2015 08:22:45 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x80072EE7RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9a8645c4-8908-49bb-8eec-6671a533b17a;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0x80072EE79a8645c4-8908-49bb-8eec-6671a533b17a
Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0x80072EE700010001(0x00000000, 20:22:45:423 - https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail)
00020001(0x00000000, 20:22:45:423)
00030001(0x00000000, 20:22:45:423 - https://activation-v2.sls.microsoft.com)
00030002(0x00000000, 20:22:45:423 - 0)
00040001(0x00000000, 20:22:45:423 - https://activation-v2.sls.microsoft.com)
00040002(0x00000000, 20:22:45:423 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 20:22:45:438 - 0, 1)
00040006(0x00000001, 20:22:45:438 - 0, https://activation-v2.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 20:22:45:438 - 0)
00020008(0x80072EE7, 20:22:45:438 - SOAPAction: "hxxp://microsoft.com/SL/ProductActivationService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema" xmlns:soapenc="hxxp://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>ProductActivation</TokenType><RequestType>hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xmlns:q1="hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[1]"><TokenEntry><Name>PublishLicense</Name><Value>8sN9qLmM7V0SjPjRee/fmuSQZ3HWJyjylf6H3YOxC10xzhotxPsoTcTK35GcK7D15hvf1318A5PLmdlGFWPzcTT/YUDNQ2HmB6BANGC4mWfvF3H4nH4XDo3lfKHGVuJGGw20rTXlcCBXYZn4S5V1K7s72eWfsc7M+v7nNawfVs5dj2TKZafvH+XhFnTh7+k6MjooYOo0qQnrFgHOd+L9653GXgLLXep9A+DLSD4gGM31bZQ9XYTqWFQ0fRuPjLxYDCovRO5UBIsHok9RiIvJLtxQk93lBU4D+fSBxuF3lXgM038rSSOAtX02LxuKlhXqPk9I95nyuLwlU/mkTsDFud6/GPDLqGj68HJbdslmtp/q/KCevur5rBCBjpFKmB2NhOqbxRPJqHHsDw3BjTodgyv50IWKxr2iWgXHAtpB+Nq3yD4x0np2YVse9/9t+VnM+IQUodGHiKrS2t0YCrWicFeqtIldmQRkjpNaHmazRN4OyLcRBtKx2NQy/V0VaRySxtsM9+zSrdp72Jg8b/CTZRf3RpontKl15MnQN9ePkvfdirdpS/X4lD9PVvjvhPaVggV3RtT4vxANHbH5A1BgWmf+VWpPvT8qPmobJXoQnSrX7ZUBJvS6hvQzL1MqNnCcXBj/OocTF0nRVTigVUenx3NWO5hKQuVm8AnnYN0bWxNcI0o9znTzZmPbJ6CDrcFg85Gwogb4b0p24pGCq9s2cZhB5jeHOjVB6FhZIaZet5sqNpSqFyn0YOFZ3l65wQ07nQ/9/ywcdyV47KsI+5qOEi4K9lE++9OGSpGtq0ORFrSbCB1/i5Vo00+LlAYdosLOi2z1yI4OV7GgPLVlulQkRdD3b4euYZVd0VPyx8/N6U1pY1EoJFsqfXXuT/Uqxieqv4tMRHXsymDcgoKKUoIKOEYBE6d6hgxIk4lSvOHEMxJWCZiUtJumcPzwgZU3NrwhfL/+x3R7XefwpLhaRNLFSQ9apqvbl3Tfz93cT8JF7HqkhOGie8dbQZmk/XRxVG0WsZe5WN1u+wzsKeq21D4hIB8yh+17fBEHlomLl7XCa//iWCC/gGSdMxeYUNV7Nexg+6uaRi7+ci87SIYsG59Cm6r+WVfXXSUv9ARszQy0zNK4+wA/wTfq+z0R3gkJ6DHYvRT5LoJC1hphmFY3pm6xiDL6taIxqnIfpBU4gZ5INnJhfMuWER3ynTHgor4cO/u76oL5Mo1XYE/XuDcPxzEx9jNLkWZS7yEfjaWV0f4c07ejhVpkfC99pi/BF1vtje24HfhRgop5MMWwysZhGwiFINYoDK4WBQCsjc6LW8EMG0nsAsTi69rH5NWcfsIiowJMN1E13zKL4IrktWiTr3fP3NbbBeDuTCSTgrmV7+p4J6csZ4xR70KN7X86z8hn5/x8fznyzTwMBB2iZQ+ca/jlAqeXKsIgrqLln4ODBharVGKZORPtE7I2jJcF1N5iWBqiF1J/XBgH2Q7uKCYvIZ+68de6+/8IsX4gdJ40q610EPBEceXxcw21YwXCPCC3+/fsooBAI6b4EESCoeBZxqzZifavHWyeZwgbn+yfG/Wyx9SBXFB42aKBSJelejcSp6za7NP1QyUpWcoJx9xEe/WCzr1xREDWvqcAeUenVJrRrUauQhRFKQz5QlmM/QglYHXIb01Z1AXe/ZHSrtDrMqXXMJtLSYx4WFivAdo2H631MURm6x+6V81wcnOePJAaqPh+0WfJ9TfBfqZxOG3UAmllPLjkpKkPjkM44n739Duz6hvcRr513XJ/avSe2gJ9vKtsvgYm4Esy7cT28i7cEcmE8sRIS8fUNprjfbxo29XObsy50iZBjbiT/8nIWGtlKhvPkDmG0SBWJY19KuHiyiDSRrRpLrVphXOny6lD7l8/xDLH8ShFjxk5G86SfgGW/HgoNSzCcjLcQCteUNkocojEaXQ7j5qIhY8EjJfoQUkPm175w2PXst4dsbgIu+M/mDAE7Eus52r+q94npzpFvau0tS6PlvWfPo9uiepDFvfE2wR9AVBx1Par/0gT10xrlpLIwrRd5R/Z481YgojCAe1/F9UR2kZuXhRpO29rxXlBc81Rml/GVL9fyJvVwlrLe2j/kooso57OLrcVuH/2rJcFyoJGpzmq2dGqCWN5ayg8y8LCfCQq4+gGHM5zNs067i7XfE/+OsdpPmx4ghY8je6z05NF1hinfB26m47gxlKHDlaaJwSB/0eoN8vJ6n3j9y4k6s126a4OQa3IiohTkSAYP9VF3KtlBQc3mmYbb9HPUo46tumwjVh3m7cOhVoKoHiQTOerg/Eaq2FgyUmSKBc7VmB0XD458TT80nr23DOZQe59y0hzoJ5OAYycYZCgzgy7f1fSa5FLZi9FyMS1OEKziSClp07xEKQZIzhLDhyvCogZ2SCp/uwFkBHj3XedPql8YSlmIJQ5PFHeo7J8SGI3YYtbzGwgIG6By60u1vdhAgrq5pMmI3UmDjCrLalv008196Nvwoomqn7ZNM5YwDWSYqMNSkryfmOk3m0iYVxh9j7z02E2Ow13m7gQ5RE2ic4n/y7MYDKQlKUejoCJysClZKbmTv7EE3jGBeQNYLegMQcg1JxUnzkAeAl3ESNAblv6bu+y5fd9bGnI1Iw6ZFVKDjJlLoo6zELXDFdRzuh9a3E74E1s+Rh6Ig4PBsELqLZADh6IJ6JmfK13zHrvJTOkdlWZ4ZPHP5Kfm1ymQiIE41s4E/j1l5p7rR/nI6Lk4dB3GW6oz40zzqiws9t0fX85kwKs+MwtXVKK+br3yMEkeT42virNcHLBUJ8g/DufUtT7vFDf2eqmG8RlQ1l2pUHuJNhhhul4v+NXEUDsYSmXc4DjzDvG/exRhmM7sn88JYhV53h5shtYAGZQYt623FvAAHlbHFzItJESBU1KIuKaS7Oe8qMIMgem2IUPZV0hTBH+VLEcvys52ZagMnXUO4O5Jue9xUdqViQ/eBeZwA4X2P9QyCLBFS5/gVnDa2jv7EiNukkVO15Uze/Q/4NE4Sj6IYyrxQ6ZA7hBj2X0rdK7zTp2duN89ecN54+U69yvN7lyjox3bAZNmrMEaYEBWEohbQqo5DvqAkFzG24ugkzlJQXOMSuuWSvpx1zHAfJ8DUu2i6SYJnPJJ5XcIMDqwrXsZxf4jLVLOsorvtjWngQVmHSxxm8o/ffcsjCR3Mfn1EbKcpx9yZdyAnGGgH77WSOrUuBWinDye/CSwWx5Q6tUgjFDOa3c+KbbwARHAGv8yN/BcySZU9gPPHyglaDcWFS6IBVRSSul4qZHsZvMK0cSQzZh9ZsRxlSyz1X7Pp5yQC9M/Ha0ZqU3QG+oB6cpVDuEnxfqaG+Si6FKp65BV9oVtNAVopHpllgZOcD1j4DrS6kEaKJeMUwwI4YdCXo4GYbbL5I+1lFnGwD99C6wrN1q/UDyThFt+bjFc07LRreGSMfQH1D7bmDa+cJ+1x1GnK8VllXBc18KpMYHCSW1UunVaU45Dg6t8XIhncGQWqALe1xe9eA/2dl/rr9P20HnqZnQ9xfEZoSGM0o5s/kx72wciX5VVJq7I1NbD7Z/b3N/q59jK2uyorsT3thl7wEWm1GUZ85vwVlJOliSldXO0Ej+fn/ijp2U+DENNnKVElzrgyB8Lu5ABtMsKBVEpP89Ga+uaLr8aWGJxtN6xe3cpuvmAMCRMWZUjNzVMfTF0w5YrF9Pnme+79mjAENfEmal11EwfE5P8GGshxgFA5V8edNE+8A6CrshH3picHo8MS/7DjO7sptr7YOW2xcPEUKUKXJKTB/cJmr605rldFtqgYh2zEvmS+ViCmaoXarYX+xlvpsz9INWZZ3aUOM0JuctDtIEsmtHjEcAy/vT/uYWPswXyatFZfTHHowHOwknQ0FIUM7WlHJtLzP1btOqjhE1SiOIuNyh4k/17qnMKq2Pw5ptiO6mbIcA9Tq0oc2JsovXmrBwh1CynmbJNkND11p2OaICg0YtXnHiGZ68Pc9EVoKRO2YU8r5vZoadFXUKzFmu7v/cEwoeNgm7zk7s8dotoMLsDc8wpuOJX2N2G4wViqmlVbKpE3Wjk51Ic0MDglgnNiiabnWhh5CclVHx1Rwx9Y0euC7ShDw4TbxFNeNtjp9rLUF4bXDHXNjdeTjQs3GAiBXsg3EMV7s1B1vBY0rrUNCgDS0vaxLUBy0vi1NO91I/KXVwc9Nug9buY9PyM9WAEVUh/nvxpocC+WMsv+WJQLUR8cLvap8LT8tTZaYiS9N90i8G+T+o2xVMXLseMhOjwpUAdeEktrelAeQVyb9hch604riKTN6diWJjsBegSH91otzBHeJ6PSRsJppwW/SigD05l1PkCZn7vGVAnyzjeAd4fiRylo6uNto42/u4t4+KnIc0668t0cTU82+B4KBlTxpxB9bgr7XCQw0vqawzKmGMknL2Cdzn9sV4q7iY6c3gLrnrkDZiL6rzaBIU3apuTBDyjBzqPUI7/OZEsB8waN6KmxPlOa+yoRoGGaE+KZ74JFgiFpV8QVVrFAb4j61mwpXdulfE7QehfVLs8Nnxn/9kYtm3l37H7kJRsPqyoz7fV7wLJyf7zXY285rCAI0TbhxcgHO9LXGIF4MNsxH118SWMhuTFMX5Khv+1KabY7L4+7faPEx23wkw/jitapvwm/QLc/yVOxJ1EYZkEkjjajPHqAGuMoozfLi4Yh6IXWN7GvCYONssN2RKnU2v7ZRvVcynxy9VEykPmu6V4SI7T92cDUDk4s0xX1a2u5ZRracNhDOP0FqBdv9o9953R/Szv/14CrgMfkhTJGi5XCwF5jJoNKMlSp1mnYhUyVYnkttDdsoyCzk6x/Kr6HdcZVdI0tmnsOq+Upx3K+uiqEqVQluOsvvyX/ksMBdVLASmE9K2vZlPQrHppnvE0RTuzgH1TjXWxDUxXx73C0vSTiGq11NsKjd4R6XCXpcs6wjXS5dsYbVO0zN8Hr0kdMvqt6lCl6KwP/FU16H8ELTIEgxcUEbnMpVsd2ncLl+L/y2VKBAcgb9YuYXmQhxwQWUszYV/vy2Yrfeuhv9E8SSfYg5zrx8TWW/3YLBhOp72OxKizivi6aXIrvyXNsDJkoZMDLewQSc45KrCe7Kmt8anLuhRN+mcmAByELjeC/MgB76EtajogDUHudyfE8ZhAk1k2yNp6meUsl0NOytNgZ7pv5Zz+4w9uBzFZG5gfY0iCmDMO4Khsgq/rTqsPaQ39wUYCUELr1++YFh41wG1Eid322QTkBYrIGEpdCtg92Wx6junr0hreSqsEfIKfAkaOPN41mfnQwlOFRL18yNusI44YK3nPlqB/hscbtd89CMY5MmVnYoyJCAgWS9k/tSl5Tu5BZwaYnQOckyoVHWkomn0YQRMiA5MdOiD/xvFbn9Hev5hfrNKTDJbeGCOfXmR68n+PcOsxdyV/RxTLL+hVSSDl1GnWnNqSCqEZvyNhwH/+mOxJlbVcMQ9wGg7V3a3dX3zU0BjCyxNCwrIEFIRX2XQO9nlFrk5BA4DUcaD3WJR2jUoB7Jhz+OcLVtg2ukFQ+VmsiFuEH1uriDQHSxwQweFtqjgHZDXqY0Xm4qefBDILX3VEewG/7ePX4qA4ZU2fuvkBbz+bXosoqqm6DlDgWNmge/IBYkre1iAPESBvaM9zPxXD9mvCgjGNTjO3sbx8hEtgIpXmJ5ZW/AYR6fz0PoL05PZqhGJU+1vt17s8rGbqZc1tZLteVqT+e+Hz+u7peMHjuKDn3SzzxDlj4YV9ep97UvMISABjEcYdPSqp07GokPHjomkoy5RRUN90X4msnx+YSi8igWySalHd+F1ACTrK1s7t+v/9eZBlc9I1ZjVoa7RXHNVpGoSmxlfTlwaR8C5QCVbk+HnxHf72Yegd4ExDr3mZD1weegUST6R2h9ow+2Rsc1OzH33XxRRzkhIaBydqDUrvE/L+ovhCcMarCMTA4Mr6du8370qMlLDUB9dEbKZProUjvbm0XEyXbrv2v0Ag98u/OWIx3TXtG+MlWVD56vhiMf4Is2yRhz8scPTkuQopjqqG/HgwS6Ybvi2FpuLh+qdyHJ7GJgvMn0lfHWNF+olTrrvPGYccyREubpBnjEzvkKaO0GPtyihdL09Jnk564RR/1ny6RjhoN7mzlcs7NfqzTsP25C4vMSKKRpIa5ZONBjtNDem9X8eywnGraP0TDzMt2IykeeNpod1+qDOklFw7qPCWO0uGXVXhr3F5IeH1zSqccF7JIXy9ghkwJGdJLM1KNeNUQU5H80KChVtdH6Q532kZMhvc/5ya1i3biAenVkJxELO6swSbkdEP2bHLyD6TQOxOOAUoM4VhliMNUz7PQvPgFwQwt4BFpqBruxx/al3EcZxeO9vASBbYhFjMgAPXcEsIuQV5iTri7mPb3TOlXce84s54CZT7kMYc3dnUngHRfGwph46LqiCyUbEsnvwps4L/ccmNKItEpfe9R2O+HDSXyeqrB46xeAJOMNjsBZ/I+hR/egpkmK2jCr+MFnmxucKrlIdT2rfRQol4zZdlkZ/QFjqkqX6VFMY/YaZxMn+lI3DvHz3ZR1fkorRDwa8m9Ln8TimVayLJXsb7fW2y9WwnA7p93IWqmTpBTECCq3EPMWKs0gInaFz1bnkAflJNt2DD77/d/0OapNSTWkaxxvChU9dtdXZRat4cSyQSwswi9bqAjqVnfXZFR6TTU9Xd6/2qk+KM3Sfxu8J7kOrqrmnB/0fdf8HoGRlg58FJjsRF2pqk2ZiVeW9YyJBIqVPIWSr/hAPKQrkpu05sLIUnpy6eRuJRYSfF5Zw3AU+ZA/iD2FhKsjasyvuURABWB1gMT68N314DLVqu4AZ/t4DpiRaY9aqlzG9hSlcYxohRnEVqm3DuPIjjT3x0fZSCUZJ7hhjq60yq6b1p6Ol+sII0nzFeIS5LLLmyVWqVBQskct0AUOez9gxzGYh/UAUxY+noZ1xhasnCPdI5MW4vExU/E8CheqF+964qq/Mpxwsta/4QtzvdM/PBKUYNpw/GpBunGFtY1HUo3SPXcPOkilOzzfgWK5ozIpCARENdZnwa+rihD0g+v8Hoj5fCJdtuHPz9nEgpOP30SZLbLZSRKKJEgrdYud1VP2OF+37QjRI5gs+GSlY44jg8FVBfXkZVcwBOeFi7ony/yapg5q002u95gUNgBHK2R+0HiVsets21T640PB1gHAQ6rEyy8HG+rs1yFjgpN31QcKdbPgl7g7hnAIcsYyyoxyk70+RcYbsbM202vX9JVYNi8y1yhnczyHs841Dc010RVMoLk9cY4s175T62xxxL8Xbcp6R0zduNzExEkRH14vfBH6LqQ+0/dts9WC6Q0jRSmfs1BNEqKKTUHgJRx0rBagFgOVIBCXUpjKBVOigylHcfj7kv35omSOdjXP6eZKkfBJwKk/la1CNeLll9Xcn14iI2v55SojPPuP5m8Hb6VGQpdus1GM9wjMqm4pqxJClnsezFmuyCfTOBXm9DUzo5RCsNcfKDKdd1EKe27FLPio7LJvdiwoY8TMcDHLogsCyRlHWEVKIJEyj/118/V8gGCUobONcw/jw4PDo/n5/4ySzfU5mK+1rhsoQoBF1T+a0rTD/eITtgVdlCyoZnpWcCIXHTDjcKQLywSXSjZUUEwpBtOM45cGIzmupWE+T84K4MVbn/KP5Pq4S9LaG9ZP1TOz8qMiM5CtVKuEn/F2d3FBauSVp/hXjaVRRMWzRykKkGREjjnauTtWaitmH5U8ZqbNy8+UVVd20pNVHw87C1YrCD74t9w2RKN7wNJUxVPqx8h0Lrx9+oNIbT+oi2PtSulEdTFhL8wH8Htu0ik5nIm7TpTMUQGjl4WesiI1boWxw+gi1tjBQKQQd7DwGP6mBybAIyJt3IVRR5syaLVKnQE+KKgw7Yfe/MbV7hNlxYAx2etkDIjsDa+F9QVI+FPyVdIQdYLXIthhxRTIMcjazCtxJ2fGAhmQp4aTpoqoZIPxv4VTfZEG35P295YRhbQbZ8XrbV6A2+h0xb+N7AHQD8vVrmAMK8BblHdhZvezMzlpsHvug0XLHDKDut4RHdLZsv2s4UcyiI3O88S+902gEpjbVFLxD3gCt7KYGN1yIUP2hBfxENpcR1Qx7yaHlXhLSFQGCQKM56mwc8poKRfxvZGjQGjx/tLYje8ptaEz0zJHuxiAiV8Kr2AP8x6fcYdvz1QZwjvXfar34TyWR7fSj6SrF30Grh+YPWMfqom8GyMp8q7el0jZ9X/PQQyGgcMLKXTFu0VLf6b9Bb82nMaEyhhHOR6cTGdnO0yPWftLzoQeuc9wHCXdjecTl3fpnPZLATtYog+Oq9prgdwUwUWDay2XFG2rOvg6pu5k0FI8ZgB+hApl3LiNt8Y1Oiv1wKqVyLoiXto65ExpTLnENtJi/XhHPESYSlc4i6wcAAKI7o5fwY3Rv6AaS6JMym7agex9MVSFSSP2gkbTYDGDvUSae4w1yAnoWF+IDKrMG60z9OwlaChqevv5MGycnGzL4iGhIlSciz0BIGi4Qc8mTLuDhEbT4V+kqGxFx1lmyVV60/W+Aq/Cingto1h5Gh3HVjGAuNgn2TrjF83bb36/pEOht7HOqL/AQeWdFO8TgxDeY8wxqra6Znh9P+On/5kwOdzelXbxOGs+kWK+FuTGHgMMDwL46TzLz9E0Il8Z2XKboLjxKxXXH2E+4EEX5yl/l/9RqtSUHwALxTqeGcFrFvlX5q+TVoJLqoOYnuc4IhkAiwWXJO7bWnjKac+n9ds3xjI6DkTeors5tzULI4nl8qeCYvW3OVRDCzRuJdTBaCwAU6Iz4v52ONqFqCKopuwHl0MPjP/WgHmfG4blPVCBhDmFwtVCUwOmdtB/R6llyE/nnOp7WdY1AfsgXrcV9tPzQ+p1d+3q8I4VoXqD37gRnqMwqYgMgxOCtsNXCkB07onMnKa7EaD0D4fq1ZsEWISp9bDfIVLrQqGawE/6aa45NpX5NNZxzhT6zjSYARBvKSXAoit22aSeEGmoTkU1Xpu/B29aU4KqlrdIba6RyhydsrhoFzrs8kIowVsW1rlSckD1yI2xSPRZN+7URySKWZ2PRJ7oC2FfSjgWvAf4XFd0L+j4t+DYlX8dU/DAUQa3hbQ7D7YMCFyY7yp4x4Eb8eyyXv53dsbKKAJV8li93HKjCKxOEXM+wZmHMtQ19ZdW800+s+tpj8Sj8yX028YGyh5FPUcfjQxzHtKqKRCMtoYG6FkHxunnbTZHRv5NesxYjRJGUT2bXxjz67v80DVG5w2SQSwJaRXmZEYTZi2fqfBb+mAGJiGcNuYVtitUX84SXTs8F0sYajTg5bv8yEB5w8Y9bjiCWhYPX0+2yF1M7c4iGk+2hXJ2vOixZIDdL3Uet3kZuywPU5VlCHMCAHm0QhN/4TXXCwV91PWK+a7bIfaLx17w1bggVa6LtvGH7xFw/PXds4L46y0/kLtTsMUOlpidfOjdUTfGTcxbEjCy5xWyLtBH7l9hXQtQTVYl0kylshPbfxA4EHdx8mzuNQvkvpRL44457FfCZnUysMBR/vg5jJ2AlIQLpFxQI0xkoiw/scm49AGpUOzQaHyr+UpiRaq22IkEbTqDHpsImvNKdD2tld+G4vPBgOZCgceF2rtw7lMHJvCE0JZzhm+CzCb4etZ1Ta1WFhKkKcwz5aN1jSpvs21TSIysQ5q6WyDr7Cu+P5gGVLEPIQ/C4KF2oW0Gu6Sjy18EJHgUSm1vfcS5roaDdvbYfBtPuraf9E4FvDBKCvWI6ms6fs3O2/UBatruc2mEPwS5hFsmR3hHvcIieDMz3HWm+XfIt8co1UPXpcWRAg1Tve8SdEInnKAiNgm6R0V/L6NDZ4S2ggk5sZC5SaNmpFq4zwjkkdjBPKcSI/Vbv3/F5KlN4DFgr6YO89qdRGjTJPqu0coPSvxavA9gJqMg9EVNeggAcTk8fOZC5ZCzufM7uOPnDFPWm1ELBBNlKZ7HI11JgzlOExzRLY/e9MM9j4Twkj9fjS4vf5HNAd5JBDmMRvCkA2W5prpw1OWR6GiM8OPB4aqt3LuyITuWJl2EeUX9S1FEoZWqcMqm60Suc+vFpEjUMKfATndRQgV/f9R/szyUcYpg2EDA+5f0wp9/URmR42isw/M7kSD3oh7DD7yUGgwqVoQQcXLy9mzJqRK+PVtRbAga0iwxS/5pIGqAM2L36aJyK+9fyizbRCUqzDi1ButIWN+HrSIKfThjejeKpq91PgYEPZ2Aq6JYVfgYVmr77vrqyf7Bw3Bj6Xlj1uCZ6FkEKY5nluxFW5rKZhLzZ7NrqOtZHqG9VlKSXF/l4ix8QD3lBCisCGXPqv/7cTHohZbwA3p0rWsWtzKibn+IvEg+O6lqHKHv4dk3Pl+pHD1GEUpc+O760vQq+N2OnoscWbg+WS6P1FwpRp2+7Mwm2hdVKdCYNBsSwKcn1xo1MLQW8gQGg441rjLHPD7P9FkEiHB3km3mzRJHLdPt+oiKKHrkAS0AYl0KRrPT5VyvYoWuaUdodAIBSJxFHwVzucWje6T64p6o4kr2WfdNTBCV2nwZvQHGTvyaZuMq+UliZv5bePNj8FWTKg8fpNn+2EHHkxRaAixdwoxRxvzT0UqLoGZZMZWFxkFqAtxrjWjgulI+W9xQgsiM9CN55RjCDvIxWUwCqFaraE3Ji1A3wW/Ka/bxTkz3HdpmShivdKF2IRcUnSlJ65VuXQoSz1kFeFQFWQYu3zWqVmeirhKJaPWF3aHp4DoWQMqA+uf/IKXGXxo9CWL20n1xmpHj4N603UJtHjpAAg3DoHiCCGFCkN1MJ7Njm3TG9oFBlnOHg7Z2zxru5A4vXtZ6e+T2xvnEm4l2ufwmXxlzwjwFDWj4a5ouowc78HovEsAlLftNmJOQd+VV1pv74sRDBbxPPJgfmdc8AgE4zGwKxsJX0AGhXuLXXJeYpHmUWDvPlJwLXZqdt/AcJNHlDfszULZG+9pLYs1pTQs8h/IoHO21mHTFNJIixzTGhtqYtUuhMm/NxOPTz/Y3qJ61ucI5jKCGp2vyuxA8AfuLnJBEkcJCgOlnDSGT4xUJI/y2c21Xn1k8UAPpAPJxTPYYbRX3zEfTmyWbKCs9nA8ChrrxBrOfV4kKjrgf9jaYFQ7lg/hUTwnvgToHHJ7LTEzuYQ4UiWt06K/Sp66nVVZUg1cSzcZf0wY/dWvXZ+bovfalp/SN7rewmgfe2JJMx7wlgAMtHC6feEcyGrYgWZbvFYDUYJH/vN1kvX0A2ZDs9Lc8LN8P6q3uX2LJA/dnMIT3VkI1pdZY9q+13YKoxUm3fJzsfcNtG1NspRhA9TwzxqTLQzgunjMt12z5+BRXfuiF4ajVra97mM+iQ8p6EkSxpwz2wLkUw1RbGRkmfBWQeo25SfG+3m5qh02lofTNwK++ePIphCSrel9Xt9f6hM5qv/WQc2MY4X3TlqVT3i/W3nOr6dGFbfOaxVO2SToUWVZUNq1CCFEnWerOb8gsgAxS0i8v/D89jT4EskXCi8x3r+F1ydyoigVzpqgW3gV6H0fWU7+fNl09gAjN1Fy8I09sATXEOAqBU7OCKwoVU96WjOlogwNInMEP0ycFqoDG8zUjd1+qWwiUXUPENYu4PqKalYZSYtG2h3PMlBJuXaUjPo7KlWna6EUkt2mc9xpSBbPUkjh0GUiow24TlteLEkFJyGTjjKj3ei0RDteAZRhXmwsQLgpy4SAAdiks7mvM6Tfd+isFHj/NnIAJBO10/8bVlVzw+hQV7c02O+6gWLn3Zg2q6nFk28A8Fa1zLbJE0ChoHpek/33E7cJI+x6y3YnWWDL8ZLl8QMrV49RZ//ZqTFeXZXD+1iq1Iregw4cFm5IyxbULPd+RnhSKK7pEt4IKPXOi6MhU6vqGo3ZXrj1iW39DRm2eixi5lBshLQO/cAAHygX5DEHcwgE6K0859+JCtJTaSRdOaEndbX3jypUUr/zUHNVo04YbpoiaKGDqoP0YyTiiudiVgeh/4Sd3JkH3UT37OpUgbmCoOC2NRJap4htgueleo3or2gh6Swd9doSUGsnQ75bFBlvbZNPkF135IEr9XECJ205s4JFrgedxCNHhdHMBrxQ7AsgD+jOI76O6lWgdPO7hJQmOmcJRgxnc57YPl6ECQ2RaD6suom42/J+Di5UbHI8bYWH+jCi/qeOQo8U7/UX/AjxH92AYuH3mynKDqEsuqLSpq08Tlnlw7PS5qytDpHh+w+XPhatmQP4T4VQ02+Psq43Lsm10hY6SV0kn5s1iJg/e3nAxS/l3GePOJ1VCfJhX7jPXoiSHhjypq2A98H+7xM9pXmbqnXssM1o5s2poQR6FslgfvrtHhX95agkOt6U3HZVhODq6hjzlWZhRKTIlUEpOjGw+nrDOw8xdq2l3cADiJqw4mDUqtYR/fxy3Nhn+k2a3hFXxa7T7Jrqf8q/xe6kaXuiMrwxP8Soyb074wcM1eh1rr8zhlSpDditNyN3UuQQBApxGIHUUnmqgWlZIypkDeSd6hbEoMnwGmtHonZPNcXWbeVUdC4C4ZoLef5vdyMxpwWVAuVwk8jafw8HST35CtXQ3g4yf7x3rxwplNMBT4FUKxc+ABX5KrjHd5FoC+dClBK+NqKvSlXl3HYhbYE9KMhY97/1UhYCIzd1ZGush8HAPwoMfL9vuefQjON2Z0W51wX5u+7l7YDCuojk7ap+dw9Zbip+AT8Q4FyjB9LeRMTYdWLwUIGfqbWihLJ5HJJDcO0twRWOt03kWf4IzvDhLiNd+KpZItriHOlY1wTBHo7+y1v5VhCFJN2oKDNnDgjfl7sBrN/0HukRJDQJUcvk4UVTYYre2YpkcqeExCpzF4+xkP0YTCwPqxZRo2S/qT13GZJdnfaa89HhSnedoZWikWsShwxdqFIXuMfKrozYYghMcQlk67EemmauObyw7jXx5cCN3Nx74eUvioelmFbPU2gaA8xsT3whsmDpID2Ntv6t2oLdauGOOoOKhCxywT9qxdrtigdHVINHb9GKcFmbm05coKjC22/nqBIjT8Rp3SamV0w+3eWsKlbxGdJCBBnApuEJpiCEh+GidsVKb9NAVzG932qbcAX0h7Glj/oL75I6LX4JUazM/wI6lkjprv6W3bsYowU/EccXQ20iPbAsRdixwHfAC3YzURRtuujp4FkRN1JSzHQfVLrPoV0b6QDrJkN5RnKf1bzBZFZEvzQKia8bzqA759YNCkM+Y4egYfFvJ61u+keDCIMCLtmUJhLoDzyTmiorY9+g7PjHE3d/9GZOfDAD2TAp1meobJNttAAaye5Zti667SVnQ540vRi9VcYvuUmZD+M4+unQkG7ffMURifYqhf7NKN/3dZ1Rw/qoHkhbEaadv2z2jfiJRcBKKDujucXvI2sZFDJ1G3x118o5oxHcLsIUEII/2mjkaFo2y8M4Kl8wlrAuwIIo4/HfM5vbDTErKmHw744Nlm8cDZalEnaq1Y66/OSlIVcw4chWqAy7T7C3DuATI5uVimqLc7CfY9GzGAQSW98lrSurO2FPG6bSvf58Q4uFDaktT+kANIMYfAItx5K2REZPvdTfolv9EnRPSOxZakHe4ZIo6Z4s7cM0ae01+DZWlAoEETzXRiZtyMbIl8uyPwEEEFHRKH/Bs1sNnaMF8HleEZ2NZS35nnwNIdoEflv6yodwDL2Jp41Ss4FAFUk0sYJSSXHY0T4myokaunkn85zlGsX2tpKZUeIkIPllaLhIP1OXiWK1Zp8lIwHg1Ojm6PFXFs9Jb5V3K1fdBKF2M8h/Y9uY4cKXbXzwnux4qgruGyxfFWitYlPbuXAXy7FUtwtbWHekVpINZAXZgizBVdOtFW2nFb87T2T5rq9RIPC0SvUGUfL8IK9nCvUvwTIQYY8apVzjS8u4sd3ZRlKCeQKmm8ikoQ6PrqmYWB7iz8mKunyZrgF3uulrbpAdmgDWvSF7+oww0g1J7Yb78r/AZC1pq4ho9/B6fayPgr6BxRe95guGoVuO+MKO1Og62+MlxXcvuAO05mrd3kOfYd+/JD6lrdxK+WcmBQ3zMf5A983SkuI6P40Qfu2idbHAThcnw36Uro/qDmM4DWkDUyIHuXZNFKtR+wTlEFqBH/3IA4tq7HgjKWgASRKT8iVeNVH9jkLJj1+ya56d1BX03KQRNNcGmNbj7R/gvt1M4XBVWZ20LILAqD2rKKp5/b0O/JlVF2fjK6llOeLKzNOwj840z20m5MX8hB90gNBt7HWyl5yn1YiFJBvZDfAu1141R0cdD22OTO6KiAqGgyi3d0RgjHq3vbFIpidmVmxOnKcnoTQQOlP6YbjtxPp4IDk7Gr15ZkAJxtnVThnZXasyRuGA/lr6gKNL3I4nvFjii68eZNHjLqzKx8Q7tHVg==</Value></TokenEntry></Values></UseKey><Claims><Values xmlns:q1="hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[17]"><TokenEntry><Name>SessionKey</Name><Value>pgOsjn2/vIwdvthKBPOmu/F/hN3FHX6vlEu+Y7iKQNGtObstjWyZyMRv4d8MBexDkRcqhwrkP679P0kDutqd8+HCnc9LudylO2QS035pSjooK3WiKHF3C0GlatwZYUqIwenNYLHUMmdJEckFJTZUYThwA1939xhDk/6sRw1Zk2sVgzL+jhLTlH2MrKxcbLMuKAIW1Esj1V0M27rQyYRd5iFAEps7x86e/7VQ9CZr5cLxvkolwf+2/o6e6lmtuteTibdSe36COM6BZhKluXPngRos48bZWa5xvB/+cs3V1HY0cYuREdXhi4A7he66e0aNZZSGg0u718GUkhfFXnhfeA==</Value></TokenEntry><TokenEntry><Name>BindingType</Name><Value>NhjZJlsq6TgcT1Sq2PQ9YQJGkw/BL+AQb+QrUb6BM/k=</Value></TokenEntry><TokenEntry><Name>Binding</Name><Value>KRiRgZjxFY/6+RuJ+0OkIWrRqZwxNT5GaEZLMPCzPMcKWT7xj1WnUfyj4DRvc5ZfSnrD2AnoICXHzi7BinK7bQ==</Value></TokenEntry><TokenEntry><Name>ProductKey</Name><Value>yHGwyrQ/viMaWN1TPe1yEMRysT6M+poIwrMtg+iDJfU=</Value></TokenEntry><TokenEntry><Name>ProductKeyType</Name><Value>NhjZJlsq6TgcT1Sq2PQ9YdQenuPPbEASwGBJkk4JyUQ=</Value></TokenEntry><TokenEntry><Name>ProductKeyActConfigId</Name><Value>CKRCBeS0Osq7oRSzrfNXLG7P7eJWkGVRgvlNKyWepaQbpd9bGmF9gpFhtDrzGGVW/C0+rLdqQKFlkAGW7VWyjR3Q+yVXm5nIARg3rouyEnk=</Value></TokenEntry><TokenEntry><Name>SppSvcVersion</Name><Value>JfDPpgAK/EuduRSelcg9WA==</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.licenseCategory</Name><Value>gRf7fLk4Uj9Ay/1wEVePkpXpMbQjyjMm7PFVjEUVA3s=</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.licenseCategory</Name><Value>gRf7fLk4Uj9Ay/1wEVePkmXrWx/PyTk3EDavkArJBvk=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.sysprepAction</Name><Value>5kccfQZz8huOu6S3Qnb7Jw==</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.sysprepAction</Name><Value>5kccfQZz8huOu6S3Qnb7Jw==</Value></TokenEntry><TokenEntry><Name>ClientInformation</Name><Value>wlfWzGeoJreAIjE00364QOrhSeO11CjQ2VGOiiG1/4ylI8/0MOYWiLcKpLeRnuiwT57gADfGwWz3BwMBwAIGkA==</Value></TokenEntry><TokenEntry><Name>ReferralInformation</Name><Value>EH8BhsMRtdVuGG+COJpxVOrgijmyFyoX+XqCUDriP1vvY9uf6+F6m+h7MKUiJFaLn2hOGiRAJcwbGTowUDHJqg==</Value></TokenEntry><TokenEntry><Name>ClientSystemTime</Name><Value>qEpJtOCYO6u2TXxQ3n2waOTJ/y09b0WOfhaeYJ8KUjc=</Value></TokenEntry><TokenEntry><Name>ClientSystemTimeUtc</Name><Value>qEpJtOCYO6u2TXxQ3n2waOTJ/y09b0WOfhaeYJ8KUjc=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.secureStoreId</Name><Value>n0WW/nDkxmCFUAvRnym9nYajZjhFrojKBvxg488j1MiLbEKxyKTUBSb2ZcVS3SGn</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.secureStoreId</Name><Value>n0WW/nDkxmCFUAvRnym9nYajZjhFrojKBvxg488j1MiLbEKxyKTUBSb2ZcVS3SGn</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EE7, 20:22:45:438 - <NULL>)
00010003(0x80072EE7, 20:22:45:438)
Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0x80072EE79a8645c4-8908-49bb-8eec-6671a533b17a
Error: (04/09/2015 08:22:45 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0x80072EE700010001(0x00000000, 20:22:44:673 - https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail)
00020001(0x00000000, 20:22:44:673)
00030001(0x00000000, 20:22:44:673 - https://activation-v2.sls.microsoft.com)
00030002(0x00000000, 20:22:44:673 - 0)
00040001(0x00000000, 20:22:44:673 - https://activation-v2.sls.microsoft.com)
00040002(0x00000000, 20:22:44:673 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 20:22:45:360 - 0, 1)
00040006(0x00000001, 20:22:45:360 - 0, https://activation-v2.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 20:22:45:360 - 0)
00020008(0x80072EE7, 20:22:45:360 - SOAPAction: "hxxp://microsoft.com/SL/ProductActivationService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema" xmlns:soapenc="hxxp://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>ProductActivation</TokenType><RequestType>hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xmlns:q1="hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[1]"><TokenEntry><Name>PublishLicense</Name><Value>b2dEvdnY9AO35wbyPxXnuIn1FBFNNGCBd3JHAJek+dIjEyvOBrvce0dhfWUL4E9rgPBFIXEm9RgqAvOjrTXr7XbnH4nIhLqTL2eBWjkfHp1fWE1Nn5+JUTOQ3Ah4s3RK7OlMMqEh7mlFbY9k9DEtr1QFa5k+1T3Znnd65YiDcxAoBgQO/dg1vrte4gaVipVSoCKZtqG2Z4EPzp20SxbsfkgkqZXLrW5yKj+V2ygRKZ+mJBa/QuIjNjGwwPToMVBkGdBNV0aU4E/bQTerHOwBlXZLKSY44nbou7C3fUnouvos33BPhge4907EyzFo2DrX5JraRIBx1axslc0EWBmWvubYvtNgwmlEthVhVFEY8ux7YNBbf7J9VOsALuQQFyx3tGhMQNziyMkm7ZBaBKZPNDittobrhT7UIBhJ5ONm0V42S0Laj9UfnJwQkiwR2tYvZg1SgeOZTShxtqp+S8Ncl1FME5tAzs6V2a/ExBBIQkq3TFzMDeIA8AP8zlOvwz++5rUfH5BBTfP8+AXxseqdHDsVbKWKSigOxG5URXiUql3sr+FSB+4Lq0owEqbXer515sGXuk5Z8fBYAj7RXVdXlgnxr+aSYvO0JuOhzpegkTeBvMhEoTDosyNsVcsjAVB8uqORvXzyu+h6PG1TDLWkc/ZtXnAi5xJ+dqM7z0JKQYqLIfhe4PIugQ5VY71pTdobG7at+lcf6gLjSxKpkaxW6hiHmCEbiZlwT+6oNtd8Mr+lqKpGA6fAguWkeO66Nh0OkZDqZotpWsdD6aHxaEH0ENjOkgohdzfIXaxcyFuxwRbyr/bDOCYnIoA9Xr+dJRPsYx8mZE8o+Pd98f2DMCkzs+FWjJRcXUhBw/u6l+dvJc7NY9GZGeu8U5EfcDX4CslcJMoIsqYOpTi+O6uRo8+JPCPu645mtE2N5PJrki4hI2EG7IIFi3IpZ/o9jmsQTNkMlzAo4TeWj2GLyvT06ZRrZUo1qMlGbsaulCf7vOCgYS5YoMwE4iWP5oKRRQur3Yb1V3IFDxD//vEF+wRqQ3Hd8dSyx4XlEsZgxlfGd7SvHpjkZMNIzlagWHpRPOIhqSWGKPlGSRxgYm4O7sBsGCnJdqP9SesDmbbwN6ge5VgD2KACSC+18fOTh1RE+q+09ahprvEOFmssqgG+Sf34ob4x2mU8x6E4SPSvC4KqkEZoagL752NBFIDCUGIHwQWRYbZDW77FbrOiXeuWVk7pztIecj0/IwmmfT60DdO4znWF/Ue2Bxs2n6QMxbjsjdRae3+0TDhJaXhr9lr6/GesmeUJcgvi+511EC2jV3T1GZdZynxVMerTqaa6ygTnyjhxqh1did9aM3cONKoKsFu/1oiN225/LcCCYa/SYGvmo1El7F7QZ6RbYY+kMhuD5Mbj1JjH1jigd9NxiOTmT6Pjj5CKVozb78X3nPu2W2tqkUkT5bp2UXrKx6Db6iC+7mcyK1lQaAgF+8GuFbvrHNoabHhJy0pHXPuc/NIHmBLBUkcp6L4mk2YpZK1qd+OKgvjGkr9gtfK7ZH4jkqLV33tvOpVCg/MhjK/pRJZcI0RtDjpVQHh3+sHPiqKJCdw9dEqtPZHfobsu5X/r0aD5n1xMr7iohsngEXywpmAfG+YkrVprO8O2C3sZxQNdjoCky7CSegdyXqSK3tfXM5gWSwjXsS5ma1te4iCLzGChhp5jYJScSYsMXkFOjv7pXSyEx+1Gxp9XFOg2CFJ4MgE9ORpOAzyrCVbOWhbHmPFfpkIMJCoptPCLpWOLWY0tmmIoo6BD0f+p7jMsHvGroiWJ37ynYNl+ni9/i++NG1m5RU+I3a3C1+GEHiu1KV/iRAmMKHORgAS/l0ebK0D1AfZhlrhEn6FTaTuuqiLJQKjJezUW1fJ2X3WdCC2e7jXoaPLQkemcWZxhn0MbZ/X7JOEqadMDrlY5N/xubaJwzm09NkIlLzcbxr/fWIcY/tSFNlj+Ez/+MFs6fCzo47rCMYNpAw0m6eIL0pSoPDodlIpKbXSTXdb84ZF31j57Xpfs3jMvE4n5ABsQHn+oHB3kGcFK+47aLlZjr8u26Pl/stxQT6uVm1GXuw7t2y9YD7+mkW+D1ZCvnwgvu4Uv7imJKo4HWLGly0eXMRMPpdcG188JY1IDUMoqTgWmf5OdohOTgqSC/hCO5BoEv0mS1eMz07+nNlv/ivYoCHu47zXADSZxEAweflZTAyxmUObghH2tXMykuVheQmWDaH7oEfsFRG/QNtXgPSx8MiBM9mrYzrfWHm6a0fSSTK4X6kRP9Lpb1Ra2FkhFqfmKIjkG93LWd2fooCuinHvh9zh2uXrX+/uIa1TVIY8zUe1lkBUVA+/S0ODnXi0DHDHbksM5/1u/Ib/T/ihkjcbPwWyF9rph2sqUVAZxG870LtWn5lwK5bM76zOZ5e4GkFD0VYSPHPbUSei5cqlH5DuxmIvNdcLp4z4HFDMIKxIpQzhqdN0n1px7s6ZRgtp8kzIH1QvTvdu3wlHmM2cvRnbZtUR1pZPITFXc/+Xvuzm0nHHoza2lngNgEbMKoV0gFqOy/Y2X01S73sPawTxeTB5t/kr6lORnTWHrUgrdjBUuFJHnQYjMR1b2Iaw1FSBloYLHQzw/nUzh/OUrRIWgyWAHIOopwB11tlSgeUjYkz+v+YjOBl03CGf3hu5UGjzEmII7X7OsUVZI8qvs2QL2Ci7+NvlFGqZJaY7qbGsb8n2zsfIm+HtlSDJFggmJgYK96b8KbWnnQsd8oF96MM42c980VsS0fwC6r46SfdewtdVbRB94akeE6AaYAaAjQnvhMEiWup0MOswVIK0F9h/2+WGklRw2mvIedltBu5te8pu8qU5sxScER49hug41MXdtU6bypnFNScJuM0dxEtU3vJYg0P/5d+wZIKeimdXdC13DVJT03SPEv2cUDGBAJ3EhCTx+5ZS9em3fBhJ1e7oapravHQHGDJoCf9voPsgKWvk5RrrcUbq9oD+uZyDv0hKEmx7etu15/8wM+3tJWg/k1DkFM+UahiF2TE9g16GyajHQutBbcnTT8wPsmXQrqUOtrax+WoGfxpP/cpwj+ZnxEZ8w841xFLXsVGFHIjwsY74aCoPoTGVnqwhis+BFRE0/GbXLqIoLCAnYODCRf9nMtzqdygrYLgQ+LmFyq2jFksJxM4m2nXLpeFWHzyMl9X59m9IylBoxiE+reL7nXpqp0Yp2drlJKgG0O3/Fy5GJeYiXB2kZ9AymkBrJoJuPMAhwOVKnGahqtHYz8V0wNMWSEzZUg1horMUA6x0nwahF0gC5OTXltPOTGIT6U/PKjocTF5K6SVw+6r6+wkhwKcsHU7buuoE4er1d8WS5OJBlRCh+lwnWd4ezzkI1zNsI7omS3IHAiNsRru5IOCo851inhJZVOLRorXeFceR41JE3yN0nFfBhj4oflzCutCVCOLUxMUnXQhYaDlBSyrWx4lckqJYCmi0MqYwn5GR/u9jV9tJ/sHTSG/8hWJikpa6OB31aSadhmyoVagMtFy61tvEHPObNghT3tyLrKI1Xkps3o4TAp2Nvj6pmCZ9IWQM+KG1J7n+IvwKNCacs9CPvMIG9CvzOa+ciE5onESP4EQcbJHluJBMd2Hu+oZiYrQ9QC9quIi8KN3QSt9KywkYHDwAOaeiiiIjB0UFqFlDe5khiXlrYQNfASnzrATSNClbMmwUi7NADaipueYqBhytDmARfbtcL5Al3YHrIf/kEvNpbvnbi+vrNjfCyuHMSaJwUCwiga+vkaEYYDwFrQmd9h5jzj2HRZNL8PYMazAgTI4vBup9dsapPGZjoz86avMnnD+BD7SRc5CRzT/l4qL8vShkWh003rR5/0Zdy/w7xyZp9r07wmpuDPRYo0PGVTB3g4/Lbdcj6K9kyJMZStVjffvIvKPgCr4jrO+NwpBNjxrbr6//NyJ5zhp5GNva7xpMKZaXUiJt0JHuJVsWC9Mvc8zcTGSC3B+O01iE304N5WbBg/JXlQL8QLSEdPzA67Vtc6wKHjdrHoWbrpwgLFKgxXAfDtYm0l+4jAeCGPI3FkUJPpooobeSZKmOi8xYfC+P2P/dVxukdfRzaqboy5dpJ1KktD8SaxwO29U4bksG1Sa570wphXciMp65gISGw99Z48H4jKwbmAsC4Eb6A+wzo0eVSjz0lK89BmnoVSBylHSMBruSYWumxN4pg6fuGThWJPgUfRJlNsGyCIvjrUgqWw4kRz7NHKF1XZZR6g+3OHHmWlr4TJmAJTZ3+hoBI7M8r86+sx3LdD+jisQ+wbi0J7JSsr2FBPoTiMZOmOPzLusvzirIJtbr90yADrmcx/DUGw4E8Ve/oKEpa9f9Il2oPeHsLHkEyblCoHjXisIV67WRlslcUQKYw60E8B+ItW2uAVsfZLh+LRZkFnYMRcfQc+qk2EtkpRYkefG/vq9xLuYzwYnyk/Vxav8yIPg5E1EXbUmJG7TFOlpgGqotePyZlfelkapnq4WdU0t0/RVTpbwfNcKyBfC5BwIT9j17nHtj/u+7dEUj9xM03ZERmwukCSZnS5vXw38g22p57KJHqyE1Eo/OFCMvZ33EBeZImWWqhnoQDTBZdcSxiyGA6KUXZhaINArmfNE8OmYvQ6zzzc1eJdN7HBEypbKxLxFJ3Llog3GBJDLSiNzC5vD08i3v77wfIOmwjSiDotkFArKSwHPnRNm8Jq0SN6yBnIEM9Xdwuhuuk/+ZuLtXiP4F0+fd8nay8WcR8XbVHS9M9hzti1JwhCxZej4Lk8EzgPQ1mwQ8LS5WFC+H0DyfXlSStMlYrelTajNVUt5yVLGtxWFqPjrtt+4POPKXFWWqMW6cMo0YDF5TyR55CPfB+2VBmAryYm7K2HZF+KI59thhA1uEX/XUrMHidsM9NZoIQfHvZ/px3fVZJArHmd0pINA/v80uQeHr2Gd31W+h5fPz82NS0EBlhzHIUECt8/aJ4IujBgTJDs0HPHVzIH8btVTv7u2L9t9JIWBX/YD8Vj3ykFQ2o9rDXRK57W3iAgqEzHRrFCFBZbca3B0MDvpDZTNyRGf1hPMw8okqQk5ITPbRR/n/7RSHfLmyuGfODZ1SL3p0WlSKek1jAoAPexiY7rfJRCOFbH8yq++4R62K2AUKJqSi3VH2vDh4ZXLLmWLMOrITeRnPkkPijpee+XJwtdz9GRZ1qoFkPW/lk/xfP45aYMSBscaJcuDlncgJEjSE6bWVVtC57XbKvAjAFbZXV2vCWNFRUa50hFRM18jC+0Y8LOrGETOGJrnj6hLe4XIaoeYel3ZW4LyActa+HNSj/B5BPw8J4zuGmGaKhJLv3TrlEdzGIfKeJ9HTWB95iEKQcAl6mTBcPfmYOPRtG2UywwEyI/ZtutZ4uhRtxixSs+XQwL5GCYtdsbL35Dr1yY9bBU9czOW9K46ki8HtFo7GdvJRseEMsYtOP0Os/6ywJWq2dkrqHGibyIrJ8saAOR0Dg/mtwKeRBupFq1zRH+TikdMrpBIH8DW/gjs81UiL+TCs9QUVYn8ftvVQ23JTXeObxnvwhle7g6pmE/2XzP4Kc+U5+hgfPzbshJVxuBWfK+YZB51Lcsu1JPYVTGChZ5qRoEHHxDQHxTXNE2+XzSg0UI6b/r4acwYBJNTbF6xy1hGre+gqMQxayrtJ+gfCGq7v0C1ACLNCK17DYfJNAcW4kJqxIld7kseUbRvYV793AS57UeV06wCFNd9Zmyg/8xutNWyIIvzS3W+7Nj+54sIBleCUp7TEnIy7F3tiibon0aKLusbl9CRRtoJzTwSs0kA5s7Zd2FpPEKIuGoQOSLQLF00LqpCW0/x91HkVJDh1BZeY0n1BHASzVBga2TvVtnMA8sv8LBv635aLGZ7YeCoIJc8ddeZh9I0y1AT5R8bc8rkAYwDLN2G0cul+xOAZ71c8jeA36XC5ONYgjqSS0G6+T9DY1SPe/kgbl/awmhkoQR0zhBnne82/1aN1ytAivBLcxgpJkw7Q6pAbFAZzhqbqAX4Hp1mv14mGFPu1Y322C04zB2QCPmQQ+/+CNiFnP39HFK7Utm8uxMOTIIPHZO3hxdGVJ4epA3/Y9+ZQHOd7e6blskahApz+tCgALFg4vuaGBmgNFvSJzgcCnyv/w3p+ydVVPxC/fM+XMqGPwdFpznl35sCDh1NBcuQZMmcuCuskEqItX6h6Tc+IrZFX9f3SPmURc/RgdGisPs7JlIMfOpYw0b9vOL3lR0ByPqGvY08mhvTGDr9KndlaCpLS8RBm2yzxFyWbolJNCQNf/VOx44Gied9UIKCG9p85HqrCbc9dd8Q3kDfMf6hHbRFGmEPa8kSBzJ+tS4d73/CTboUWkE6D5to8YK0ZHFCM3t/sJMFQM54gR0/I6X6G1PzlRPYngnMmVWW6IncjfjbvpyXjLommqsjUmhKuOF/P9fYtLryvurneLq76aa0CccljNe1Rx4gUJTLIvJjmHilheK2OvArs1w1b1g/1pliTu60rqSrALIlu5Gwp9EZnW9832iiEDJcY3sUfJbabd83ED8ygonqmfoAow5pLDka13HWoqGtkjADRRAKc9WysDFAiBytzVH+fcM0entaXRALO2bjS0+tF8h0TuHZdnvdTOBQV54eM6q8kEV/C8VIC1nBjlFVnf8t4wFsde3rfzGatcSKvAE3UXwytjtJfjyOxyDKwfWIxXi3MfYJF8slUrOMywcPG8P9nFTmFp0lugx5BuAhG68A+G5o8ksJF4LLb9hy98WZsczLsfbWbhm3jeymIe2DNvsXYkfsvXGUaKGR+KfeK04UbWDmIbkZWs25l7H7h/QhttLMOnkWNLRyT3W1jlXz690XSLxyeWp+1RdPb9psnTf2v9S1iQdnvV8q1ihgqbT5CS6PWnEosegl+v2b+nw64SzSaRVXhLwQdkW6qnHvBVFbx86B4CmA+BmAxm1uGJGgBrO1in0sWWfo9pLbw95IEgkfofpMaWNKYao6BHE5Vdyq5a39hVp1LCTbVTVRQlQ3MFg2fLKKLUzVDY3086u8JkqQSCfqy+c2iOltC8SrnQ/Bdwpv6fxgoIZ+1f6F5PQwFE8IgyW5otnQ/G2BrU7Fk8eNKfnkGv58K6gQsb8iYUhVkb+ySvM4UMoglrK5gLA4VyshgOBpDTnyyQbpFXCr5X/priZ7PQEzeGwbPSdoNjeE3ixNkiiBXeIHpiuTDfM8VVWdTx4/PEDhI/y5bAKDlAYBOIuHG5rRjaiBsBq6VCxT2bB00rxJ34bp5oY0jgp0fdqivlI9FAn7tZ0L/a6Fac+YQukT5PYz1I+ucF3QNvePXEHROnmlHjuHR9Z3IigVsOqYZq6MjCPks35DIbP1xo5ODkVW5Wo9xnWubJzdpFhYMPvwkv77+XDJrAPCR22YwyrbqrrLJtalDIGuUMkp71e/DuNngznaLy+xMbKa1HNt3c3X6nu9qXw9shvR/HXpOcoz0mLjYX6rOSC5kWyMZpAs6e0VZB3Lh4I/hoelCIYx/mcQHoFSpUcXQD+cLmUWkJ8W4MMdCik8MdAl5RRRx1c5bU3sK9uUlpTBiQLU+TniOHdrDPakxAi99bVXMmBC98DIzZ8lY2osZm6lrLnrXyLpPkkeUeC9xrt7RpbZ1URcn8tDVO7TFnIKex12DfROr+GOUhdPWcjzcLvs1xU6Frilee5wVdA9PvSZnIx4jlnGBvtb3euNf6dN2c/HGYOuBjbMgEKWTA34AYoORBHwdOW8B4Kq6UVf2GVoXAxQd4/obFcofLFOb2rzA4XHM36b4WzsuhB4uDoPcKtIYEMCbuvevp7DfLn+dWQQhrc6k29caHh7mkEuPYtrcUZEZPArpTGlNQTXf766lFLvBqRGN01aKq5oPx7GldHWVn5mM9pbhPHiyZTwC22e5m/GTmXDnH8BsJH0hRf4cUtCdN95ID+DwoRNVzQUxQAT7DTksQqwslNATqlvXm6H087OuHjpcVEwouzNhgbnlUp+Q1KehtIJGmY9ZP9xhqqEB1zZtvghte9evlJhEe6M6cZPo1VmBOhRF6nSzIXI/5LU6nnc9s9VnkUN9q8BGvgCe1FoUttSxRyMaswtw200ztoTT3n206VhEScQQJtO1Qa5np9IHA0h1+H8c4iLoSiHCxU2vnK74QtN0JF38ZK6bMbMBXZuOF94ikykUiqntlRahHLw0+luQ0pwTLdiHlLpg1XCNeZjdsNRab6xekOmzYBI0T3Yv84n/A8ErgzVXKo13JyfgXQNgXU3KJLmRbAiAtTLUVZdsyB2Gtp2944pfCjuuogUeVo1ORq1IP0lsQ/MLvr+ntr9FlyWDCEVjToAyWOom3LQfshe1BNE+NgNCyyCvgBD4PEKixArLvccg2WKegUX+prNFSN3zQmBimjl/HMafqEhbf78Q7KYXXQajicrPROlRK0/NVhTE+3vJUOMzJ9+0HTo5H9q4S2ZpTnWtvoSLnHPGDsrthp31WcXiW4iOxdI5ZqK23F9Qovp9gzZPt9AdC1P2ph3bsYDohSY9/8q+1jSM07+hpWShLae0yn5K+J8/cFe9iJhejBn8/RlJtQyC//UMghkB3MYArzRc6xKCAY0G9dDIe2jd25/QeZgfU+sEL1jO+sCO7gIVBUUbXemY0korBTTkSHZqB3ln9SBpPXN4h/XbNxqw+emu1eULcBuBrlqin/GUYBxOJE2wEOYSP06QXqTI9O5Pxw7kdp8BqYfhAjkd+rLtxUMd+8NdKNcDSXWTMw/gX+lCBv6MvnRaytGVjXuh8ws+pGR3lT9XI1bVWxCr4tJJZBGD0mwZ4bG5KksqcHNk3oSBQEl/TdEw5yg8+WLJo1L74qFSNNIHP1ealjGU0Y6tNG8Kbsfh4KvgaT5KbtioHSkkG0oKV7bP1xMf5CTynYIJ01Z7D0F1xFqJ5g+FPqlTEIUHEQK3Te4TkcWSsn/T/Jv2zmU8tp9KjqZos+5xDT9ChBoqxlZZKryOf2h4Bl1c2eNynveAE5q3COL69WMOPKpaUs/dO1sOuhnjXqQcIold0vNS/rRS8eldT15lhggCvxYPBfLLedMQQM+RF9Z+VFVpxmDitT1gYZMKEcG436rP5XTIvu5vuZECLqLxq/1XTXFdSHo18g7EVHle+FKY+KgqaH+qqHsgoVb4rLGdymxafHWLmYGc1VJf5iUO2qNmOPOS+yPoZ9rkuHODYTPoHkDuA1bM5QJQJN/IR4F0PKBmJtWMy1LHucgaUwZDhtBYisDSnUkOObc1qMt2sPAIGEU9y+br4OAMLcP8Y8k5xZnPf/vvUV01E2X99hwxK8o8GHOTUCzNe6rTmn+r1syLPep5i+CI8l6t7RFm0susVJNyIXbAUsmu8lodIMiPfsQvcVGw2BB652AHVF1eUKlapdaUhJ0daIA+7JID0xHweVZk9J2ZWpe9B3D8f0WgjK7UoB4cvGwyBdT2FKOP/6oFg3V0p1gSiJWpKVg0SAm82SzgHVo+ih2J0A2POZsqExK3Wls4yleYUKhfbaRRO+qkrEAjcg7FrDROL6Z5Ej9hYJQnSlpsFt0UwMAhbMFLqZracTkBbgSOwLSf2Hsv6QxbG8afcHONtBs4u5+zGSvtizhOSti6NYXvC1o7KnbzZw/Yb8TZCudbcHpaKgRTHcXml8Zvb6qUyl1tpmc2jCdheZhul4DbyHxLyaFJIJ63DT4QT3x4fXTFCuDLrLivFr9YpNt53gngVVH8wbhs/OsozZY1Q3eE3jeEnt3yLqv5XcL4YyI3QnDlyFI6kfT+2+7OoNPRcWeDmfYD1FhfsHHgg1h5zZq11mbR75SPxF505wmQbT1iSPqXtfOHtUjej2/wx4ujRCzLxYZruH2vsJ92TVordXK1BkdW1pj4hKZm0uqHKrCWvlqu9PwGEZCVDaNq4lDx3Lid6xCVcSik5KjppBDZjQHEynWqlwy+8RaOtpGWORhTnbNTm/Jh7wUUFuhhIZHNKsOJHhMd2InU9Rl20KM1t6WkBH/tZpCytFZ3TF8R3EvZ0HzIkHQRah7cKMTeLHcWIeQzmGhXQM6QVUjhllyhsgu5ZC0hvoqf8duTjw6ZTyqB18ZDGNHMyTlj4cD2LIPzXNxacoX2RohFRQyYaEY1MyW68oCcphqayI3oY/6g6N8k3WUu5pK4akvNBiZdO6YlGdm2V8SqL5xHUco+V0Eam7626GaZF7K9abcYb7c4qYXLMTx7MKdF3ZLx8XaOudVpVw2sUWv0dCGZ+EwRcrOxwwNgs7EjR+QBpgQMcHYCc7+2Gg+gbMQ+TEP67YvWWod7knQxEFMwbRjmMcyFOUrC/GAaIFSxeN88hCr+rTusqlOmlRnkcyXlAW2Yr0bGlMzGOT14oeBHzox3fGdwha78axL3tvjllS1lt173j8Bupt8T2WGrENNabizd50VM/dQXJvG4NymYqcVzsx3HXs6N+lZ9o3KjUSPp0CgNjwqAktot3HqdmYPC6Y3Fnd6n5B8lxdqPNJ2G4sKKTt37f0sWFc83fepfu7TynlrDLclIx3fVqKVVwDqdoGE2RBy+bIOtU1kg1tJPVMvyXS+ilmyocUe5/tqo+gL/cLkZAkvEJBD+qW9IFOpjvplZxFkhq1O9JiEcvPjCHZO737a6FTIPTj13uzgtvF+PzYO6nCFn4bpX3fPFJDrYH/ezYG/frFl81GJa+Nzrs7kZBKx4eFxvoJhD0KJJ5zHu9vb7YBQLbJ5T5qrBhZfEZ812Ni4AWkeHszBVkxctQB5tAE3dd+c9YfVHJhc0wsHBgfWZ1sHG79mVtfxzssnBK1MnIv8XjkxrAJuBa0PHUze2N1F10WmuWv6ubH5sLStO2A59O4DFTngPH9AHqeYT2Gdjin9TFMWaL3tOwEIyLZsbQ8s2ZC9jVtpy68lMc6agjMiWnnd9r3AzS2C9LJUIdQp7rqlG/aVu47G1tvuGaZ7FhAEYOVBd3vXx1AO41e/8yVHVtKpBraO4zj8A1s4k2qo3VAjGhdenk5HVLj/WPktydfi+oYnOdfO2tQNiqF0eX0+e5Y2TZ0ErS3ZwVPKKg8oNy458EuvTYSra218suWkBCGhBWzpbd96n0LuO1wsB97FFtl+wmu4r4Nk/YvI96KJ5LKlQSuimHCViNSQRuqjV95oEZ2OUiiezYKbSHS4GwX2U0cr9f6b1Z7Zom+8eL+yc/4Bx49qIR7vTNPW7wHeT2sK5n6POJwtPLL96qG4Ye0ALoHFX1R5wEh/zBIzjQOthw5k0N6OC0mZvmfOVdVnahqVU0toG6k9mjaJ6G7+KARNAqLSPqGFTNeaQKx9ZO1xXiQ/XQT1YPO1nH+QZs19RsL9GtZZM3gYIraRAheKECm98KYWJfAXMawEGPjSVeCaHyj0JeQ9attnMHVis6Pwc/VDYwPL3ahIyBL3qS5ACcC1P51tCW883niOIg6YYPsU39RuT3OrMFvZO6yLVP7x48iyJ6mxs4hqGsNiJMPSvMWfpDN2NOdxuRvMVMPhHtrP+tEpSjGZdqdbkGnKXigBmdG5ren/l3yjlbkWoVQtGsTnRhXZ8nPo1SHwi403UnHIHb3TH73YK1uUmIAMBjlevDp51vnMinjml+36umViv1h4XcwKNbBPyY8zcTwZWPnFfEp6ucBZRmysif9KffNgQgAh2IvTo4H6/LGg5nAmSYAwe3CqRoIVBz1Am1uFqL2Ig5qi8Bmy0hi5USjC6jT0r6xmt3GVB9PtNU6kAU+rOHob9XhOLGUGdymHbDvnkAV0iEqfh5ZZHZpFizmtdQ5IEecaQfG32/g0QV2vDtPoM8+0F5V3i/y+xu8P26UrdwUjuz7tjLkUVhSHy0klHzc8htYy7kiINZI77O2EYWLPST5XngQPnmVQObBYLRyUHZBwFu/oaOa7pRwbRifHwBgic9Vagbv+//Sj7leFL7RcGPT2SefV5GJvL/Hmw2YeqIdzwrP1ZvpgEQRd0aqRYhN8XVUYOfJX0rtEv8pCVR0cqIDeXDirk7DrGqyxGjzvMU+mJkca5YnxKH1f7BNNQ3ZUOKK7eVsRakyR4xIzXAngLghc8sS5aY6aI00tyroVRy3DJi/br8Gc18I5Y5K5zKf0WxsCNpSGtgOzUb6OvcH/FvoKPGfYSS8iZJsxxTUDpSzNvjCuQv/Y94rRLLln3kpfQgObJxGoGkXPN7vgMXg6ks7IW8ClKV91P0IvHAOfoRIzT85s8lUav/POpWumzcOcbTTn5ouayq1Go+FVQZE30BW6W4bsISA+RikXHd+QgYde+Xh596zWiY+NI12UrNnxFjHzOtDQXKhSV7on7Zw3P/XQMD18qm4gP4xIRsVA9W2qGbyPzFSTERTF2hVXXsv8ZXTSkcLDtz5DZtAxhDcM4DcgHG0p8YdqbkCtlxx0cpZGFqsvDpcFRHfhPm48y2HEz1Zl7kYj/ICjvvLAkCNH5Jh4GVh8LGZ8aQJP9sBzL7jv4OAHGQ6MeiD99lDT81oJeYu6eJkKyxM7V8SYL9MtEy4aqQr8bDyP16hWsShFAN6RfgJq2Hczo2ef2mnzKuTQch35/8YESU4cAQ9JrFJ/FFLybq59uipusC19N8n0+W7Jyen7eznUMHB7pmN9AHJ8LtRGp1zdZsKHjFFOGF3PYoGZ3kMNvjCVwAGKoAOL78DESh7hm0XLcEMZyPF2d1kcTNDvezNHXoEbI4eKOxsRuX4DswgSzWQS4et5Rkcyq2aAJxDEs0drkxmM9T56e4WZwi2pYcf69GkhRR47afg9AXmy//9JqVyRU19dCYMAzJNPcVjeeUN7OOYL9wqjJlD92ip6J8ghFdV2EBpVS5FG3J4uFUIL7vBxxN2wlNSfxvUIJo822Tmn3x15MdLQ6X2VjgolzEGxtnF0QwMpCOX8CnZhoA3Ivq/d6IF5JCbCEQLTtNpxUIcdU9UoGVlOcm9/kQxhTgPE8KaoyWfbEBkUzX4wohPoxu3bf8vYm8LKSaXToo2VmLofuyh5/GHz7pUAqSt5n5uxXXQUPRNayivKTiT954i5ZDL8+ZPQFNOsrsCFi3a1BLiiknIk1Xzgv3fVbD1Vpo96wIKbJtqERFulJl4n//ethEDkT5SuW1WAOaLG0IWZGyiNhrKtwVRKA8o3+/GxSdCy+zZ72Rv6PPMn14Xe31IT6iwJMu6gSZee2t2c809rNUMsSPs6qpQGb1fe7qDVs4eVdN/sQzbFuZu3Mh9aQx4OboOVRmqhhl3HEXAu1348sGP5/CoMQu0JhIBO8X8kWO+6+C5zNQrni6IkzRJXZbrv2Zp9XGyLmV5wq2vhsvFEDFiDDor7YEbyq5r210osZuNGoiQ3gGH2QvMYIY8KbkYkKbSXcUb8UJX8UJ1bIAYzKXPSaazn51+oNdZsz/lIQJAtngpOwqAHT7YzJnnU6Dou97SSJf8ZhAYpgpW56zrSjFBgImUORUCP2wrCEcrVKD8ZDCOPC2Pgy3kV3phSIQ80Px3wmKZJWD4TSepJAt6mB1GSHehrn1Z6XSyswN6j5ao6s5Gd3zxpY0RrSVkApSuCyaZVtE69DvCxRUObnce6joV4rNhX+EgbN85xKFy5YIRGeZRQi5xTcSAwpb0vMk/9u+gVM7piuViruOPmr3wSw1atBvSYpMhwSbAtysa5tWEZI6TlzryjdqeRLu0j88HuZ0vWqk6BOG8g0jmQS/k+gcF4R7uEdWRHLw/oUpGZPX10805pFAxow7wMlQB8y8wlUGRZlzKJMAMrAFGYntXGuFKgK8EBVLv/rW8Z/kbqK9Ctq7uweKyB6UnUzUNzHsR11tW6sTevxNUkE+duHQJC2qPavBhuL+X4r5JcRXIWrhP0dUck9HKFFAXarhq84Jxtd1ZWzdvNQMA2SnJmEuKUJUO0vBYDxc+kRIhzQFarYtE7XkjgKIiTggjDWUpqEeBdF+FyUeDnvmyyM9NlFMOY6hd+QsK7R1iJrLpSgKCa0898RSpSntSfBW8l8wIJOjfAIlKahEnE5I4ztMjx76G6+z0AyXFbGu2lZJCcWzBXwNp33EeIpz2I49V4AMCjykPGY5bOeLPIlQhgoIzbXRgXGtyYbcrfeTD9UIQPGyzDmyfMu8DYR2pGr7TX+gytz6P5xMZrhJ4yTaxDcVDROqazSg9Ns9heSfMpcijfIpm0vnOHUvXFXFboOJVbAbh3U2NHDvUTBVKY8cEXr8/UF/LjEGY/KQlBACvYFFFWLF9C60CZITyAhMW9FH10eKjuXiQ4BO/CunuodMd59d+ytZJ/OYjKMVGGEzjoQonsIcK4FQtdqnarrWRNaRECMNjX1YyqtpQUDZoPl4gGxmzhdImnH5x4blwgQ7dRYXwNV852S6KM6p63DlJpz8iBVqNjOOSgJO3SuFktJoiIfAOpixVF3lnIpgPVeT3cCjj9CIV7aJBk6swc+0MA==</Value></TokenEntry></Values></UseKey><Claims><Values xmlns:q1="hxxp://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[17]"><TokenEntry><Name>SessionKey</Name><Value>g493nGizDsrvwGZ8mw2eFT/o+XsgOnja9XMWSJkKN0vXan/VQ54WTQQQM0FqZMkJHN93BU5qAxxUZGI+deeuwjUudxafw1lOCB4cORhwn6bgKO1Ve9OeRgbtBsFIRqoe2n73cS8BQij3W+nxLMV/CBG4PJn1YMMH5rO0k3t5rIftRKlU/Mda4US4GTV2ZSHjUzRfssbat7W2gWuLIFFyGHyuCJ6MZTz/D/0XjbLJSLqERU8uhUQxunY7TuYWuYh+ZpKKwlPYQFW6QXrWZI4EJZY0hf54tTl6Rf+SOAq2dhtUOB7necW+EP5mRhng9XGtIIevJdMyeiBBO34laPaoSw==</Value></TokenEntry><TokenEntry><Name>BindingType</Name><Value>edXoVjG6IcZLSA+wJ1yHsrIOu5xt163ceyKuMwfe+xc=</Value></TokenEntry><TokenEntry><Name>Binding</Name><Value>5VcLeL/A/HFlvbo6E6DVglN9izaul6Gs7bgZ2oW12cV6ep60uwGGF0a0ExgUDz8JpQzkULHF3zKJ7oynRXSvNQ==</Value></TokenEntry><TokenEntry><Name>ProductKey</Name><Value>FmZutAnA57IaoP9/1FOQLmDgbdsaWwKt+pxLKOpLQ5M=</Value></TokenEntry><TokenEntry><Name>ProductKeyType</Name><Value>edXoVjG6IcZLSA+wJ1yHspFGW1N5pUWe6ysPjxAwrDI=</Value></TokenEntry><TokenEntry><Name>ProductKeyActConfigId</Name><Value>UINBSwAZ+myLWG6Ia/ZvdRWfGHBepg4pcTd4gAC8R6wSIUTikwooeznqfHUq0guuddONUt5hkgvD4NkZZR+eEJX7/BWVHdSFqBcnYKaswQE=</Value></TokenEntry><TokenEntry><Name>SppSvcVersion</Name><Value>upaUa8CXdF8tx/PLi1s5Fg==</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.licenseCategory</Name><Value>B8zmesyUAQc5H/5w1h9Gq/93PHDXU8OMGzSRwgXG/MY=</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.licenseCategory</Name><Value>B8zmesyUAQc5H/5w1h9Gqxqx+n2lO4NgQkvNM+OCixI=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.sysprepAction</Name><Value>tv/sKwoJCRLHbOhGUFaEEA==</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.sysprepAction</Name><Value>tv/sKwoJCRLHbOhGUFaEEA==</Value></TokenEntry><TokenEntry><Name>ClientInformation</Name><Value>O2+2xyuvz1B5Uj9Qh5V4RWOHgrs4vKX397OIeaOreI7rQ6GyWAFpppwq7axyEoykq+ekHlLDb8Gxp9Y7GnHYKg==</Value></TokenEntry><TokenEntry><Name>ReferralInformation</Name><Value>Z3CQy/lGZu4qaDnPp6Z2clymTqTgHlibBPKxe3u0UD+aVnDeszccdHMulVP1VVwy5t558gMaZhj9sHhhrAr+5Q==</Value></TokenEntry><TokenEntry><Name>ClientSystemTime</Name><Value>VL8Na3yu0tG6vjf96BYr3PuRpUGcjZnnZ6PudkkU9CA=</Value></TokenEntry><TokenEntry><Name>ClientSystemTimeUtc</Name><Value>VL8Na3yu0tG6vjf96BYr3PuRpUGcjZnnZ6PudkkU9CA=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.secureStoreId</Name><Value>ZFjBd0s2ktq6EYJSK1O3Srrip30r23gvv8EjkT6R/16Wy071GAs1VNUsy7EOBtUV</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.secureStoreId</Name><Value>ZFjBd0s2ktq6EYJSK1O3Srrip30r23gvv8EjkT6R/16Wy071GAs1VNUsy7EOBtUV</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EE7, 20:22:45:360 - <NULL>)
00010003(0x80072EE7, 20:22:45:360)
Error: (04/10/2015 01:39:49 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x80072EE7RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9a8645c4-8908-49bb-8eec-6671a533b17a;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 11%
Total physical RAM: 16335.7 MB
Available physical RAM: 14407.11 MB
Total Pagefile: 19279.7 MB
Available Pagefile: 16708.02 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.54 GB) (Free:196.89 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E10F5C09)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E10F5C72)
Partition 1: (Not Active) - (Size=500 GB) - (Type=06)
Partition 2: (Not Active) - (Size=1363 GB) - (Type=06)
==================== End Of Log ============================
gmer.log: GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-10 19:04:09
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000037 Samsung_SSD_850_EVO_250GB rev.EMT01B6Q 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\Ogotox\AppData\Local\Temp\pxldapoc.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [2908:3016] fffff960008112d0
---- Processes - GMER 2.1 ----
Process C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor.exe (*** suspicious ***) @ C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor.exe [1460](2015-03-26 13:40:30) 0000000000b20000
Process C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.exe (*** suspicious ***) @ C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.exe [1340](2015-03-26 13:40:30) 0000000000c30000
Library C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.dll (*** suspicious ***) @ C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.exe [1340](2015-03-26 13:40:30) 0000000072ae0000
Library C:\Users\Ogotox\AppData\Local\CopyEditor\arvfs.dll (*** suspicious ***) @ C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.exe [1340](2015-04-09 18:31:29) 0000000071d40000
Library C:\Users\Ogotox\AppData\Local\CopyEditor\izeranv.dll (*** suspicious ***) @ C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.exe [1340](2015-03-26 13:40:32) 0000000072910000
Library C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\tbfhxkzi.dll (*** suspicious ***) @ C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.exe [1340](2015-04-09 18:31:18) 0000000072df0000
Process C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\cvcngm.exe (*** suspicious ***) @ C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\cvcngm.exe [732](2015-04-09 20:01:00) 0000000000d10000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1057907968
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1
---- EOF - GMER 2.1 ----
|
|
11.04.2015, 07:34
| #4 |
| /// the machine /// TB-Ausbilder | Windows8: permanente Virenfunde Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.04.2015, 12:54
| #5 |
| | Windows8: permanente Virenfunde AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.201 - Bericht erstellt 11/04/2015 um 13:38:42
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Ogotox - OGOPC
# Gestarted von : C:\Users\Ogotox\Downloads\AdwCleaner_4.201.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\865c7f35000071a9
Ordner Gelöscht : C:\Program Files (x86)\ProductUI
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\406e900f-88f7-e386-6d30-4c0f3a85c84e
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:51129;hxxps=127.0.0.1:51129
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v
-\\ Google Chrome v41.0.2272.118
*************************
AdwCleaner[R0].txt - [1771 Bytes] - [11/04/2015 13:38:14]
AdwCleaner[S0].txt - [1405 Bytes] - [11/04/2015 13:38:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1464 Bytes] ##########
JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 8.1 x64
Ran by Ogotox on 11.04.2015 at 13:44:20,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.04.2015 at 13:45:19,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Ogotox (administrator) on OGOPC on 11-04-2015 13:47:15
Running from C:\Users\Ogotox\Downloads
Loaded Profiles: Ogotox (Available profiles: Ogotox)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-02-20] (NVIDIA Corporation)
HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)
AppInit_DLLs: C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ktlmq.dll => C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ktlmq.dll [254560 2015-04-11] (TODO: <Company name>)
AppInit_DLLs-x32: C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\zeuvv.dll => C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\zeuvv.dll [127280 2015-04-11] (TODO: <Company name>)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Ogotox\AppData\Roaming\Mozilla\Firefox\Profiles\24mNpOke.default
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-09] (Google Inc.)
FF SearchPlugin: C:\Users\Ogotox\AppData\Roaming\Mozilla\Firefox\Profiles\24mNpOke.default\searchplugins\Web Search.xml [2015-04-11]
FF Extension: Avira Browser Safety - C:\Users\Ogotox\AppData\Roaming\Mozilla\Firefox\Profiles\24mNpOke.default\Extensions\abs@avira.com [2015-04-09]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-09]
CHR Extension: (Google Docs) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-09]
CHR Extension: (Google Drive) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-09]
CHR Extension: (YouTube) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-09]
CHR Extension: (Google Search) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-09]
CHR Extension: (Google Sheets) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-04-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-09]
CHR Extension: (Google Wallet) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-09]
CHR Extension: (Gmail) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-09]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S2 CopyEditor; C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor.exe [85504 2015-03-26] () [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-02-20] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-11 13:47 - 2015-04-11 13:47 - 00007290 _____ () C:\Users\Ogotox\Downloads\FRST.txt
2015-04-11 13:45 - 2015-04-11 13:45 - 00001091 _____ () C:\Users\Ogotox\Desktop\JRT.txt
2015-04-11 13:44 - 2015-04-11 13:44 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-OGOPC-Windows-8.1-(64-bit).dat
2015-04-11 13:44 - 2015-04-11 13:44 - 00000000 ____D () C:\RegBackup
2015-04-11 13:43 - 2015-04-11 13:43 - 02686959 _____ (Thisisu) C:\Users\Ogotox\Downloads\JRT.exe
2015-04-11 13:41 - 2015-04-11 13:41 - 00001544 _____ () C:\Users\Ogotox\Desktop\AdwCleaner[S0].txt
2015-04-11 13:37 - 2015-04-11 13:38 - 00000000 ____D () C:\AdwCleaner
2015-04-11 13:33 - 2015-04-11 13:33 - 02217984 _____ () C:\Users\Ogotox\Downloads\AdwCleaner_4.201.exe
2015-04-10 19:04 - 2015-04-10 19:04 - 00002370 _____ () C:\Users\Ogotox\Desktop\gmer.log
2015-04-10 18:56 - 2015-04-10 18:56 - 00380416 _____ () C:\Users\Ogotox\Downloads\Gmer-19357.exe
2015-04-10 18:53 - 2015-04-10 18:53 - 00050477 _____ () C:\Users\Ogotox\Downloads\Defogger (1).exe
2015-04-10 18:50 - 2015-04-10 18:50 - 00051638 _____ () C:\Users\Ogotox\Desktop\Addition.txt
2015-04-10 18:49 - 2015-04-11 13:47 - 00000000 ____D () C:\FRST
2015-04-10 18:49 - 2015-04-10 18:50 - 00025683 _____ () C:\Users\Ogotox\Desktop\FRST.txt
2015-04-10 18:49 - 2015-04-10 18:49 - 02095616 _____ (Farbar) C:\Users\Ogotox\Downloads\FRST64.exe
2015-04-10 18:47 - 2015-04-10 18:47 - 00050477 _____ () C:\Users\Ogotox\Downloads\Defogger.exe
2015-04-10 18:47 - 2015-04-10 18:47 - 00000474 _____ () C:\Users\Ogotox\Downloads\defogger_disable.log
2015-04-10 18:47 - 2015-04-10 18:47 - 00000000 _____ () C:\Users\Ogotox\defogger_reenable
2015-04-10 01:03 - 2015-04-10 00:07 - 00000000 ____D () C:\Windows\Panther
2015-04-10 00:12 - 2015-04-09 22:35 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1772424110-1775628108-1297487835-1001
2015-04-10 00:09 - 2015-04-11 13:36 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A5040671-7C3F-472A-A461-CCC16EFFDD79}
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 __SHD () C:\Users\Ogotox\AppData\Local\EmieUserList
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 __SHD () C:\Users\Ogotox\AppData\Local\EmieSiteList
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 __SHD () C:\Users\Ogotox\AppData\Local\EmieBrowserModeList
2015-04-10 00:07 - 2015-04-11 13:35 - 00427552 _____ () C:\Windows\WindowsUpdate.log
2015-04-10 00:07 - 2015-04-10 18:47 - 00000000 ____D () C:\Users\Ogotox
2015-04-10 00:07 - 2015-04-10 00:07 - 00001454 _____ () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-10 00:07 - 2015-04-10 00:07 - 00000020 ___SH () C:\Users\Ogotox\ntuser.ini
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Vorlagen
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Startmenü
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Netzwerkumgebung
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Lokale Einstellungen
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Eigene Dateien
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Druckumgebung
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Documents\Eigene Musik
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Documents\Eigene Bilder
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\AppData\Local\Verlauf
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\AppData\Local\Anwendungsdaten
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Anwendungsdaten
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\VirtualStore
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\Packages
2015-04-10 00:07 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-10 00:07 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-10 00:07 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-10 00:07 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-10 00:07 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-10 00:07 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2015-04-09 22:24 - 2015-04-09 22:24 - 00002271 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-09 22:24 - 2015-04-09 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-09 22:19 - 2015-04-11 13:39 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-09 22:19 - 2015-04-10 19:24 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-09 22:19 - 2015-04-09 22:19 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-09 22:19 - 2015-04-09 22:19 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-09 21:41 - 2015-04-11 13:39 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 21:41 - 2015-04-09 21:41 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-09 21:41 - 2015-04-09 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-04-09 21:41 - 2015-04-09 21:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-09 21:41 - 2015-04-09 21:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-04-09 21:41 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-09 21:41 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-09 21:41 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-09 21:29 - 2015-04-09 21:29 - 00002077 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-04-09 21:29 - 2015-04-09 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-09 21:28 - 2015-04-09 21:28 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\NVIDIA
2015-04-09 20:41 - 2015-04-09 22:23 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-09 20:41 - 2015-04-09 20:42 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\Google
2015-04-09 20:38 - 2015-04-09 20:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-04-09 20:35 - 2015-04-09 20:35 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\Mozilla
2015-04-09 20:35 - 2015-04-09 20:35 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\Steam
2015-04-09 20:33 - 2015-04-09 22:01 - 00000000 ____D () C:\ProgramData\Avira
2015-04-09 20:33 - 2015-04-09 20:33 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\dlg
2015-04-09 20:32 - 2015-04-09 20:43 - 00000000 ____D () C:\ProgramData\{fc7b26be-6ff1-20f3-fc7b-b26be6ff9af9}
2015-04-09 20:31 - 2015-04-11 13:41 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\CopyEditor
2015-04-09 20:31 - 2015-04-09 20:58 - 00000000 ____D () C:\ProgramData\Packer9dc087ae-908f-4f18-9cdf-58cd3413437f
2015-04-09 20:31 - 2015-04-09 20:31 - 00000000 ____D () C:\ProgramData\0008d14346ba46409439f1f5f96545bb
2015-04-09 20:28 - 2015-04-11 13:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-09 20:28 - 2015-02-20 01:18 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-04-09 20:28 - 2015-02-20 01:18 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-09 20:28 - 2015-02-05 21:07 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-09 20:28 - 2015-02-05 21:06 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-09 20:28 - 2015-02-05 19:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-09 20:28 - 2015-02-05 14:50 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-09 20:27 - 2015-04-10 17:17 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-09 20:27 - 2015-04-09 20:27 - 00000979 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-04-09 20:27 - 2015-04-09 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-09 20:25 - 2015-04-09 20:25 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\Macromedia
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-11 13:43 - 2014-11-21 05:35 - 01686150 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 13:43 - 2014-11-21 04:45 - 00726688 _____ () C:\Windows\system32\perfh007.dat
2015-04-11 13:43 - 2014-11-21 04:45 - 00151380 _____ () C:\Windows\system32\perfc007.dat
2015-04-11 13:39 - 2014-11-20 20:24 - 00444724 _____ () C:\Windows\PFRO.log
2015-04-11 13:39 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-11 13:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\TAPI
2015-04-10 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-10 17:27 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-10 16:37 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\tracing
2015-04-10 16:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\InputMethod
2015-04-10 01:03 - 2013-08-22 17:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2015-04-10 00:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-10 00:04 - 2013-08-22 17:37 - 00002988 _____ () C:\Windows\DtcInstall.log
2015-04-10 00:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\Recovery
2015-04-10 00:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-04-10 00:04 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default
2015-04-09 22:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Registration
2015-04-09 21:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2015-04-09 21:51 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-09 21:28 - 2013-08-22 16:46 - 00013071 _____ () C:\Windows\setupact.log
2015-04-09 20:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Help
Some content of TEMP:
====================
C:\Users\Ogotox\AppData\Local\Temp\avgnt.exe
C:\Users\Ogotox\AppData\Local\Temp\Quarantine.exe
C:\Users\Ogotox\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-09 22:35
==================== End Of Log ============================
|
|
12.04.2015, 07:05
| #6 |
| /// the machine /// TB-Ausbilder | Windows8: permanente VirenfundeESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Windows8: permanente Virenfunde |
|
12.04.2015, 16:40
| #7 | |
| | Windows8: permanente VirenfundeCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=46a80c3f7055b340aaa4c3d41de9ae45
# engine=23340
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-12 11:39:27
# local_time=2015-04-12 01:39:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 5921159 0 0
# scanned=139408
# found=8
# cleaned=0
# scan_time=504
sh=CEB8D59B9A1652CCBFAFC8CCA0E6EF1DE0F95855 ft=1 fh=da2a004dca05468f vn="Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ProductUI\uninstall.exe.vir"
sh=FC43D0B782136DD69B1342ECA09E5535C7015004 ft=1 fh=c71c0011abbc24ab vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\cvcngm.exe"
sh=5E6B1EE002F2130A58AE5CCEC8D2E17D4DDC522D ft=1 fh=c71c00110ed4918b vn="Variante von Win64/Toolbar.Linkury.A.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ddldxowo.dll"
sh=65808029CAC0FB87549557D02F13FDE09C308187 ft=1 fh=f706438655ddba66 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\djohvpvf.exe"
sh=BBD0B7F7445843568230A3C7CCABDF3B54349D1E ft=1 fh=3614f6bb1a5023c8 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\mouou.exe"
sh=740CBD99FEDB9C8BD394E07BDB48F07B82A1F492 ft=1 fh=c71c001184bb3793 vn="Variante von Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\rfme.dll"
sh=F6389A956DE9FD2471954F84EA6386CE6FAADC10 ft=1 fh=c71c0011af938b92 vn="Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ucfgcir.dll"
sh=2CA13DE81EB039D851339BEF387BB9A080E8E396 ft=1 fh=fc57b18e9842a978 vn="Win32/DownloadGuide.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ogotox\AppData\Local\Microsoft\Windows\INetCache\IE\QRL92YZN\avira_de_av___ws-Download.exe"
Code:
ATTFilter Results of screen317's Security Check version 1.00
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (41.0.2272.118)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Ogotox (administrator) on OGOPC on 12-04-2015 13:48:05
Running from C:\Users\Ogotox\Downloads
Loaded Profiles: Ogotox (Available profiles: Ogotox)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor.exe
() C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor_run.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\cvcngm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-02-20] (NVIDIA Corporation)
HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)
HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\...\MountPoints2: {56303fa4-e103-11e4-8260-d8cb8a3c36bd} - "G:\LaunchU3.exe" -a
AppInit_DLLs: C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ktlmq.dll => C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\ktlmq.dll [254560 2015-04-12] (TODO: <Company name>)
AppInit_DLLs-x32: C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\zeuvv.dll => C:\Users\Ogotox\AppData\Local\CopyEditor\ynrtr\zeuvv.dll [127280 2015-04-12] (TODO: <Company name>)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51129;https=127.0.0.1:51129
HKU\S-1-5-21-1772424110-1775628108-1297487835-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Ogotox\AppData\Roaming\Mozilla\Firefox\Profiles\24mNpOke.default
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-09] (Google Inc.)
FF SearchPlugin: C:\Users\Ogotox\AppData\Roaming\Mozilla\Firefox\Profiles\24mNpOke.default\searchplugins\Web Search.xml [2015-04-12]
FF Extension: Avira Browser Safety - C:\Users\Ogotox\AppData\Roaming\Mozilla\Firefox\Profiles\24mNpOke.default\Extensions\abs@avira.com [2015-04-09]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-09]
CHR Extension: (Google Docs) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-09]
CHR Extension: (Google Drive) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-09]
CHR Extension: (YouTube) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-09]
CHR Extension: (Google Search) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-09]
CHR Extension: (Google Sheets) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-04-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-09]
CHR Extension: (Google Wallet) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-09]
CHR Extension: (Gmail) - C:\Users\Ogotox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-09]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 CopyEditor; C:\Users\Ogotox\AppData\Local\CopyEditor\CopyEditor.exe [85504 2015-03-26] () [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-02-20] (NVIDIA Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-12 13:46 - 2015-04-12 13:46 - 00000667 _____ () C:\Users\Ogotox\Desktop\checkup.txt
2015-04-12 13:28 - 2015-04-12 13:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-04-12 13:22 - 2015-04-12 13:22 - 00852616 _____ () C:\Users\Ogotox\Desktop\SecurityCheck.exe
2015-04-12 13:16 - 2015-04-12 13:17 - 02347384 _____ (ESET) C:\Users\Ogotox\Downloads\esetsmartinstaller_deu.exe
2015-04-12 02:05 - 2015-04-12 13:02 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-12 02:05 - 2015-04-12 02:05 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-12 02:05 - 2015-04-12 02:05 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-11 14:48 - 2015-04-11 14:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-11 14:48 - 2015-02-26 21:14 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-11 14:31 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-04-11 14:31 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-04-11 14:31 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-04-11 14:31 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-04-11 14:31 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-04-11 14:31 - 2014-11-10 04:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2015-04-11 14:31 - 2014-11-10 03:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2015-04-11 14:30 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-11 14:30 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-11 14:30 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-11 14:30 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-11 14:30 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-11 14:30 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-11 14:30 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-11 14:30 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-11 14:30 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-11 14:30 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-11 14:30 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-11 14:30 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-04-11 14:30 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-11 14:30 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-11 14:30 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-11 14:30 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-11 14:30 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-11 14:30 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-11 14:30 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-11 14:30 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-04-11 14:30 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-04-11 14:30 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-11 14:30 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-04-11 14:30 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-11 14:30 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-11 14:30 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-11 14:30 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-11 14:30 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-11 14:30 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-11 14:30 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-11 14:30 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-11 14:30 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-11 14:30 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-04-11 14:30 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-11 14:30 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-11 14:30 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-11 14:30 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-11 14:30 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-11 14:30 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-11 14:30 - 2015-02-07 01:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-04-11 14:30 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-04-11 14:30 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-04-11 14:30 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-04-11 14:30 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-04-11 14:30 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-04-11 14:30 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-04-11 14:30 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-04-11 14:30 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-04-11 14:30 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-04-11 14:30 - 2015-01-30 05:01 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-04-11 14:30 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-04-11 14:30 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-04-11 14:30 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-04-11 14:30 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-04-11 14:30 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-04-11 14:30 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-04-11 14:30 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-04-11 14:30 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-11 14:30 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-04-11 14:30 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-04-11 14:30 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-11 14:30 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-04-11 14:30 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-04-11 14:30 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-04-11 14:30 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-04-11 14:30 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-04-11 14:30 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-04-11 14:30 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-04-11 14:30 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-04-11 14:30 - 2015-01-19 20:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-04-11 14:30 - 2015-01-16 00:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-11 14:30 - 2015-01-16 00:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-11 14:30 - 2015-01-14 06:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-04-11 14:30 - 2015-01-14 05:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-04-11 14:30 - 2015-01-12 03:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-11 14:30 - 2015-01-12 03:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-11 14:30 - 2014-12-19 10:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-11 14:30 - 2014-12-19 10:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-11 14:30 - 2014-12-19 08:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-04-11 14:30 - 2014-12-13 23:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-04-11 14:30 - 2014-12-13 23:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-04-11 14:30 - 2014-12-12 04:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-11 14:30 - 2014-12-12 02:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-04-11 14:30 - 2014-12-09 05:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-04-11 14:30 - 2014-12-09 03:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-11 14:30 - 2014-12-09 03:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-04-11 14:30 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-11 14:30 - 2014-11-22 04:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-11 14:30 - 2014-10-31 01:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-04-11 14:30 - 2014-10-31 01:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-04-11 14:29 - 2015-03-03 15:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-04-11 14:29 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-11 14:29 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-11 14:29 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-11 14:29 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-11 14:29 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-11 14:29 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-11 14:29 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-11 14:29 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-11 14:29 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-04-11 14:29 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-04-11 14:29 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-11 14:29 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-11 14:29 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-11 14:29 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-11 14:29 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-11 14:29 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-04-11 14:29 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-04-11 14:29 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-04-11 14:29 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-04-11 14:29 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-04-11 14:29 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-04-11 14:29 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-04-11 14:29 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-04-11 14:29 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-11 14:29 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-11 14:29 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-11 14:29 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-11 14:29 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-11 14:29 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-11 14:29 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-11 14:29 - 2015-01-12 04:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-11 14:29 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-11 14:29 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-04-11 14:29 - 2014-12-06 05:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-04-11 14:29 - 2014-12-06 03:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-04-11 14:29 - 2014-11-22 04:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-11 14:29 - 2014-11-10 01:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-11 14:29 - 2014-11-10 01:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-11 14:29 - 2014-11-10 01:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-11 14:29 - 2014-11-10 01:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-11 14:29 - 2014-10-31 00:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-04-11 14:29 - 2014-10-31 00:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-04-11 14:29 - 2014-10-29 04:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-11 14:29 - 2014-10-29 04:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-11 14:29 - 2014-10-29 03:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-11 14:29 - 2014-10-29 03:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-11 14:29 - 2014-10-29 03:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-11 14:29 - 2014-10-29 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-11 14:29 - 2014-10-29 03:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-11 14:29 - 2014-10-29 03:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-11 14:28 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-11 14:28 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-11 14:28 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-11 14:28 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-11 14:28 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-04-11 14:28 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-04-11 14:27 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-04-11 14:27 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-04-11 14:27 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-04-11 14:27 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-04-11 14:27 - 2014-12-08 21:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-04-11 14:27 - 2014-12-08 21:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-04-11 14:27 - 2014-12-08 21:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-04-11 14:27 - 2014-12-08 21:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-04-11 14:27 - 2014-12-08 21:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-04-11 14:27 - 2014-12-08 21:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-11 14:27 - 2014-12-08 21:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-04-11 14:27 - 2014-12-08 21:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-04-11 14:27 - 2014-12-06 03:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-04-11 13:49 - 2015-04-11 13:49 - 00023058 _____ () C:\Users\Ogotox\Desktop\FRST2.txt
2015-04-11 13:48 - 2015-04-11 13:48 - 00006349 _____ () C:\Users\Ogotox\Desktop\Addition2.txt
2015-04-11 13:47 - 2015-04-12 13:48 - 00008071 _____ () C:\Users\Ogotox\Downloads\FRST.txt
2015-04-11 13:47 - 2015-04-11 13:47 - 00006349 _____ () C:\Users\Ogotox\Downloads\Addition.txt
2015-04-11 13:45 - 2015-04-11 13:45 - 00001091 _____ () C:\Users\Ogotox\Desktop\JRT.txt
2015-04-11 13:44 - 2015-04-11 13:44 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-OGOPC-Windows-8.1-(64-bit).dat
2015-04-11 13:44 - 2015-04-11 13:44 - 00000000 ____D () C:\RegBackup
2015-04-11 13:43 - 2015-04-11 13:43 - 02686959 _____ (Thisisu) C:\Users\Ogotox\Downloads\JRT.exe
2015-04-11 13:41 - 2015-04-11 13:41 - 00001544 _____ () C:\Users\Ogotox\Desktop\AdwCleaner[S0].txt
2015-04-11 13:37 - 2015-04-11 13:38 - 00000000 ____D () C:\AdwCleaner
2015-04-11 13:33 - 2015-04-11 13:33 - 02217984 _____ () C:\Users\Ogotox\Downloads\AdwCleaner_4.201.exe
2015-04-10 19:04 - 2015-04-10 19:04 - 00002370 _____ () C:\Users\Ogotox\Desktop\gmer.log
2015-04-10 18:56 - 2015-04-10 18:56 - 00380416 _____ () C:\Users\Ogotox\Downloads\Gmer-19357.exe
2015-04-10 18:53 - 2015-04-10 18:53 - 00050477 _____ () C:\Users\Ogotox\Downloads\Defogger (1).exe
2015-04-10 18:50 - 2015-04-10 18:50 - 00051638 _____ () C:\Users\Ogotox\Desktop\Addition.txt
2015-04-10 18:49 - 2015-04-12 13:48 - 00000000 ____D () C:\FRST
2015-04-10 18:49 - 2015-04-10 18:50 - 00025683 _____ () C:\Users\Ogotox\Desktop\FRST.txt
2015-04-10 18:49 - 2015-04-10 18:49 - 02095616 _____ (Farbar) C:\Users\Ogotox\Downloads\FRST64.exe
2015-04-10 18:47 - 2015-04-10 18:47 - 00050477 _____ () C:\Users\Ogotox\Downloads\Defogger.exe
2015-04-10 18:47 - 2015-04-10 18:47 - 00000474 _____ () C:\Users\Ogotox\Downloads\defogger_disable.log
2015-04-10 18:47 - 2015-04-10 18:47 - 00000000 _____ () C:\Users\Ogotox\defogger_reenable
2015-04-10 01:03 - 2015-04-10 00:07 - 00000000 ____D () C:\Windows\Panther
2015-04-10 00:12 - 2015-04-12 13:12 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1772424110-1775628108-1297487835-1001
2015-04-10 00:09 - 2015-04-12 13:05 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A5040671-7C3F-472A-A461-CCC16EFFDD79}
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 __SHD () C:\Users\Ogotox\AppData\Local\EmieUserList
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 __SHD () C:\Users\Ogotox\AppData\Local\EmieSiteList
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 __SHD () C:\Users\Ogotox\AppData\Local\EmieBrowserModeList
2015-04-10 00:07 - 2015-04-12 13:42 - 01765110 _____ () C:\Windows\WindowsUpdate.log
2015-04-10 00:07 - 2015-04-10 18:47 - 00000000 ____D () C:\Users\Ogotox
2015-04-10 00:07 - 2015-04-10 00:07 - 00001454 _____ () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-10 00:07 - 2015-04-10 00:07 - 00000020 ___SH () C:\Users\Ogotox\ntuser.ini
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Vorlagen
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Startmenü
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Netzwerkumgebung
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Lokale Einstellungen
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Eigene Dateien
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Druckumgebung
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Documents\Eigene Musik
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Documents\Eigene Bilder
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\AppData\Local\Verlauf
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\AppData\Local\Anwendungsdaten
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 _SHDL () C:\Users\Ogotox\Anwendungsdaten
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\VirtualStore
2015-04-10 00:07 - 2015-04-10 00:07 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\Packages
2015-04-10 00:07 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-10 00:07 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-10 00:07 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-10 00:07 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-10 00:07 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-10 00:07 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-04-10 00:04 - 2015-04-10 00:04 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2015-04-09 22:24 - 2015-04-09 22:24 - 00002271 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-09 22:24 - 2015-04-09 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-09 22:19 - 2015-04-12 13:24 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-09 22:19 - 2015-04-12 13:02 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-09 22:19 - 2015-04-09 22:19 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-09 22:19 - 2015-04-09 22:19 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-09 21:41 - 2015-04-12 13:24 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 21:41 - 2015-04-09 21:41 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-09 21:41 - 2015-04-09 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-04-09 21:41 - 2015-04-09 21:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-09 21:41 - 2015-04-09 21:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-04-09 21:41 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-09 21:41 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-09 21:41 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-09 21:29 - 2015-04-09 21:29 - 00002077 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-04-09 21:29 - 2015-04-09 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-09 21:28 - 2015-04-09 21:28 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\NVIDIA
2015-04-09 20:41 - 2015-04-09 22:23 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-09 20:41 - 2015-04-09 20:42 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\Google
2015-04-09 20:38 - 2015-04-09 20:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-04-09 20:35 - 2015-04-09 20:35 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\Mozilla
2015-04-09 20:35 - 2015-04-09 20:35 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\Steam
2015-04-09 20:33 - 2015-04-09 22:01 - 00000000 ____D () C:\ProgramData\Avira
2015-04-09 20:33 - 2015-04-09 20:33 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\dlg
2015-04-09 20:32 - 2015-04-09 20:43 - 00000000 ____D () C:\ProgramData\{fc7b26be-6ff1-20f3-fc7b-b26be6ff9af9}
2015-04-09 20:31 - 2015-04-12 13:29 - 00000000 ____D () C:\Users\Ogotox\AppData\Local\CopyEditor
2015-04-09 20:31 - 2015-04-09 20:58 - 00000000 ____D () C:\ProgramData\Packer9dc087ae-908f-4f18-9cdf-58cd3413437f
2015-04-09 20:31 - 2015-04-09 20:31 - 00000000 ____D () C:\ProgramData\0008d14346ba46409439f1f5f96545bb
2015-04-09 20:28 - 2015-04-12 13:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-09 20:28 - 2015-04-09 20:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-09 20:28 - 2015-02-20 01:18 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-04-09 20:28 - 2015-02-20 01:18 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-09 20:28 - 2015-02-05 21:07 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-09 20:28 - 2015-02-05 21:07 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-09 20:28 - 2015-02-05 21:06 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-09 20:28 - 2015-02-05 19:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-09 20:28 - 2015-02-05 14:50 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-09 20:27 - 2015-04-10 17:17 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-09 20:27 - 2015-04-09 20:27 - 00000979 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-04-09 20:27 - 2015-04-09 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-09 20:25 - 2015-04-09 20:25 - 00000000 ____D () C:\Users\Ogotox\AppData\Roaming\Macromedia
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-12 13:41 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-04-12 13:29 - 2014-11-21 05:35 - 01686150 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 13:29 - 2014-11-21 04:45 - 00726688 _____ () C:\Windows\system32\perfh007.dat
2015-04-12 13:29 - 2014-11-21 04:45 - 00151380 _____ () C:\Windows\system32\perfc007.dat
2015-04-12 13:28 - 2013-08-22 16:46 - 00013831 _____ () C:\Windows\setupact.log
2015-04-12 13:07 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-12 13:02 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 13:02 - 2013-08-22 16:44 - 00338016 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-12 02:05 - 2014-11-21 12:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-12 02:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-12 02:05 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-11 19:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-11 14:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-11 14:47 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\restore
2015-04-11 14:47 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-11 14:30 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-04-11 13:39 - 2014-11-20 20:24 - 00444724 _____ () C:\Windows\PFRO.log
2015-04-11 13:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\TAPI
2015-04-10 16:37 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\tracing
2015-04-10 16:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\InputMethod
2015-04-10 01:03 - 2013-08-22 17:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2015-04-10 00:04 - 2013-08-22 17:37 - 00002988 _____ () C:\Windows\DtcInstall.log
2015-04-10 00:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\Recovery
2015-04-10 00:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-04-10 00:04 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default
2015-04-09 22:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Registration
2015-04-09 21:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2015-04-09 20:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Help
Some content of TEMP:
====================
C:\Users\Ogotox\AppData\Local\Temp\avgnt.exe
C:\Users\Ogotox\AppData\Local\Temp\Quarantine.exe
C:\Users\Ogotox\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-09 22:35
==================== End Of Log ============================
--- --- --- Zitat:
 beim Öffnen der Browsers kommt immernoch Snapdo...Trotzdem schonmal vielen Dank für die Hilfe. Huhu nochmal. Ich weiß, dass es hier nicht gerne gesehen wird, aber ich habe doch nochmal alleine gehandelt. Habe dabei genau das selbe was du mir geraten hast gemacht mit AdwCleaner und JRT, habe jedoch danach noch 2 Scans hinterhergeschickt von Malewarebytes Anti-Malware und von Hitman. Habe dabei einfach die Anleitung benutzt: Remove Adware.Linkular and Adware.Win32.Linkular (Removal Guide) Trotzdem weiß ich es sehr zu schätzen, dass mir hier so schnell geholfen wurde und bedanke mich vorallem für deine Hilfe, Schrauber. Nicht böse sein, dass ich auf einmal alleine gehandelt habe! Wünsche dir trotzdem noch viel Spaß weiterhin... Vielleicht sieht man sich ja noch einmal bei dem ein oder anderen Virus.  mfg Ogotox |
|
13.04.2015, 08:29
| #8 |
| /// the machine /// TB-Ausbilder | Windows8: permanente Virenfunde Da ist trotzdem noch was  Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Ogotox\AppData\Local\CopyEditor
RemoveProxy:
Emtpytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows8: permanente Virenfunde |
| allgemein, anti-malware, antimalware, automatisch, avira, brauche, browser, einfach, fehler, folge, fund, gmer, hängt, link, malwarebytes, neue, neuen, nichts, programme, quarantäne, steam, thema, viren, weitergeleitet, wenig ahnung, windows |
Linear-Darstellung
