Internet wird extrem langsam / Ereignislog - TCP, Vecna scan, syn flood

Patrickrei · 03.06.2015, 18:22

Ich habe seit geraumer Zeit das Problem dass mein internet jede minute extrem langsam wird oder sogar die verbindung trennt. Ich habe darauf im Router Menü nachgeschaut und habe folgendes in meinem Ereignislogbuch gefunden

06/01/2015 19:34:00 **TCP FIN Scan** 192.168.2.105, 65394->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:33:59 **TCP FIN Scan** 192.168.2.105, 65477->> 17.178.104.60, 443 (from PPPoE1 Outbound)
06/01/2015 19:33:59 **Vecna Scan** 192.168.2.105, 65392->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:33:58 **TCP FIN Scan** 192.168.2.105, 65529->> 17.178.104.60, 443 (from PPPoE1 Outbound)
06/01/2015 19:33:30 **Vecna Scan** 192.168.2.105, 64636->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:33:29 **TCP FIN Scan** 192.168.2.105, 65387->> 17.173.255.61, 443 (from PPPoE1 Outbound)
06/01/2015 19:33:28 **Vecna Scan** 192.168.2.105, 65369->> 17.173.255.61, 443 (from PPPoE1 Outbound)
06/01/2015 19:33:28 **TCP FIN Scan** 192.168.2.105, 65349->> 17.173.255.61, 443 (from PPPoE1 Outbound)
06/01/2015 19:33:27 **TCP FIN Scan** 192.168.2.105, 65190->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:33:27 **Vecna Scan** 192.168.2.105, 65022->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:33:26 **Vecna Scan** 192.168.2.105, 65006->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:33:25 **TCP FIN Scan** 192.168.2.105, 65383->> 17.173.255.61, 443 (from PPPoE1 Outbound)
06/01/2015 19:33:24 **TCP FIN Scan** 192.168.2.105, 65364->> 17.173.255.61, 443 (from PPPoE1 Outbound)
06/01/2015 19:33:24 **Vecna Scan** 192.168.2.105, 64153->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:33:08 **Vecna Scan** 192.168.2.105, 64335->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:33:08 **TCP FIN Scan** 192.168.2.105, 65235->> 17.173.255.61, 443 (from PPPoE1 Outbound)
06/01/2015 19:33:07 **TCP FIN Scan** 192.168.2.105, 65090->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:33:07 **TCP FIN Scan** 192.168.2.105, 65198->> 17.173.255.61, 443 (from PPPoE1 Outbound)
06/01/2015 19:31:30 **Vecna Scan** 192.168.2.105, 64990->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:31:30 **Vecna Scan** 192.168.2.105, 64613->> 17.154.239.23, 443 (from PPPoE1 Outbound)
06/01/2015 19:31:30 **TCP FIN Scan** 192.168.2.105, 64637->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:31:29 **Vecna Scan** 192.168.2.105, 64352->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:31:27 **TCP FIN Scan** 192.168.2.105, 64362->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:31:27 **Vecna Scan** 192.168.2.105, 64620->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:31:27 **TCP FIN Scan** 192.168.2.105, 65076->> 17.178.104.60, 443 (from PPPoE1 Outbound)
06/01/2015 19:31:26 **Vecna Scan** 192.168.2.105, 64121->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:31:26 **Vecna Scan** 192.168.2.105, 64118->> 17.154.239.47, 443 (from PPPoE1 Outbound)
06/01/2015 19:31:25 **TCP FIN Scan** 192.168.2.105, 65057->> 17.178.104.60, 443 (from PPPoE1 Outbound)
06/01/2015 19:31:25 **Vecna Scan** 192.168.2.105, 64606->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:31:24 **TCP FIN Scan** 192.168.2.105, 65033->> 17.178.104.60, 443 (from PPPoE1 Outbound)
06/01/2015 19:31:24 **TCP FIN Scan** 192.168.2.105, 64606->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:31:23 **Vecna Scan** 192.168.2.105, 64744->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:31:22 **TCP FIN Scan** 192.168.2.105, 64754->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:31:22 **TCP FIN Scan** 192.168.2.105, 65024->> 17.178.104.60, 443 (from PPPoE1 Outbound)
06/01/2015 19:31:22 **Vecna Scan** 192.168.2.105, 64742->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:31:13 **Vecna Scan** 192.168.2.105, 64356->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:31:13 **TCP FIN Scan** 192.168.2.105, 64364->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:31:13 **TCP FIN Scan** 192.168.2.105, 64935->> 17.178.104.60, 443 (from PPPoE1 Outbound)
06/01/2015 19:31:12 **TCP FIN Scan** 192.168.2.105, 64901->> 17.178.104.60, 443 (from PPPoE1 Outbound)
06/01/2015 19:31:11 **TCP FIN Scan** 192.168.2.105, 64302->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:31:11 **Vecna Scan** 192.168.2.105, 64135->> 2.16.200.93, 80 (from PPPoE1 Outbound)
06/01/2015 19:31:11 **TCP FIN Scan** 192.168.2.105, 64893->> 17.178.104.60, 443 (from PPPoE1 Outbound)

Dies wiederholt sich immer solange ich mit meinem PC verbunden bin. Als andere PCs verbunden waren ist dieser Fehler nicht aufgetreten.

Habe schon meinen PC zurückgesetzt, aber der Fehler taucht immer noch auf. (mir wichtige Daten habe ich natürlich vorher gesichert^^)

Vielen Dank schon mal für eure Hilfe.

schrauber · 03.06.2015, 19:28

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Patrickrei · 03.06.2015, 22:44

FRST
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Patrick (administrator) on MSI on 03-06-2015 19:32:02
Running from C:\Users\Patrick\Desktop
Loaded Profiles: Patrick (Available Profiles: Patrick)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\NAT.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\NAT.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-09-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13674712 2014-09-09] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3273480 2014-09-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2014-01-02] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [407720 2014-01-02] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKU\S-1-5-21-1533769876-572484846-1445401926-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1533769876-572484846-1445401926-1001\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
SearchScopes: HKU\S-1-5-21-1533769876-572484846-1445401926-1001 -> DefaultScope {99993BF4-46DC-4AC5-8CFA-93E7B4116595} URL = 
SearchScopes: HKU\S-1-5-21-1533769876-572484846-1445401926-1001 -> {99993BF4-46DC-4AC5-8CFA-93E7B4116595} URL = 
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-06-03] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-06-03] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-06-03] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-02] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-06-03]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-06-03]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-06-03]

Chrome: 
=======
CHR Profile: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-06-03]
CHR Extension: (Bookmark Manager) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-02]
CHR Extension: (Google Wallet) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-02]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2014-09-09] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [120016 2014-09-09] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-09-09] (Intel Corporation)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S4 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-01-02] (Micro-Star International Co., Ltd.) [File not signed]
S4 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-30] ()
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\NAT.exe [232424 2013-08-14] (Symantec Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-09-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-09-09] (NVIDIA Corporation)
S4 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-06-02] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-06-03] (Enigma Software Group USA, LLC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-09] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-09] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-30] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [98992 2014-06-27] (Qualcomm Atheros, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-02-04] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1419064 2014-02-21] (Motorola Solutions, Inc.)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
R3 ccSet_NAT; C:\Windows\system32\drivers\NATx64\0109000.00E\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-06-03] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-06-03] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [186064 2014-09-09] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [56008 2015-05-18] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247496 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [824008 2015-05-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [31432 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [69320 2014-11-20] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-18] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2014-09-09] (NVIDIA Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [466648 2014-09-09] (Realsil Semiconductor Corporation)
S3 SAlphamBth; C:\Windows\System32\drivers\SAlphabt64.sys [31232 2014-05-16] (SteelSeries Corporation)
S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)
R3 SAlphaPS2; C:\Windows\System32\drivers\SAlphaPS264.sys [27520 2014-05-16] (SteelSeries Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-09] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
S3 XFDriver64; D:\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 19:32 - 2015-06-03 19:32 - 00018329 _____ () C:\Users\Patrick\Desktop\FRST.txt
2015-06-03 19:31 - 2015-06-03 19:32 - 00000000 ____D () C:\FRST
2015-06-03 19:31 - 2015-06-03 19:31 - 02108928 _____ (Farbar) C:\Users\Patrick\Desktop\FRST64.exe
2015-06-03 19:30 - 2015-06-03 19:31 - 02108928 _____ (Farbar) C:\Users\Patrick\Downloads\FRST64.exe
2015-06-03 19:16 - 2015-06-03 19:16 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Macromedia
2015-06-03 16:38 - 2015-06-03 17:23 - 298870784 _____ () C:\Users\Patrick\Desktop\kav_rescue_10.iso
2015-06-03 16:12 - 2015-06-03 16:16 - 00000000 ____D () C:\Users\Patrick\Downloads\backups
2015-06-03 16:09 - 2015-06-03 16:14 - 00006545 _____ () C:\Users\Patrick\Downloads\hijackthis.log
2015-06-03 16:09 - 2015-06-03 16:09 - 00388608 _____ (Trend Micro Inc.) C:\Users\Patrick\Downloads\HiJackThis204.exe
2015-06-03 16:08 - 2015-06-03 16:08 - 00077909 _____ () C:\Users\Patrick\Downloads\dsl_log.log
2015-06-03 14:47 - 2015-06-03 14:47 - 00002329 _____ () C:\Users\Patrick\Desktop\Sicherer Zahlungsverkehr.lnk
2015-06-03 14:46 - 2015-06-03 19:13 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-06-03 14:46 - 2015-06-03 14:46 - 00002079 _____ () C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-06-03 14:46 - 2015-06-03 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-06-03 14:46 - 2015-06-03 14:46 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-06-03 14:46 - 2015-05-18 22:16 - 00824008 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2015-06-03 14:46 - 2014-11-28 18:19 - 00151240 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2015-06-03 14:46 - 2014-10-22 21:13 - 00247496 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klhk.sys
2015-06-03 14:46 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2015-06-03 14:45 - 2015-06-03 14:45 - 00001210 _____ () C:\ProgramData\SMRResults430.dat
2015-06-03 14:06 - 2015-06-03 14:41 - 180830416 _____ (Kaspersky Lab) C:\Users\Patrick\Downloads\kts15.0.2.361de-de.exe
2015-06-03 13:57 - 2015-06-03 13:57 - 00000000 ____D () C:\NPE
2015-06-03 13:55 - 2015-06-03 14:53 - 00000000 ____D () C:\Users\Patrick\AppData\Local\NPE
2015-06-03 13:55 - 2015-06-03 13:55 - 00000000 _____ () C:\autoexec.bat
2015-06-03 13:54 - 2015-06-03 17:48 - 00003258 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-06-03 13:54 - 2015-06-03 13:54 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Enigma Software Group
2015-06-03 13:49 - 2015-06-03 13:52 - 00000000 ____D () C:\sh4ldr
2015-06-03 13:31 - 2015-06-03 13:31 - 00000001 _____ () C:\Users\Public\Documents\dgc.txt
2015-06-03 13:24 - 2015-06-03 18:00 - 00000480 _____ () C:\WINDOWS\Tasks\ParetoLogic Registration3.job
2015-06-03 13:24 - 2015-06-03 13:57 - 00000575 _____ () C:\WINDOWS\Tasks\RegCure Pro_sch_6B091B35-09EB-11E5-8264-F816548747E4.job
2015-06-03 13:24 - 2015-06-03 13:57 - 00000454 _____ () C:\WINDOWS\Tasks\ParetoLogic Update Version3_triggeronce.job
2015-06-03 13:24 - 2015-06-03 13:57 - 00000454 _____ () C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
2015-06-03 13:24 - 2015-06-03 13:24 - 00003982 _____ () C:\WINDOWS\System32\Tasks\RegCure Pro_sch_6B091B35-09EB-11E5-8264-F816548747E4
2015-06-03 13:24 - 2015-06-03 13:24 - 00003248 _____ () C:\WINDOWS\System32\Tasks\ParetoLogic Update Version3
2015-06-03 13:24 - 2015-06-03 13:24 - 00003128 _____ () C:\WINDOWS\System32\Tasks\ParetoLogic Registration3
2015-06-03 13:24 - 2015-06-03 13:24 - 00002916 _____ () C:\WINDOWS\System32\Tasks\ParetoLogic Update Version3_triggeronce
2015-06-03 13:24 - 2015-06-03 13:24 - 00001216 _____ () C:\Users\Patrick\Desktop\RegCure Pro.lnk
2015-06-03 13:24 - 2015-06-03 13:24 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\ParetoLogic
2015-06-03 13:23 - 2015-06-03 13:23 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-06-03 13:23 - 2015-06-03 13:23 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2015-06-03 13:23 - 2015-06-03 13:23 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-06-03 13:23 - 2015-06-03 13:23 - 00000000 ____D () C:\Program Files (x86)\ParetoLogic
2015-06-03 13:21 - 2015-06-03 13:21 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-06-03 13:16 - 2015-06-03 13:22 - 06870552 _____ (ParetoLogic, Inc.) C:\Users\Patrick\Downloads\RegCureProSetup_F76BF36D-919D-4A25-8CD4-C66AD81BE7B2_.exe
2015-06-03 13:16 - 2015-06-03 13:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-06-03 13:11 - 2015-06-03 13:57 - 01827413 _____ () C:\Users\Patrick\Downloads\Nicht bestätigt 360479.crdownload
2015-06-03 12:55 - 2015-06-03 12:55 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Xfire
2015-06-03 12:55 - 2015-06-03 12:55 - 00000000 ____D () C:\ProgramData\Xfire
2015-06-03 05:40 - 2015-06-03 05:40 - 00000000 _____ () C:\Recovery.txt
2015-06-02 23:36 - 2015-06-02 23:36 - 00000000 ____D () C:\Users\Patrick\Desktop\Notepad++
2015-06-02 23:36 - 2015-06-02 23:36 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Notepad++
2015-06-02 22:35 - 2015-06-02 22:35 - 00000000 ____D () C:\Users\Patrick\Desktop\Neuer Ordner
2015-06-02 22:29 - 2015-06-03 15:04 - 00281768 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2015-06-02 22:28 - 2015-06-03 15:04 - 00281768 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2015-06-02 22:28 - 2015-06-03 14:10 - 00281768 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2015-06-02 22:28 - 2015-06-02 22:28 - 00840264 _____ () C:\WINDOWS\SysWOW64\pbsvc_GamesForGamers.exe
2015-06-02 22:28 - 2015-06-02 22:28 - 00840264 _____ () C:\Users\Patrick\Downloads\pbsvc_GamesForGamers.exe
2015-06-02 22:28 - 2015-06-02 22:28 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-06-02 22:25 - 2015-06-02 22:25 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\WinRAR
2015-06-02 22:25 - 2015-06-02 22:25 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-06-02 22:25 - 2015-06-02 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-06-02 22:25 - 2015-06-02 22:25 - 00000000 ____D () C:\Program Files\WinRAR
2015-06-02 22:24 - 2015-06-02 22:25 - 02060664 _____ () C:\Users\Patrick\Downloads\winrar-x64-521d.exe
2015-06-02 22:23 - 2015-06-02 22:23 - 00000000 ____D () C:\Users\Patrick\Desktop\Musik
2015-06-02 22:21 - 2015-06-02 22:23 - 03137034 _____ () C:\Users\Patrick\Downloads\pb.rar
2015-06-02 22:11 - 2015-06-02 22:11 - 00000000 ____D () C:\Users\Patrick\Desktop\TeamSpeak 3 Client
2015-06-02 21:56 - 2015-06-02 21:56 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Wireshark
2015-06-02 21:36 - 2015-06-02 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-06-02 21:36 - 2015-06-02 21:36 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2015-06-02 21:35 - 2015-06-03 09:53 - 00001788 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-06-02 21:35 - 2015-06-03 09:53 - 00000000 ____D () C:\Program Files\Wireshark
2015-06-02 21:23 - 2015-06-02 21:35 - 29840448 _____ (Wireshark development team) C:\Users\Patrick\Downloads\Wireshark-win64-1.12.5.exe
2015-06-02 21:19 - 2015-06-03 16:20 - 00000000 ____D () C:\Users\Patrick\AppData\Local\CrashDumps
2015-06-02 21:18 - 2015-06-02 21:18 - 00000000 ____D () C:\Users\Patrick\Desktop\ Malwarebytes Anti-Malware 
2015-06-02 21:15 - 2015-06-02 21:15 - 00000000 _____ () C:\Users\Patrick\agent.log
2015-06-02 21:14 - 2015-06-02 21:14 - 00000000 ____D () C:\Users\Patrick\AppData\Local\PunkBuster
2015-06-02 21:13 - 2015-06-02 23:13 - 00000296 _____ () C:\WINDOWS\Tasks\DLL-Files FixerASKUSER.job
2015-06-02 21:11 - 2015-06-02 21:13 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2015-06-02 21:08 - 2015-06-02 21:11 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2015-06-02 21:07 - 2015-06-03 17:49 - 00003112 _____ () C:\WINDOWS\System32\Tasks\RDReminder
2015-06-02 21:07 - 2015-06-03 13:57 - 00000304 _____ () C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job
2015-06-02 21:07 - 2015-06-03 13:57 - 00000288 _____ () C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2015-06-02 21:07 - 2015-06-02 21:07 - 00003018 _____ () C:\WINDOWS\System32\Tasks\DLL-Files.Com Fixer_Updates
2015-06-02 21:07 - 2015-06-02 21:07 - 00003004 _____ () C:\WINDOWS\System32\Tasks\DLL-Files.Com Fixer_MONTHLY
2015-06-02 21:07 - 2015-06-02 21:07 - 00001110 _____ () C:\Users\Public\Desktop\Dll-Files Fixer.lnk
2015-06-02 21:07 - 2015-06-02 21:07 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\dll-files.com
2015-06-02 21:07 - 2015-06-02 21:07 - 00000000 ____D () C:\ProgramData\TEMP
2015-06-02 21:07 - 2015-06-02 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
2015-06-02 21:07 - 2015-06-02 21:07 - 00000000 ____D () C:\Program Files (x86)\Dll-Files.com Fixer
2015-06-02 21:07 - 2015-02-17 11:20 - 00021040 _____ (Dll-Files.com) C:\WINDOWS\system32\roboot64.exe
2015-06-02 21:05 - 2015-06-02 21:07 - 05399808 _____ (Dll-Files.com ) C:\Users\Patrick\Downloads\dffsetup.exe
2015-06-02 21:00 - 2015-06-03 18:28 - 00000000 ____D () C:\Users\Patrick\Desktop\CoD4
2015-06-02 20:59 - 2015-06-02 20:59 - 00000180 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-06-02 20:58 - 2015-06-03 19:08 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-02 20:58 - 2015-06-03 17:47 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-02 20:58 - 2015-06-03 16:21 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C441D6BF-C694-4689-8E7F-42484A80D8E4}
2015-06-02 20:58 - 2015-06-02 21:33 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-02 20:58 - 2015-06-02 21:03 - 00004098 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-02 20:58 - 2015-06-02 21:03 - 00003862 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-02 20:58 - 2015-06-02 20:58 - 00000000 ____D () C:\Users\Patrick\AppData\Local\Micro-Star_International_
2015-06-02 20:58 - 2015-06-02 20:58 - 00000000 ____D () C:\Users\Patrick\AppData\Local\Google
2015-06-02 20:58 - 2015-06-02 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-02 20:57 - 2015-06-03 17:47 - 00000000 __RDO () C:\Users\Patrick\OneDrive
2015-06-02 20:57 - 2015-06-03 17:09 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1533769876-572484846-1445401926-1001
2015-06-02 20:57 - 2015-06-02 20:58 - 00000000 ____D () C:\Program Files (x86)\Google
2015-06-02 20:57 - 2015-06-02 20:57 - 00000000 __SHD () C:\Users\Patrick\AppData\Local\EmieUserList
2015-06-02 20:57 - 2015-06-02 20:57 - 00000000 __SHD () C:\Users\Patrick\AppData\Local\EmieSiteList
2015-06-02 20:54 - 2015-06-02 20:54 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Anti-Theft
2015-06-02 20:53 - 2015-06-02 20:53 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Intel Corporation
2015-06-02 20:52 - 2015-06-02 20:52 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-06-02 20:52 - 2015-06-02 20:52 - 00000000 ____D () C:\Users\Patrick\Documents\Meine empfangenen Dateien
2015-06-02 20:52 - 2015-06-02 20:52 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\SteelSeries
2015-06-02 20:52 - 2015-06-02 20:52 - 00000000 ____D () C:\Users\Patrick\AppData\Local\SteelSeries_ApS
2015-06-02 20:52 - 2015-06-02 20:52 - 00000000 ____D () C:\Users\Patrick\AppData\Local\PackageStaging
2015-06-02 20:52 - 2015-06-02 20:52 - 00000000 ____D () C:\Users\Patrick\AppData\Local\NVIDIA Corporation
2015-06-02 20:52 - 2015-06-02 20:52 - 00000000 ____D () C:\Users\Patrick\AppData\Local\MSIOnlineRegister
2015-06-02 20:52 - 2015-06-02 20:52 - 00000000 ____D () C:\Users\Patrick\AppData\Local\MSI
2015-06-02 20:51 - 2015-06-03 16:13 - 00000000 ____D () C:\Users\Patrick\AppData\Local\VirtualStore
2015-06-02 20:51 - 2015-06-02 21:04 - 00000000 ____D () C:\Users\Patrick\AppData\Local\Packages
2015-06-02 20:51 - 2015-06-02 20:51 - 00001460 _____ () C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-02 20:51 - 2015-06-02 20:51 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-06-02 20:51 - 2015-06-02 20:51 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Intel
2015-06-02 20:51 - 2015-06-02 20:51 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Adobe
2015-06-02 20:51 - 2015-06-02 20:51 - 00000000 ____D () C:\Users\Patrick\AppData\Local\NVIDIA
2015-06-02 20:50 - 2015-05-15 23:01 - 00133288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-06-02 20:50 - 2015-05-15 22:05 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-06-02 20:50 - 2015-05-15 21:47 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-06-02 20:50 - 2015-05-15 21:23 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-06-02 20:50 - 2015-05-15 20:42 - 03682304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-06-02 20:50 - 2015-05-15 20:32 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-06-02 20:50 - 2015-05-15 20:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-06-02 20:50 - 2015-05-15 20:28 - 02223104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-06-02 20:50 - 2015-05-15 20:28 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-06-02 20:50 - 2015-05-15 20:28 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-06-02 20:50 - 2015-05-15 20:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-06-02 20:50 - 2015-05-15 20:21 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-06-02 20:50 - 2015-05-15 20:21 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-06-02 20:50 - 2015-05-15 20:19 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-06-02 20:50 - 2015-05-15 20:19 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-06-02 20:49 - 2015-06-03 13:54 - 00000000 ____D () C:\Users\Patrick
2015-06-02 20:49 - 2015-06-02 20:49 - 00000020 ___SH () C:\Users\Patrick\ntuser.ini
2015-06-02 20:49 - 2015-06-02 20:49 - 00000000 _SHDL () C:\Users\Patrick\Vorlagen
2015-06-02 20:49 - 2015-06-02 20:49 - 00000000 _SHDL () C:\Users\Patrick\Startmenü
2015-06-02 20:49 - 2015-06-02 20:49 - 00000000 _SHDL () C:\Users\Patrick\Netzwerkumgebung
2015-06-02 20:49 - 2015-06-02 20:49 - 00000000 _SHDL () C:\Users\Patrick\Lokale Einstellungen
2015-06-02 20:49 - 2015-06-02 20:49 - 00000000 _SHDL () C:\Users\Patrick\Eigene Dateien
2015-06-02 20:49 - 2015-06-02 20:49 - 00000000 _SHDL () C:\Users\Patrick\Druckumgebung
2015-06-02 20:49 - 2015-06-02 20:49 - 00000000 _SHDL () C:\Users\Patrick\Documents\Eigene Musik
2015-06-02 20:49 - 2015-06-02 20:49 - 00000000 _SHDL () C:\Users\Patrick\Documents\Eigene Bilder
2015-06-02 20:49 - 2015-06-02 20:49 - 00000000 _SHDL () C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-06-02 20:49 - 2015-06-02 20:49 - 00000000 _SHDL () C:\Users\Patrick\AppData\Local\Verlauf
2015-06-02 20:49 - 2015-06-02 20:49 - 00000000 _SHDL () C:\Users\Patrick\AppData\Local\Anwendungsdaten
2015-06-02 20:49 - 2015-06-02 20:49 - 00000000 _SHDL () C:\Users\Patrick\Anwendungsdaten
2015-06-02 20:49 - 2015-03-14 02:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-06-02 20:49 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-06-02 20:49 - 2015-03-14 01:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-06-02 20:49 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-06-02 20:49 - 2014-09-09 19:02 - 00000000 ___RD () C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-02 20:49 - 2014-03-18 11:33 - 00000000 ___RD () C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-02 20:49 - 2014-03-18 11:13 - 00000369 _____ () C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-02 20:49 - 2014-03-18 11:13 - 00000369 _____ () C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-02 20:49 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-02 20:49 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-02 13:41 - 2015-06-03 19:32 - 01712871 _____ () C:\WINDOWS\WindowsUpdate.log
2015-06-02 13:41 - 2015-06-02 13:41 - 00002384 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1533769876-572484846-1445401926-500
2015-05-18 22:16 - 2015-05-18 22:16 - 00056008 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kldisk.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 19:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-06-03 18:23 - 2014-04-30 19:59 - 00794198 _____ () C:\WINDOWS\system32\perfh010.dat
2015-06-03 18:23 - 2014-04-30 19:59 - 00156618 _____ () C:\WINDOWS\system32\perfc010.dat
2015-06-03 18:23 - 2014-04-30 19:39 - 00715852 _____ () C:\WINDOWS\system32\perfh01F.dat
2015-06-03 18:23 - 2014-04-30 19:39 - 00150496 _____ () C:\WINDOWS\system32\perfc01F.dat
2015-06-03 18:23 - 2014-04-30 19:29 - 00725714 _____ () C:\WINDOWS\system32\perfh01D.dat
2015-06-03 18:23 - 2014-04-30 19:29 - 00152568 _____ () C:\WINDOWS\system32\perfc01D.dat
2015-06-03 18:23 - 2014-04-30 19:00 - 00781366 _____ () C:\WINDOWS\system32\perfh019.dat
2015-06-03 18:23 - 2014-04-30 19:00 - 00161902 _____ () C:\WINDOWS\system32\perfc019.dat
2015-06-03 18:23 - 2014-04-30 18:44 - 00789794 _____ () C:\WINDOWS\system32\prfh0816.dat
2015-06-03 18:23 - 2014-04-30 18:44 - 00164364 _____ () C:\WINDOWS\system32\prfc0816.dat
2015-06-03 18:23 - 2014-04-30 18:36 - 00775938 _____ () C:\WINDOWS\system32\prfh0416.dat
2015-06-03 18:23 - 2014-04-30 18:36 - 00159030 _____ () C:\WINDOWS\system32\prfc0416.dat
2015-06-03 18:23 - 2014-04-30 18:27 - 00798998 _____ () C:\WINDOWS\system32\perfh015.dat
2015-06-03 18:23 - 2014-04-30 18:27 - 00163880 _____ () C:\WINDOWS\system32\perfc015.dat
2015-06-03 18:23 - 2014-04-30 18:19 - 00798450 _____ () C:\WINDOWS\system32\perfh013.dat
2015-06-03 18:23 - 2014-04-30 18:19 - 00162528 _____ () C:\WINDOWS\system32\perfc013.dat
2015-06-03 18:23 - 2014-04-30 18:11 - 00441798 _____ () C:\WINDOWS\system32\perfh014.dat
2015-06-03 18:23 - 2014-04-30 18:11 - 00077450 _____ () C:\WINDOWS\system32\perfc014.dat
2015-06-03 18:23 - 2014-04-30 17:54 - 00743600 _____ () C:\WINDOWS\system32\perfh00E.dat
2015-06-03 18:23 - 2014-04-30 17:54 - 00178186 _____ () C:\WINDOWS\system32\perfc00E.dat
2015-06-03 18:23 - 2014-04-30 17:39 - 00409156 _____ () C:\WINDOWS\system32\perfh00D.dat
2015-06-03 18:23 - 2014-04-30 17:39 - 00065162 _____ () C:\WINDOWS\system32\perfc00D.dat
2015-06-03 18:23 - 2014-04-30 17:31 - 00802432 _____ () C:\WINDOWS\system32\perfh00C.dat
2015-06-03 18:23 - 2014-04-30 17:31 - 00159382 _____ () C:\WINDOWS\system32\perfc00C.dat
2015-06-03 18:23 - 2014-04-30 17:23 - 00427404 _____ () C:\WINDOWS\system32\perfh00B.dat
2015-06-03 18:23 - 2014-04-30 17:23 - 00081986 _____ () C:\WINDOWS\system32\perfc00B.dat
2015-06-03 18:23 - 2014-04-30 17:09 - 00800858 _____ () C:\WINDOWS\system32\perfh00A.dat
2015-06-03 18:23 - 2014-04-30 17:09 - 00166748 _____ () C:\WINDOWS\system32\perfc00A.dat
2015-06-03 18:23 - 2014-04-30 17:02 - 00542830 _____ () C:\WINDOWS\system32\perfh008.dat
2015-06-03 18:23 - 2014-04-30 17:02 - 00089394 _____ () C:\WINDOWS\system32\perfc008.dat
2015-06-03 18:23 - 2014-04-30 16:55 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-06-03 18:23 - 2014-04-30 16:55 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-06-03 18:23 - 2014-04-30 16:48 - 00456706 _____ () C:\WINDOWS\system32\perfh006.dat
2015-06-03 18:23 - 2014-04-30 16:48 - 00079958 _____ () C:\WINDOWS\system32\perfc006.dat
2015-06-03 18:23 - 2014-04-30 16:43 - 00731772 _____ () C:\WINDOWS\system32\perfh005.dat
2015-06-03 18:23 - 2014-04-30 16:43 - 00152016 _____ () C:\WINDOWS\system32\perfc005.dat
2015-06-03 18:23 - 2014-03-18 11:03 - 15624104 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-03 17:47 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-06-03 17:27 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-06-03 14:46 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-06-03 14:46 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-06-03 14:45 - 2014-04-30 22:47 - 00000000 ____D () C:\ProgramData\Norton
2015-06-03 14:45 - 2014-03-18 10:54 - 00688454 _____ () C:\WINDOWS\PFRO.log
2015-06-03 13:57 - 2013-08-22 15:44 - 00335992 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-03 13:21 - 2013-08-22 15:46 - 00034404 _____ () C:\WINDOWS\setupact.log
2015-06-03 05:40 - 2013-08-22 16:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-06-03 05:40 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-06-02 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-06-02 21:06 - 2014-04-30 17:10 - 00000000 ____D () C:\WINDOWS\Panther
2015-06-02 20:53 - 2014-04-30 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Anti-Theft
2015-06-02 20:53 - 2014-04-30 22:52 - 00003546 _____ () C:\WINDOWS\System32\Tasks\Norton Online Backup ARA
2015-06-02 20:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\uk-UA
2015-06-02 20:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\tr-TR
2015-06-02 20:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-06-02 20:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sl-SI
2015-06-02 20:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sk-SK
2015-06-02 20:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\ro-RO
2015-06-02 20:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\lv-LV
2015-06-02 20:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\lt-LT
2015-06-02 20:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\hr-HR
2015-06-02 20:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\he-IL
2015-06-02 20:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\et-EE
2015-06-02 20:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\bg-BG
2015-06-02 20:51 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-06-02 20:51 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-06-02 20:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-06-02 13:42 - 2013-08-22 16:37 - 00004552 _____ () C:\WINDOWS\DtcInstall.log
2015-06-02 13:41 - 2014-09-09 18:31 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-06-02 13:41 - 2013-08-22 15:46 - 00000116 _____ () C:\WINDOWS\setuperr.log

==================== Files in the root of some directories =======

2015-06-03 13:24 - 2015-06-03 13:55 - 0000115 _____ () C:\Users\Patrick\AppData\Roaming\LogFile.txt
2015-06-03 14:45 - 2015-06-03 14:45 - 0001210 _____ () C:\ProgramData\SMRResults430.dat

Files to move or delete:
====================
C:\ProgramData\SMRResults430.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-04-30 16:11

==================== End of log ============================

--- --- ---
AdditionFRST Additions Logfile:
[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Patrick at 2015-06-03 19:32:23
Running from C:\Users\Patrick\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1533769876-572484846-1445401926-500 - Administrator - Disabled)
Gast (S-1-5-21-1533769876-572484846-1445401926-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1533769876-572484846-1445401926-1003 - Limited - Enabled)
Patrick (S-1-5-21-1533769876-572484846-1445401926-1001 - Administrator - Enabled) => C:\Users\Patrick

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Total Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1405.0701 - Micro-Star International Co., Ltd.)
Boot Configure (HKLM-x32\...\{AB72B3BB-A389-4F62-86EE-C08326B4BE60}) (Version: 20.014.05233 - Micro-Star International Co., Ltd.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1408.201 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dll-Files Fixer (HKLM-x32\...\Dll-Files Fixer_is1) (Version: 3.2.81 - Dll-Files.com)
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1404.2401 - Micro-Star International Co., Ltd.)
Dragon Gaming Center (x32 Version: 1.0.1404.2401 - Micro-Star International Co., Ltd.) Hidden
ETDWare PS/2-X64 11.13.7.5_WHQL (HKLM\...\Elantech) (Version: 11.13.7.5 - ELAN Microelectronic Corp.)
Fotoattēlu galerija (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogaléria (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalerii (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Foto-galerija (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galerie foto (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galerija fotografija (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1414.3) (HKLM\...\{302600C1-6BDF-4FD1-1403-148929CC1385}) (Version: 17.0.1403.0442 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
MAGIX MX Suite (HKLM-x32\...\MAGIX_{43136332-880B-458A-966C-900C18752B66}) (Version: 1.13.0.121 - MAGIX AG)
MAGIX MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1408.1401 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1408.1401 - Micro-Star International Co., Ltd.) Hidden
MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.9.0.14 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.38 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.38 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Podstawowe programy Windows Live (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.45.1049 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.45.1049 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.1.45.1049 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.45.1049 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7318 - Realtek Semiconductor Corp.)
RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.2.15.0 - ParetoLogic, Inc.) <==== ATTENTION!
SCM (HKLM\...\{6692DCAF-A445-4C6B-AF31-3DD85FC06FBA}) (Version: 13.014.01026 - Application)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Sound Blaster Cinema 2 (HKLM-x32\...\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}) (Version: 1.00.05 - Creative Technology Limited)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
Valokuvavalikoima (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
Wireshark 1.12.5 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.5 - The Wireshark developer community, hxxp://www.wireshark.org)
XSplit Gamecaster (HKLM-x32\...\{13DCC429-29D0-48CF-8C68-A7196980A298}) (Version: 1.6.1404.2104 - SplitmediaLabs)
Συλλογή φωτογραφιών (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Основи Windows Live (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Фотоальбом (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Фотоколекція (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1533769876-572484846-1445401926-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

02-06-2015 20:50:23 Windows Modules Installer

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00F4880F-1762-435B-8B7B-8032D9C79914} - System32\Tasks\ParetoLogic Update Version3 => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe [2015-01-19] ()
Task: {065BC96D-7F44-4699-9B29-B1995A0C31CC} - System32\Tasks\ParetoLogic Update Version3_triggeronce => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe [2015-01-19] ()
Task: {1E34CDBF-2B4D-44C6-BD51-6DAA675EF79B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-02] (Google Inc.)
Task: {377B05CD-FE6E-4A64-914B-3CE61C5FF6D3} - System32\Tasks\RDReminder => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2015-02-17] (Dll-FIles.Com)
Task: {3CCA4253-A2FF-41E5-8ED3-8AFEB30E200C} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2015-02-17] (Dll-FIles.Com)
Task: {402E9EAD-13FC-4DE7-81E9-336991B95470} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {5DF439F6-036F-4BAD-8AEA-355FAF287326} - System32\Tasks\DLL-Files FixerASKUSER => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2015-02-17] (Dll-FIles.Com)
Task: {636BC9F9-1A76-44D6-B1E0-F34805FBE9A9} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-06-03] (Enigma Software Group USA, LLC.)
Task: {75DB18D3-5268-4303-8A73-54CDC5B7E93D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-02] (Google Inc.)
Task: {79215BB4-8E36-44AD-B935-D7DAB8B03644} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {7934C40A-3EC1-4402-A5E5-7214ABF6EA10} - System32\Tasks\MSI_OnlineRegister => C:\Program Files (x86)\MSI\MSI Remind Manager\MSIOnlineRegister.exe [2014-08-15] ()
Task: {88DBD76D-FD4C-4819-AA1E-04BBCE4EFBBA} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {8E742259-873F-4FDF-9515-2ED62D77F399} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {95BCD30E-ED37-4505-AD42-794E61F9BDF9} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {B618E1E9-BCFF-4A95-9A4E-854D624B4105} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-23] (TODO: <公司名稱>)
Task: {C268575C-D8EB-450F-9991-ADACAE278BC4} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2015-02-17] (Dll-FIles.Com)
Task: {E7DA3D5E-6E8B-4CDA-B1E3-894F4DCB4EB5} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {F5073A75-74DF-40F3-9456-84980194EE67} - System32\Tasks\RegCure Pro_sch_6B091B35-09EB-11E5-8264-F816548747E4 => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2015-01-19] (ParetoLogic, Inc.) <==== ATTENTION
Task: C:\WINDOWS\Tasks\DLL-Files FixerASKUSER.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\WINDOWS\system32\rundll32.exeGC:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3.job => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3_triggeronce.job => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\RegCure Pro_sch_6B091B35-09EB-11E5-8264-F816548747E4.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2014-09-09 18:31 - 2014-01-10 11:57 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-09 18:46 - 2014-01-27 18:51 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-09-09 18:46 - 2014-01-27 18:49 - 00364032 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-06-26 19:39 - 2014-06-26 19:39 - 00504832 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 09315328 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00015872 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00115200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2014-05-16 16:57 - 2014-05-16 16:57 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00034304 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-05-16 16:57 - 2014-05-16 16:57 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00189440 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00031744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00159744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00020992 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00029696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00023040 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2014-01-22 18:44 - 2014-01-22 18:44 - 00075912 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\WinIo64.dll
2013-05-23 17:15 - 2013-05-23 17:15 - 00025600 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\CoreAudioApi.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\kpcengine.2.3.dll
2015-06-02 21:33 - 2015-05-22 21:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-06-02 21:33 - 2015-05-22 21:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2014-09-09 18:28 - 2013-12-09 23:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-06-02 21:33 - 2015-05-22 21:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Patrick\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1533769876-572484846-1445401926-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Patrick\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\backgrounddefault.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7E7D73BB-7E6F-4151-9873-3DE155E61AF3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{80C8799B-C4A3-45D3-8EAF-561DC6575FD6}] => (Allow) LPort=2869
FirewallRules: [{A3E3A157-8298-42C5-81B5-4E33745E3FCF}] => (Allow) LPort=1900
FirewallRules: [{29896C0B-10FC-4DB4-8FD5-A2F83656F365}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C9ED40CE-A24F-4054-A12B-B885AC27C6C0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{30B2E2DE-9647-4156-B565-49654EDCFE9F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{020EA2C7-DE90-48A9-9768-F4AC45C45B72}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{FBA8D7FE-9A8C-4486-8A89-5617BF87280C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7AFDE0B0-5953-426A-B4E5-15FDBA3DDB08}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A496A1EF-DE50-466F-8F75-6E873CEA5AF5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6F2745D0-EF35-4D57-8085-B75FC18A1492}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E98436AC-5011-4AF4-BADF-8AEE12EA8799}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1FA5784C-B0A8-422F-8675-1BDBE92C0DAD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C90FD2F2-A0EB-4DB8-B0D1-11DCEBEE2DEF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{564C06B5-2979-40B3-8655-D8C3517ABDAC}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F5719F4F-B7AD-4C33-A963-E7BCC539BF2C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FE984050-4FBF-4601-BA0D-13BB9CDECF0B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B7969280-EE94-49C9-A502-C0BDED12C414}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{ED3546D2-9EF7-47E7-8E3C-D9E35D7B6A95}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{B4BCF5F2-0F69-4A3B-8D12-837F1FCC51C9}C:\users\patrick\desktop\cod4\iw3mp.exe] => (Allow) C:\users\patrick\desktop\cod4\iw3mp.exe
FirewallRules: [UDP Query User{CEE3AEF0-01BA-44AA-B36F-80DB49EA7B96}C:\users\patrick\desktop\cod4\iw3mp.exe] => (Allow) C:\users\patrick\desktop\cod4\iw3mp.exe
FirewallRules: [{BEA248C3-8C14-402C-BAA1-0E0C26609C16}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5AA7989C-D63B-4358-96F0-B530FAC0FD4C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DED98AC9-B754-4995-A320-E36B05563D6B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0B8E576C-EFB2-4D8B-9BEE-229E788B5257}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9CD55919-648A-4E1B-983A-7453A6B5890E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CC6D1DAB-42DC-4E5F-96DC-C888B4D37285}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2015 04:20:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.2.929, Zeitstempel: 0x552d3ec4
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x12dc
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5

Error: (06/03/2015 02:45:29 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (06/03/2015 02:40:17 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (06/03/2015 01:57:04 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (06/02/2015 11:25:11 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (06/02/2015 09:19:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.2.929, Zeitstempel: 0x552d3ec4
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x1c34
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5

Error: (06/02/2015 08:56:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)
Description: Bei der Aktivierung der App „winstore_cw5n1h2txyewy!Windows.Store“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (06/02/2015 08:52:09 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/02/2015 01:46:07 PM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )
Description: Die indizierten Daten von Windows Search für den Benutzer '<Event xmlns='hxxp://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2015-06-02T12:46:07.000000000Z'/><EventRecordID>1350</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>MSI</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>4D00530049005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>' können im Zuge der Löschung des Benutzerprofils nicht entfernt werden. Fehlercode %2.

%3.

Error: (06/02/2015 01:43:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 17.0.1403.430, Zeitstempel: 0x52ef79d8
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x9f7c2e98
ID des fehlerhaften Prozesses: 0xe00
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5


System errors:
=============
Error: (06/03/2015 07:07:04 PM) (Source: Schannel) (EventID: 4114) (User: MSI)
Description: Das vom Remoteserver erhaltene Zertifikat wurde von einer nicht vertrauenswürdigen Zertifizierungsstelle ausgestellt. Aus diesem Grund können keine der im Zertifikat enthalten Daten verifiziert werden. Fehler bei der SSL-Verbindungsanforderung. Die angehängten Daten enthalten das Serverzertifikat.

Error: (06/03/2015 07:07:04 PM) (Source: Schannel) (EventID: 4120) (User: MSI)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 48. Der Windows-SChannel-Fehlerstatus lautet: 552.

Error: (06/03/2015 07:06:52 PM) (Source: Schannel) (EventID: 4114) (User: MSI)
Description: Das vom Remoteserver erhaltene Zertifikat wurde von einer nicht vertrauenswürdigen Zertifizierungsstelle ausgestellt. Aus diesem Grund können keine der im Zertifikat enthalten Daten verifiziert werden. Fehler bei der SSL-Verbindungsanforderung. Die angehängten Daten enthalten das Serverzertifikat.

Error: (06/03/2015 07:06:52 PM) (Source: Schannel) (EventID: 4120) (User: MSI)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 48. Der Windows-SChannel-Fehlerstatus lautet: 552.

Error: (06/03/2015 07:06:39 PM) (Source: Schannel) (EventID: 4114) (User: MSI)
Description: Das vom Remoteserver erhaltene Zertifikat wurde von einer nicht vertrauenswürdigen Zertifizierungsstelle ausgestellt. Aus diesem Grund können keine der im Zertifikat enthalten Daten verifiziert werden. Fehler bei der SSL-Verbindungsanforderung. Die angehängten Daten enthalten das Serverzertifikat.

Error: (06/03/2015 07:06:39 PM) (Source: Schannel) (EventID: 4120) (User: MSI)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 48. Der Windows-SChannel-Fehlerstatus lautet: 552.

Error: (06/03/2015 07:06:38 PM) (Source: Schannel) (EventID: 4114) (User: MSI)
Description: Das vom Remoteserver erhaltene Zertifikat wurde von einer nicht vertrauenswürdigen Zertifizierungsstelle ausgestellt. Aus diesem Grund können keine der im Zertifikat enthalten Daten verifiziert werden. Fehler bei der SSL-Verbindungsanforderung. Die angehängten Daten enthalten das Serverzertifikat.

Error: (06/03/2015 07:06:38 PM) (Source: Schannel) (EventID: 4120) (User: MSI)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 48. Der Windows-SChannel-Fehlerstatus lautet: 552.

Error: (06/03/2015 05:38:02 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (06/03/2015 05:26:56 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.


Microsoft Office:
=========================
Error: (06/03/2015 04:20:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.2.929552d3ec4MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd12dc01d09e10e089285fC:\Users\Patrick\Desktop\ Malwarebytes Anti-Malware \mbam.exeC:\Users\Patrick\Desktop\ Malwarebytes Anti-Malware \MSVCR100.dll1e4fef0e-0a04-11e5-8267-f816548747e4

Error: (06/03/2015 02:45:29 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (06/03/2015 02:40:17 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\Program Files\WinZip\adxloader.dll.Manifestc:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (06/03/2015 01:57:04 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (06/02/2015 11:25:11 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (06/02/2015 09:19:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.2.929552d3ec4MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd1c3401d09d7178cac749C:\Users\Patrick\Desktop\ Malwarebytes Anti-Malware \mbam.exeC:\Users\Patrick\Desktop\ Malwarebytes Anti-Malware \MSVCR100.dllb6a0c3a4-0964-11e5-8264-f816548747e4

Error: (06/02/2015 08:56:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927142

Error: (06/02/2015 08:52:09 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/02/2015 01:46:07 PM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )
Description: <Event xmlns='hxxp://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2015-06-02T12:46:07.000000000Z'/><EventRecordID>1350</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>MSI</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>4D00530049005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>

Error: (06/02/2015 01:43:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: devmonsrv.exe17.0.1403.43052ef79d8unknown0.0.0.000000000c00000059f7c2e98e0001d09d31b40e7f0dC:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeunknownf1bfce21-0924-11e5-8262-f816548747e4


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 37%
Total physical RAM: 8111.15 MB
Available physical RAM: 5044 MB
Total Pagefile: 10031.15 MB
Available Pagefile: 5702.25 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:118.24 GB) (Free:57.82 GB) NTFS
Drive d: (Data) (Fixed) (Total:911.69 GB) (Free:688.2 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of log ============================

--- --- ---

--- --- ---

Danke für die schnelle rückmeldung

Ich bin auch für die radikalsten Sachen bereit durchzuführen.

schrauber · 04.06.2015, 20:20

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

RegCure Pro
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Patrickrei · 04.06.2015, 20:41

hxxp://www.file-upload.net/download-10666636/Screenshot_1.png.html
Bei mir kommt dieser fehler obwohl ich windows 8 (64bit) habe.

schrauber · 05.06.2015, 17:10

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Internet wird extrem langsam / Ereignislog - TCP, Vecna scan, syn flood

Log-Analyse und Auswertung: Internet wird extrem langsam / Ereignislog - TCP, Vecna scan, syn flood