Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 02.07.2015, 16:44   #1
BlackDahlia
 
McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen - Standard

McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen



Hallo,

ich war mit meinen Laptop in einem Bibliotheks-Wlan als McAfee mir einen unbekannten Computer in meinem Netzwerk meldete. Es war eine reine Meldung, sowas wie eine Blockieroption etc. gab es nicht. Unter "Mein Netzwerk" (in McAfee) konnte ich den fremden PC als "offline" sehen und bin sofort in den Flugzeugmodus.

Als ich den PC bei einem Freund hochfuhr & dort ins WLAN bin, passierte es wieder, diesmal hatte der fremde PC eine andere IP-Adresse (ähnlich zu der des Standorts wie auch beim 1.Mal) und war "online".

Ich habe mich an die Anleitung im Forum gehalten - habe jedoch alles im Flugzeugmodus durchgeführt:
1.
Beim Ausführen von Defogger kam diese Fehlermeldung - dann habe ich nochmal drauf geklickt & es lief:

Application Error
"Exception EAccessViolation in module ERUNT.exe at 00003A68.
Access violation at adress 00403A68 in module 'ERUNT.exe'. Write of address 00650065."

2.
FRST problemlos ausgeführt.

3.
Beim starten von GMER kam diese Fehlermeldung:

"C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird."

Habe auf OK geklickt, dann kam "GMER...exe funktioniert nicht mehr".
Ich nutze McAfee LiveSafe und hatte darin den "Antiviren und Anti-Spyware-Schutz" deaktiviert.
Habe zusätzlich die McAfee Firewall deaktiviert, daraufhin kam zwar die gleiche Fehlermeldung, aber ich konnte dann den Scan ausführen. Die Fehlermeldung tauchte kurz vor Ende des Scans nochmal auf.
Hier alle Files, meinen Namen habe ich durch ****** ersetzt


Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:29 on 02/07/2015 (*******)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by ******* (administrator) on AS on 02-07-2015 16:36:05
Running from C:\Users\*******\Desktop
Loaded Profiles: ******* (Available Profiles: *******)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
() C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Dell) C:\Program Files\Dell\Dell Data Services\DDSSvc.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_6.3.9654.20335_x64__8wekyb3d8bbwe\time.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\mcods.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dropbox, Inc.) C:\Users\*******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Temp\2FF70255-C7DE-4E42-82B0-AD3D20EB4E4F\DismHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-14] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-31] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2825968 2014-05-22] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1715588178-1030613774-720089848-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\*******\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKU\S-1-5-21-1715588178-1030613774-720089848-1001\...\Run: [Dropbox Update] => C:\Users\*******\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-1715588178-1030613774-720089848-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-04-28] (Samsung)
HKU\S-1-5-21-1715588178-1030613774-720089848-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1715588178-1030613774-720089848-1001\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-04-28] (Samsung)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-12-26]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1715588178-1030613774-720089848-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1715588178-1030613774-720089848-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1715588178-1030613774-720089848-1001 -> DefaultScope {D5D4C8BD-ED99-4E00-AA9B-E9F35978EEBC} URL = 
SearchScopes: HKU\S-1-5-21-1715588178-1030613774-720089848-1001 -> {D5D4C8BD-ED99-4E00-AA9B-E9F35978EEBC} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-04-07] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DA44DF3E-4DDE-448D-822C-8263806710A3}: [DhcpNameServer] 172.31.1.171
Tcpip\..\Interfaces\{F4779253-002C-4C77-B7AE-EB9F2F733C6B}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\2cpxtkon.default-1435082270330
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-29] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-29] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-02-19]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2015-02-28]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-02-19]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-16]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-11-27] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 Dell Data Services; C:\Program Files\Dell\Dell Data Services\DDSSvc.exe [45936 2014-11-13] (Dell)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [92528 2015-05-05] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-02-25] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-06-04] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [333584 2013-09-26] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-09] (Realtek Semiconductor)
R2 SamsungUPDUtilSvc; C:\Windows\SysWOW64\SecUPDUtilSvc.exe [118576 2014-11-26] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-27] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2013-11-27] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-05-22] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 16:36 - 2015-07-02 16:36 - 00021312 _____ C:\Users\*******\Desktop\FRST.txt
2015-07-02 16:35 - 2015-07-02 16:36 - 00000000 ____D C:\FRST
2015-07-02 16:29 - 2015-07-02 16:29 - 00000476 _____ C:\Users\*******\Desktop\defogger_disable.log
2015-07-02 16:29 - 2015-07-02 16:29 - 00000000 _____ C:\Users\*******\defogger_reenable
2015-07-02 16:16 - 2015-07-02 16:16 - 00001041 _____ C:\Users\Public\Desktop\MozBackup.lnk
2015-07-02 16:16 - 2015-07-02 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2015-07-02 16:16 - 2015-07-02 16:16 - 00000000 ____D C:\Program Files (x86)\MozBackup
2015-07-02 16:00 - 2015-07-02 14:36 - 02112512 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe
2015-07-02 16:00 - 2015-07-02 14:33 - 00380416 _____ C:\Users\*******\Desktop\Gmer-19357.exe
2015-07-02 16:00 - 2015-07-02 14:26 - 00050477 _____ C:\Users\*******\Desktop\Defogger.exe
2015-07-02 14:36 - 2015-07-02 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-06-29 17:36 - 2015-07-02 15:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-29 17:36 - 2015-06-29 17:36 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-23 14:45 - 2015-06-23 14:45 - 00004022 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-06-23 14:45 - 2015-06-23 14:45 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-06-23 14:45 - 2015-06-23 14:45 - 00003210 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-06-23 14:45 - 2015-06-23 14:45 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-06-23 14:45 - 2015-06-23 14:45 - 00000000 ____D C:\Program Files\Dell Support Center
2015-06-22 12:07 - 2015-06-22 12:07 - 00000000 ____D C:\Program Files (x86)\MarkAny
2015-06-22 11:49 - 2015-06-22 12:09 - 00000000 ____D C:\Users\*******\Documents\SelfMV
2015-06-22 11:45 - 2015-06-22 11:45 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2015-06-22 11:40 - 2015-06-22 11:41 - 01198368 _____ C:\Users\*******\Downloads\MyPhoneExplorer - CHIP-Installer.exe
2015-06-22 11:40 - 2014-10-13 07:57 - 00188232 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadmdm.sys
2015-06-22 11:40 - 2014-10-13 07:57 - 00169288 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadbus.sys
2015-06-22 11:40 - 2014-10-13 07:57 - 00158024 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadserd.sys
2015-06-22 11:40 - 2014-10-13 07:57 - 00021320 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadmdfl.sys
2015-06-22 11:40 - 2014-10-13 07:57 - 00017736 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadwhnt.sys
2015-06-22 11:40 - 2014-10-13 07:57 - 00017736 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadwh.sys
2015-06-22 11:40 - 2014-10-13 07:57 - 00017224 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadcmnt.sys
2015-06-22 11:40 - 2014-10-13 07:57 - 00017224 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadcm.sys
2015-06-22 11:09 - 2015-06-22 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-06-22 11:09 - 2013-04-18 19:06 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2015-06-22 11:04 - 2015-06-22 11:05 - 69552992 _____ (Samsung Electronics Co., Ltd. ) C:\Users\*******\Downloads\KiesSetup(1).exe
2015-06-22 10:41 - 2015-06-22 11:22 - 00000000 ____D C:\Users\*******\AppData\Roaming\Samsung
2015-06-22 10:41 - 2015-06-22 10:41 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-06-22 10:41 - 2015-06-22 10:41 - 00000000 ____D C:\Users\*******\Documents\samsung
2015-06-22 10:41 - 2015-06-22 10:41 - 00000000 ____D C:\Users\*******\AppData\Local\Samsung
2015-06-22 10:35 - 2013-12-30 10:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2015-06-22 10:35 - 2013-04-18 19:08 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2015-06-18 11:04 - 2015-06-18 11:04 - 00000000 ___RD C:\Users\*******\Documents\Notes
2015-06-17 19:10 - 2015-06-17 19:10 - 00000000 ____D C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-17 19:09 - 2015-07-02 15:14 - 00001238 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1715588178-1030613774-720089848-1001UA.job
2015-06-17 19:09 - 2015-06-29 19:14 - 00001186 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1715588178-1030613774-720089848-1001Core.job
2015-06-17 19:09 - 2015-06-17 19:09 - 00004188 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1715588178-1030613774-720089848-1001UA
2015-06-17 19:09 - 2015-06-17 19:09 - 00003808 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1715588178-1030613774-720089848-1001Core
2015-06-17 19:08 - 2015-06-17 19:08 - 00000000 ____D C:\Users\*******\AppData\Local\Dropbox
2015-06-17 19:08 - 2015-06-17 19:08 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-16 14:46 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-16 14:46 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-16 14:46 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-16 14:46 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-16 14:46 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-16 14:46 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-16 14:46 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-16 14:46 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-16 14:46 - 2015-04-09 00:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-16 14:46 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-16 14:46 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-16 14:46 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-16 14:46 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-16 14:46 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-16 14:46 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-16 14:46 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-16 14:46 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-16 14:46 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-16 14:46 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-16 14:46 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-16 14:46 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-16 14:46 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-16 14:46 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-16 14:46 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-16 14:46 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-16 14:46 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-16 14:46 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-16 14:46 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-16 14:46 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-16 14:46 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-16 13:51 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-06-10 16:00 - 2015-06-20 05:02 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 16:00 - 2015-06-20 05:02 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 12:41 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 12:41 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 12:41 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 12:41 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 12:41 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 12:41 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 12:41 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 12:41 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 12:41 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 12:41 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 12:41 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-10 12:41 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-10 12:41 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 12:41 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 12:41 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 12:41 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 12:41 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-10 12:41 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 12:41 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 12:41 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 12:41 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 12:41 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 12:41 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 12:41 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 12:41 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 12:41 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 12:41 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 12:41 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 12:41 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-10 12:41 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 12:41 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-10 12:41 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-10 12:41 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 12:41 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 12:41 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 12:41 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 12:41 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 12:41 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-10 12:41 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 12:41 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 12:41 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 12:41 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 12:41 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-06 16:49 - 2015-06-06 16:49 - 00000000 ____D C:\Users\*******\AppData\Roaming\Bildverkleinerer
2015-06-06 16:13 - 2015-06-06 16:14 - 01197344 _____ C:\Users\*******\Downloads\Der grandiose Bildverkleinerer - CHIP-Installer.exe
2015-06-06 15:42 - 2015-06-06 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ant Renamer
2015-06-06 15:42 - 2015-06-06 15:42 - 00000000 ____D C:\ProgramData\Ant Renamer
2015-06-06 15:42 - 2015-06-06 15:42 - 00000000 ____D C:\Program Files (x86)\Ant Renamer
2015-06-06 15:10 - 2015-06-06 15:11 - 01197344 _____ C:\Users\*******\Downloads\Ant Renamer - CHIP-Installer.exe
2015-06-06 13:15 - 2015-06-06 13:15 - 19756513 _____ C:\Users\*******\Documents\George and Bennett 2005 - Case Studies and theory development in the social sciences.zip
2015-06-06 12:53 - 2015-06-06 16:55 - 00000000 ____D C:\Users\*******\Downloads\VirtualDubMod_1_5_10_2_All_inclusive
2015-06-06 12:06 - 2015-06-06 12:06 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2015-06-06 12:05 - 2015-06-06 12:05 - 00000000 ____D C:\Users\*******\AppData\Local\GWX
2015-06-05 13:02 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-05 13:02 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-05 10:57 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-05 10:57 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-05 10:57 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-05 10:57 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-05 10:57 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-05 10:57 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-05 10:57 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-05 10:57 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-05 10:33 - 2015-06-05 10:33 - 00000000 ____D C:\Users\*******\Documents\Frame Purse
2015-06-03 17:45 - 2015-06-03 17:45 - 00000000 ____D C:\Program Files (x86)\Dell Product Registration
2015-06-03 16:52 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-03 16:52 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-03 16:52 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-03 16:52 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-03 16:52 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-06-03 16:52 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-03 16:52 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-06-03 16:52 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-03 16:52 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-06-03 16:52 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-06-03 16:52 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-06-03 16:52 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-06-03 16:52 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-06-03 16:52 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-06-03 16:52 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-06-03 16:52 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-06-03 16:52 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-06-03 16:52 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-03 16:52 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-06-03 16:52 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-06-03 16:52 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-06-03 16:52 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-06-03 16:52 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-06-03 16:52 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-06-03 16:52 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-06-03 16:52 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-06-03 16:52 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-06-03 16:52 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-06-03 16:52 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-03 16:52 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-06-03 16:52 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-06-03 16:52 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-06-03 16:52 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-06-03 16:52 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-06-03 16:52 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-06-03 16:52 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-06-03 16:51 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-06-03 16:51 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-03 16:51 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-06-03 13:27 - 2015-06-05 10:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-03 12:42 - 2015-06-03 12:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 16:34 - 2015-02-19 06:09 - 01837115 _____ C:\Windows\WindowsUpdate.log
2015-07-02 16:31 - 2015-02-23 22:40 - 00000000 ___RD C:\Users\*******\Documents\Dropbox
2015-07-02 16:31 - 2015-02-23 18:29 - 00000000 ____D C:\Users\*******\AppData\Roaming\Dropbox
2015-07-02 16:31 - 2015-02-23 17:35 - 00000000 ___RD C:\Users\*******\OneDrive
2015-07-02 16:29 - 2015-02-19 06:12 - 00000000 ____D C:\Users\*******
2015-07-02 16:21 - 2015-02-19 06:18 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1715588178-1030613774-720089848-1001
2015-07-02 16:02 - 2014-03-18 11:47 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-02 16:02 - 2014-03-18 11:30 - 00765582 _____ C:\Windows\system32\perfh007.dat
2015-07-02 16:02 - 2014-03-18 11:30 - 00159366 _____ C:\Windows\system32\perfc007.dat
2015-07-02 16:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-02 16:00 - 2013-08-22 16:46 - 00045531 _____ C:\Windows\setupact.log
2015-07-02 14:37 - 2014-12-26 05:38 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-06-29 21:57 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-29 21:56 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-29 19:30 - 2015-02-28 12:30 - 00000000 ____D C:\Users\*******\Documents\Citavi 4
2015-06-29 13:42 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-29 13:39 - 2015-02-19 06:12 - 00000000 ____D C:\Users\*******\AppData\Local\Packages
2015-06-29 13:39 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-27 19:33 - 2015-02-28 12:30 - 00000000 ____D C:\Users\*******\AppData\Roaming\Swiss Academic Software
2015-06-27 11:05 - 2014-12-26 05:41 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-06-27 11:04 - 2014-03-18 03:38 - 00098424 _____ C:\Windows\PFRO.log
2015-06-26 14:08 - 2015-04-21 17:49 - 00000000 ____D C:\Users\*******\AppData\Roaming\Skype
2015-06-25 22:06 - 2015-04-28 11:35 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-25 22:04 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-06-24 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-06-24 11:33 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-23 14:45 - 2014-12-26 05:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-06-23 14:44 - 2014-12-26 05:37 - 00000000 ____D C:\ProgramData\PCDr
2015-06-22 11:09 - 2015-04-02 12:19 - 00000000 ____D C:\ProgramData\Samsung
2015-06-22 11:09 - 2014-12-26 05:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-22 11:08 - 2015-04-02 12:19 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-06-22 11:06 - 2015-02-28 12:07 - 00000000 ____D C:\Users\*******\AppData\Local\Downloaded Installations
2015-06-19 20:03 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-06-18 16:28 - 2014-12-26 05:33 - 00000000 ____D C:\Program Files\Dell
2015-06-18 15:59 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-18 10:38 - 2015-04-21 17:49 - 00000000 ____D C:\ProgramData\Skype
2015-06-17 01:20 - 2015-04-01 14:35 - 00000000 ____D C:\Users\*******\Documents\Ahnenblatt
2015-06-17 01:20 - 2015-04-01 14:35 - 00000000 ____D C:\Users\*******\AppData\Roaming\Ahnenblatt
2015-06-16 22:45 - 2015-04-01 14:35 - 00000000 ____D C:\Program Files (x86)\Tree
2015-06-16 18:06 - 2015-02-21 14:02 - 00000000 ____D C:\Windows\system32\MRT
2015-06-16 18:00 - 2015-02-21 14:02 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-16 13:51 - 2014-12-26 05:41 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-06-16 13:51 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-06-16 13:45 - 2015-03-19 18:20 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2015-06-10 15:58 - 2013-08-22 16:44 - 00431760 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 15:54 - 2015-02-25 01:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 15:54 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-05 15:07 - 2015-04-15 17:38 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-05 15:07 - 2015-04-15 17:38 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-05 15:06 - 2015-04-05 15:07 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-05 15:06 - 2015-04-05 15:07 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-05 15:06 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-06-05 15:06 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-05 14:51 - 2015-04-28 12:01 - 00000000 ____D C:\Users\*******\Documents\Onleihe
2015-06-05 12:43 - 2014-03-18 11:31 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-03 17:45 - 2014-12-26 05:44 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2015-06-03 12:59 - 2015-02-19 22:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-12-26 05:10 - 2014-12-26 05:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-26 05:31 - 2014-12-26 05:32 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-12-26 05:28 - 2014-12-26 05:29 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-12-26 05:29 - 2014-12-26 05:30 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-12-26 05:30 - 2014-12-26 05:31 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-12-26 05:27 - 2014-12-26 05:28 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\*******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeqwr8a.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-25 15:16

==================== End of log ============================
         

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by ******* at 2015-07-02 16:37:32
Running from C:\Users\*******\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1715588178-1030613774-720089848-500 - Administrator - Disabled)
******* (S-1-5-21-1715588178-1030613774-720089848-1001 - Administrator - Enabled) => C:\Users\*******
Gast (S-1-5-21-1715588178-1030613774-720089848-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Ahnenblatt 2.87 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.87.0.1 - Dirk Böttcher)
Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.11.0 - Ant Software)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.5.0.11 - Swiss Academic Software)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Data Services (HKLM\...\{90F9BFC9-A2A9-403F-9A40-1063FAD035BA}) (Version: 1.1.6.0 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{90B2EE35-59D0-4A1F-B125-9F678D46A955}) (Version: 2.1.125.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.3.60494 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.16.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{D9D0E75C-F791-402A-98E2-A2F43E7B0CE3}) (Version: 1.1.1054.0 - Dell Inc.)
Dropbox (HKU\S-1-5-21-1715588178-1030613774-720089848-1001\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.223.181 - Dell Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3431 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.316 - McAfee, Inc.)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)
My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.8070 - Broadcom Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1715588178-1030613774-720089848-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715588178-1030613774-720089848-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1715588178-1030613774-720089848-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715588178-1030613774-720089848-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715588178-1030613774-720089848-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715588178-1030613774-720089848-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715588178-1030613774-720089848-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715588178-1030613774-720089848-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715588178-1030613774-720089848-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715588178-1030613774-720089848-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715588178-1030613774-720089848-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

10-06-2015 15:49:36 Windows Update
16-06-2015 17:56:45 Windows Update
22-06-2015 10:32:58 Installed Samsung Kies
29-06-2015 17:35:50 McAfee  Vulnerability Scanner

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {042FFA5D-E7E6-4E5E-95C9-C2732E596851} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {1E37A7DA-BC6C-4D6C-A16C-FDBA12958E4B} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {52178FC5-3F26-479F-B857-6DD899E9E605} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {5DF19B6B-FAD9-44B9-B9D9-A2C61D7CD126} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1715588178-1030613774-720089848-1001Core => C:\Users\*******\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {7835BDF5-231E-4FF9-A8B7-92E744388F6F} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {812DF948-9E6B-4463-8CB3-EAEAB5E5DD91} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-16] (Microsoft Corporation)
Task: {9129239B-C15F-44F2-B6EC-458745597ABE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {A538B280-F7C3-4649-8F33-481597326300} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-29] (Adobe Systems Incorporated)
Task: {BBD48597-1C24-4CA8-9B7A-43F1306613F4} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {C4980360-7705-4705-ACB2-C8CB1EF83C64} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1715588178-1030613774-720089848-1001UA => C:\Users\*******\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {D0D5F54F-592E-4E72-AC6F-DDF954949502} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-04-10] (Dell Inc.)
Task: {D6603D0C-8532-49BB-ACBC-A2CD90D35CF3} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {E8F716F0-9593-457D-8961-97FB5D05FB75} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1715588178-1030613774-720089848-1001Core.job => C:\Users\*******\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1715588178-1030613774-720089848-1001UA.job => C:\Users\*******\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-02 12:19 - 2014-04-16 10:22 - 00029184 _____ () C:\Windows\System32\usp02l.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-25 13:05 - 2013-10-25 13:05 - 00049368 _____ () c:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2015-04-02 12:20 - 2014-11-26 13:07 - 00118576 _____ () C:\Windows\SysWOW64\SecUPDUtilSvc.exe
2014-01-10 15:53 - 2014-01-10 15:53 - 00016384 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Interfaces.dll
2014-01-10 15:53 - 2014-01-10 15:53 - 00081408 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Objects.dll
2014-01-10 15:53 - 2014-01-10 15:53 - 00815616 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Resources.dll
2014-01-10 16:24 - 2014-01-10 16:24 - 00052736 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Plugins.SelfUpdate.dll
2014-01-10 16:24 - 2014-01-10 16:24 - 00019968 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Common.dll
2014-12-26 05:40 - 2014-06-04 16:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-12-26 05:40 - 2014-06-04 16:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-12-26 05:40 - 2014-06-04 16:03 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-12-26 05:40 - 2014-07-02 22:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2014-12-26 05:32 - 2013-12-10 17:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-26 05:28 - 2013-03-05 05:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 12:41 - 2013-03-05 12:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-12-26 05:40 - 2014-07-30 18:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-12-26 05:40 - 2012-11-26 00:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-12-26 05:38 - 2012-11-26 00:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2015-07-02 16:29 - 2015-07-02 16:29 - 00043008 _____ () c:\users\*******\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeqwr8a.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\*******\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\*******\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\*******\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\*******\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\*******\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\*******\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\*******\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00118784 _____ () C:\Users\*******\AppData\Roaming\Dropbox\bin\plugins\accessible\qtaccessiblewidgets.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\*******\OneDrive:ms-properties
AlternateDataStreams: C:\Users\*******\Desktop\Lebensende mit 3 Bchstbn.lnk:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1715588178-1030613774-720089848-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\*******\Pictures\Wallpaper\1366_Happy Fox.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-1715588178-1030613774-720089848-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-1715588178-1030613774-720089848-1001\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-1715588178-1030613774-720089848-1001\...\StartupApproved\Run: => "KiesPDLR.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FA4E9DEB-9BE0-4F49-8D85-9C4CD45EE161}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{59C69953-228A-4DD9-92D9-CA3E05435D39}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{8A634B14-0922-4894-87A3-11B824B3F507}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{AFAB50A1-10BF-4AB4-99B1-C752FC4B66BA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A5341B95-6441-42C4-BC29-14FDA45D5B41}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{86B5D478-C3BD-444B-A21F-F7E3DE665B10}] => (Allow) C:\Users\*******\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BB79DE7E-3C3C-4EFA-90E8-5275844173EF}] => (Allow) C:\Users\*******\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{23EB5946-CC12-4202-A384-C3F118E8517B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FBA2ABEE-0597-4E78-A4FC-F6F9EC9A4D4F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E174CF9-DB8A-4996-BA16-734E05E27794}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EEDACD02-969E-40C2-984E-0A0F0D6F96C6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C64CB09-785A-43E3-A480-4F985920007E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6B6C0DC3-781C-42E3-838E-F59E1FB77AB2}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{B976FD26-94C6-4C85-8572-E68CCFBE9DBA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DCE5AE35-37C6-46DD-A84A-C5432D515A9D}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{5773E775-4E71-4177-A481-F11DE261F6C4}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2015 02:32:54 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/29/2015 09:57:42 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/29/2015 07:40:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7031

Error: (06/29/2015 07:40:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7031

Error: (06/29/2015 07:40:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/29/2015 01:46:53 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/29/2015 01:45:42 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/29/2015 02:03:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5812

Error: (06/29/2015 02:03:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5812

Error: (06/29/2015 02:03:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (07/02/2015 04:12:03 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (07/02/2015 04:10:52 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (07/02/2015 04:08:49 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (07/02/2015 04:08:49 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (07/02/2015 04:08:49 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (07/02/2015 04:07:06 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (07/02/2015 04:07:06 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (07/02/2015 04:07:05 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (06/29/2015 10:06:37 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "VOYAGER2",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{F4779253-002C-4C77-B7AE-EB9F2F733C6B}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/29/2015 09:54:34 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "VOYAGER2",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{F4779253-002C-4C77-B7AE-EB9F2F733C6B}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office:
=========================
Error: (07/02/2015 02:32:54 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/29/2015 09:57:42 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/29/2015 07:40:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7031

Error: (06/29/2015 07:40:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7031

Error: (06/29/2015 07:40:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/29/2015 01:46:53 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/29/2015 01:45:42 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/29/2015 02:03:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5812

Error: (06/29/2015 02:03:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5812

Error: (06/29/2015 02:03:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2015-02-19 05:14:41.210
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 56%
Total physical RAM: 4000.18 MB
Available physical RAM: 1720.69 MB
Total Pagefile: 4704.18 MB
Available Pagefile: 2241.45 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.33 GB) (Free:402.58 GB) NTFS
Drive e: (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.32 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:8.04 GB) (Free:0.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 26448C2A)

Partition: GPT Partition Type.

==================== End of log ============================
         
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-02 17:07:05
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000031 WDC_WD5000LPVX-75V0TT0 rev.01.01A01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\*******\AppData\Local\Temp\fxldrpow.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\System32\win32k.sys!W32pServiceTable       fffff96000224d00 15 bytes [00, A9, F3, 01, 80, 64, 6D, ...]
.text   C:\Windows\System32\win32k.sys!W32pServiceTable + 16  fffff96000224d10 11 bytes [00, 91, FC, FF, 00, BF, CA, ...]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [2124:4448]             fffff960009b92d0
Thread  C:\Windows\explorer.exe [6536:4496]                   00007ffe67b8e630

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                 unknown MBR code

---- EOF - GMER 2.1 ----
         

Vielen Dank!

Alt 02.07.2015, 16:52   #2
schrauber
/// the machine
/// TB-Ausbilder
 

McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen - Standard

McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen



hi,

Screenshot vom Netzwerk und der McAfee Meldung bitte.
__________________

__________________

Alt 02.07.2015, 17:04   #3
BlackDahlia
 
McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen - Standard

McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen



Danke für die schnelle Reaktion! Wow.

Screenshot der Fehlermeldung gibt es leider nicht, ich habe auf sie geklickt und dann war sie weg.
__________________
Angehängte Grafiken
Dateityp: png Screenshot Netzwerk.png (130,7 KB, 203x aufgerufen)

Alt 03.07.2015, 06:21   #4
schrauber
/// the machine
/// TB-Ausbilder
 

McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen - Standard

McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen



Ist die Meldung von McAfee seither nicht mehr gekommen?

Wieviele Geräte und welche hängen in deinem Netz?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.07.2015, 08:53   #5
BlackDahlia
 
McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen - Standard

McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen



Die Meldung kam nicht mehr, aber ich war seitdem auch nicht mehr länger als 1 Minute online.

In meinem Wlan ist mein Smartphone und der Laptop meines Freundes online. (Ein eingerichtes Netzwerk habe ich nicht, falls das gemeint war.)
Im Bibliotheksnetz sind wohl 200 Leute online. Aber in beiden Situationen gab es nie zuvor so eine Meldung.

Bin jetzt mit dem Rechner online gegangen, beim McAfee Update hängte es sich zum ersten Mal überhaupt auf, dann kam die Windows Meldung, dass es nicht mehr funktioniert und ich es schließen kann.


Alt 03.07.2015, 12:34   #6
schrauber
/// the machine
/// TB-Ausbilder
 

McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen - Standard

McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen



Kennst Du diese IP?

172.31.1.171
__________________
--> McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen

Alt 06.07.2015, 22:02   #7
BlackDahlia
 
McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen - Standard

McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen



Sorry, ich bin erst jetzt wieder in meinem Wlan.
Keines meiner Geräte hat diese IP. Ich kann es mir nicht erklären.

Mittlerweile konnte ich einen Screenshot von der Fehlermeldung machen, ich hänge sie an.

Das fremde Gerät (ich habe ihm einen prägnanten Namen gegeben, ähem ) hat eine dynamische IP, mein Freund ist es nicht, sein Laptop heißt Voyager2.

Hinter dem Router hängt das Modem, kann es das sein? (Ich habe keinen Schimmer, bitte nicht lachen).
Angehängte Grafiken
Dateityp: png McAfee Meldung.png (38,4 KB, 298x aufgerufen)
Dateityp: png McAfee Mein Netzwerk II.png (152,0 KB, 255x aufgerufen)

Alt 07.07.2015, 06:28   #8
schrauber
/// the machine
/// TB-Ausbilder
 

McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen - Standard

McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen



lol


Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool

Setze einen Haken bei folgenden Einträgen
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
  • List Minidump Files
Klicke Go und poste den Inhalt der Result.txt.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen
adware, bonjour, browser, böttcher, computer, cpu, fehlermeldung, flash player, home, installation, mcafee warnung, mozilla, netzwerk, prozess, realtek, registry, rundll, scan, security, siteadvisor, software, starten, svchost.exe, system, trojaner?, unbekannter computer im netzwerk, usb, webadvisor, windows, windowsapps, wlan



Ähnliche Themen: McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen


  1. Unbekannter Computername in Windows Netzwerk über Wlan
    Netzwerk und Hardware - 20.10.2015 (5)
  2. Malware über Wlan Netzwerk
    Diskussionsforum - 20.08.2015 (18)
  3. Auf meinem Server wird meine webseite befallen, evtl. liegt das an meinem Computer / Befall?
    Plagegeister aller Art und deren Bekämpfung - 01.05.2014 (27)
  4. Virensoftwer meldet folgenden unbekannten Schädling: Fingerprint: [6ed71ff3]
    Log-Analyse und Auswertung - 25.11.2013 (15)
  5. McAfee meldet login in mein netzwerk = Hackversuch?
    Plagegeister aller Art und deren Bekämpfung - 25.11.2013 (11)
  6. Verbindung mit dem WLAN Netzwerk nicht mehr möglich - ständig Netzwerkidentifizierung
    Alles rund um Windows - 08.06.2013 (6)
  7. Jemand ist in meinem Netzwerk
    Log-Analyse und Auswertung - 05.01.2012 (41)
  8. McAfee meldet Trojaner-Befall Artemis!317AB1B0B53C
    Log-Analyse und Auswertung - 26.10.2010 (8)
  9. Netzwerk WLan und die Sicherheit
    Netzwerk und Hardware - 13.05.2010 (1)
  10. BSOD bei Aktivierung XP-WLAN in bestimmten Netzwerk
    Netzwerk und Hardware - 08.01.2010 (25)
  11. laptop stellt keine wlan verbindung mehr her - trotz verfügbarem netzwerk
    Netzwerk und Hardware - 29.09.2009 (9)
  12. ich finde in meiner Fritzbox unter Netzwerk IP die aber nicht in WLAN sind ? H
    Log-Analyse und Auswertung - 30.08.2009 (12)
  13. Probleme mit Netzwerk und Wlan
    Netzwerk und Hardware - 13.12.2008 (1)
  14. WLAN NETZWERK mit zwei Router ??????
    Netzwerk und Hardware - 09.06.2008 (2)
  15. Kann ich über WLAN Modem-Router ein Netzwerk einrichten?
    Netzwerk und Hardware - 29.01.2007 (1)
  16. WLAN Netzwerk richtig absichern
    Netzwerk und Hardware - 04.01.2007 (12)
  17. Netzwerk Windows 98SE -> XP per WLAN
    Netzwerk und Hardware - 24.10.2003 (10)

Zum Thema McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen - Hallo, ich war mit meinen Laptop in einem Bibliotheks-Wlan als McAfee mir einen unbekannten Computer in meinem Netzwerk meldete. Es war eine reine Meldung, sowas wie eine Blockieroption etc. gab - McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen...
Archiv
Du betrachtest: McAfee meldet wiedeholt unbekannten Computer in meinem Netzwerk - in 2 unterschiedl. WLAN Netzen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.