| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ZeroAcess-Infektion?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.10.2013, 15:12
| #1 |
| |  ZeroAcess-Infektion? Hallo. Hatte heute eine ZeroAcess-Infektion und habe meinen Rechner neu aufgesetzt. Alle Partitionen vorher formattiert und anschließend Windows 7 neu installiert. Scan mit Norton Internetsecurity (full) und Malwarebyte (fast) zeigt keine Infektion. ABER: Malwarebyte zeigt immer wieder an, dass der Prozess svchost.exe über Port 16741 eine Verbindung zulassen möchte. Das verunsichert mich jetzt doch, da ich gelesen habe, dass der Port kritisch ist. Hier der LogFile von FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2013 Ran by XXX (administrator) on XXX on 22-10-2013 15:56:49 Running from C:\Users\XXX\Downloads Microsoft Windows 7 Home Premium (X86) OS Language: German Standard Internet Explorer Version 8 <-- WAS EIN SCHMARRN, ICH NUTZ CHROME/FIREFOX Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe (Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe (Vimicro) C:\Program Files\USB Camera\VM331_STI.EXE (Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtTray.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Users\Jennifer Flemke\Downloads\X17-75062.exe (Microsoft Corporation) C:\Users\JENNIF~1\AppData\Local\Temp\OWP3F6.tmp\setup.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Users\JENNIF~1\AppData\Local\Temp\ose00000.exe (Microsoft Corporation) C:\Windows\system32\msiexec.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\system32\MsiExec.exe (Microsoft Corporation) C:\Windows\system32\MsiExec.exe (Microsoft Corporation) C:\Windows\system32\DrvInst.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [331BigDog] - C:\Program Files\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro) HKLM\...\Run: [EnergyUtility] - C:\Program Files\Lenovo\Energy Management\utility.exe [4147136 2009-12-26] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [6223808 2009-12-26] (Lenovo (Beijing) Limited) HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xED61FDF124CFCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) Tcpip\Parameters: [DhcpNameServer] 132.199.1.163 132.199.1.2 FireFox: ======== FF ProfilePath: C:\Users\Jennifer Flemke\AppData\Roaming\Mozilla\Firefox\Profiles\wytl5eua.default FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ Chrome: ======= CHR HomePage: hxxp://go.microsoft.com/fwlink/?LinkId=69157 CHR Extension: (Google Docs) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Gmail Offline) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0 CHR Extension: (AdBlock) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0 CHR Extension: (Google Mail Checker) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0 CHR Extension: (Norton Identity Protection) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0 CHR Extension: (ChromeReload) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\0.9.3_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (Auto-Reload) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\8.0.5_0 CHR Extension: (Gmail) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx ========================== Services (Whitelisted) ================= R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [595232 2010-02-17] (Broadcom Corporation.) S3 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-15] (Lenovo Group Limited) S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited) S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [575304 2009-11-17] (Lenovo Group Limited) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\diMaster.dll [567600 2013-10-08] (Symantec Corporation) S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited) R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-15] (Lenovo Group Limited) ==================== Drivers (Whitelisted) ==================== R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21256 2009-09-03] (Lenovo Corporation) R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx86.sys [1097304 2013-09-26] (Symantec Corporation) S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo) R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation) R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-10-22] (Symantec Corporation) U3 EraserUtilDrv11311; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [108120 2013-10-22] (Symantec Corporation) R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20130930.001\IDSVix86.sys [392792 2013-09-24] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131022.001\NAVENG.SYS [93272 2013-10-22] (Symantec Corporation) R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131022.001\NAVEX15.SYS [1612376 2013-10-22] (Symantec Corporation) R3 SRTSP; C:\Windows\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-27] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-27] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-10-22] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\system32\drivers\NIS\1501000.012\SYMNETS.SYS [446552 2013-09-26] (Symantec Corporation) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [185856 2010-03-18] (Vimicro Corporation) R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider) ========================== Drivers MD5 ======================= C:\Windows\system32\DRIVERS\1394ohci.sys 6D2ACA41739BFE8CB86EE8E85F29697D C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AcpiVpc.sys E4D3DD5A1FC4AEF696D34D4B97049343 C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys DDC040FDB01EF1712A6B13E52AFB104C C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdagp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdsata.sys 2101A86C25C154F8314B24EF49D7FBC2 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\amdxata.sys B81C2B5616F6420A9941EA093A92B150 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bcmwl6.sys CDA161020BF75B12728AE394196AD991 C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx86.sys 0E901BFF4AECC503826A5DEAEB1784BC C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys FCAFAEF6798D7B51FF029F99A9898961 C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\drivers\WDBridge.sys B35BB97B6DD9913093579F5C83962636 C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\BthEnum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bthpan.sys ==> MD5 is legit C:\Windows\System32\Drivers\BTHport.sys 4A34888E13224678DD062466AFEC4240 C:\Windows\System32\Drivers\BTHUSB.sys FA04C63916FA221DBB91FCE153D07A55 C:\Windows\System32\drivers\btusbflt.sys DD5361CF05025BD61A5D0115ECC2566F C:\Windows\System32\drivers\btwaudio.sys F8B4F60768328FAA2FFE2727F66809F8 C:\Windows\System32\DRIVERS\btwavdt.sys FA7446DD38DE84D4988D1F2EBB854589 C:\Windows\System32\DRIVERS\btwl2cap.sys AAFD7CB76BA61FBB08E302DA208C974A C:\Windows\System32\DRIVERS\btwrchid.sys D5862FBC1CBC0404614FD9D85C8D880E C:\Windows\system32\drivers\NIS\1501000.012\ccSetx86.sys 56C2811FD0D7B727808A69407B5BFAE0 C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys 8E09E52EE2E3CEB199EF3DD99CF9E3FB C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 39806CFEDDCC55E686A49BCCD2972F23 C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys E1E3804F7C59EA3E14637C2A763F65E2 C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys 6D84DFC3B5C5052881BF50470D0C03D1 C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fvevol.sys 5592F5DBA26282D24D2B080EB438A4D7 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECI.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStor.sys D483687EACE0C065EE772481A96E05F5 C:\Windows\system32\DRIVERS\iaStorV.sys 934AF4D7C5F457B9F0743F4299B77B67 C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20130930.001\IDSVix86.sys 2319D48CE20FA984E30C42411CC8FACC C:\Windows\System32\DRIVERS\igdkmd32.sys B6EC6C6AC3CED90963430534A92DC7A7 C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Impcd.sys E3C36AC5AE87EC970AE8EA2A93D59AE1 C:\Windows\System32\DRIVERS\IntcDAud.sys BF31740828A26AB451803E3B35432651 C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\L1C62x86.sys 6C32BFEAB708915D6BBF4B20D4F3EF7B C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\mbam.sys 4470E3C1E0C3378E4CAB137893C12C3A C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys F4A054BE78AF7F410129C4B64B07DC9B C:\Windows\System32\DRIVERS\mrxsmb10.sys DEFFA295BD1895C6ED8E3078412AC60B C:\Windows\System32\DRIVERS\mrxsmb20.sys 24D76ABE5DCAD22F19D105F76FDF0CE1 C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131022.001\NAVENG.SYS 81E928EE3751FAF725C87CC17726C05D C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131022.001\NAVEX15.SYS E0C39FA6C76AE8ED53ABF043F35ECDFF C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 3795DCD21F740EE799FB7223234215AF C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nvraid.sys 3F3D04B1D08D43C16EA7963954EC768D C:\Windows\system32\DRIVERS\nvstor.sys C99F251A5DE63C6F129CF71933ACED0F C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pci.sys C858CB77C577780ECC456A892E7E7D0F C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys 835D7E81BF517A3B72384BDCC85E1CE6 C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys 1E016846895B15A99F9A176A05029075 C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys 0399C725A9C95A6F1862B93F008DDF4A C:\Windows\System32\drivers\rdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7 C:\Windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\Drivers\RtsUStor.sys 6B065C88A4C05CF44793AC2BFC331AC5 C:\Windows\system32\DRIVERS\sbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5 C:\Windows\System32\DRIVERS\scfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51 C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffp_sd.sys 4F1E5B0FE7C8050668DBFADE8999AEFB C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisagp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\system32\drivers\NIS\1501000.012\SRTSP.SYS 40714B1C586AF7E61BED7AE1D5113280 C:\Windows\system32\drivers\NIS\1501000.012\SRTSPX.SYS 1B6D68043F488F70E889276E1585B7AA C:\Windows\System32\DRIVERS\srv.sys 2BA4EBC7DFBA845A1EDBE1F75913BE33 C:\Windows\System32\DRIVERS\srv2.sys DCE7E10FEAABD4CAE95948B3DE5340BB C:\Windows\System32\DRIVERS\srvnet.sys B5665BAA2120B8A54E22E9CD07C05106 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\NIS\1501000.012\SYMDS.SYS 4C3DEF736D3857570166DE5C858600F5 C:\Windows\System32\drivers\NIS\1501000.012\SYMEFA.SYS 68762EF9ED8A8D4A07112B3E3590EA29 C:\Windows\system32\Drivers\SYMEVENT.SYS E987A9CB539147527F56943BB34B7375 C:\Windows\system32\drivers\NIS\1501000.012\Ironx86.SYS E3A3CA230C7547364BB3D9DA0C301A36 C:\Windows\system32\drivers\NIS\1501000.012\SYMNETS.SYS 645B1DF38BB0F91433E752852DB1E513 C:\Windows\System32\drivers\tcpip.sys 2CC3D75488ABD3EC628BBB9A4FC84EFC C:\Windows\System32\DRIVERS\tcpip.sys 2CC3D75488ABD3EC628BBB9A4FC84EFC C:\Windows\System32\drivers\tcpipreg.sys E64444523ADD154F86567C469BC0B17F C:\Windows\System32\drivers\tdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF C:\Windows\System32\drivers\tdtcp.sys 7156308896D34EA75A582F9A09E50C17 C:\Windows\System32\DRIVERS\tdx.sys CB39E896A2A83702D1737BFD402B3542 C:\Windows\System32\DRIVERS\termdd.sys C36F41EE20E6999DBF4B0425963268A5 C:\Windows\System32\DRIVERS\tssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242 C:\Windows\System32\DRIVERS\tunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00 C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys 09CC3E16F8E5EE7168E01CF8FCBE061A C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys 049B3A50B3D646BAEEEE9EEC9B0668DC C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys 8455C4ED038EFD09E99327F9D2D48FFA C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys 1C333BFD60F2FED2C7AD5DAF533CB742 C:\Windows\System32\DRIVERS\usbhub.sys EE6EF93CCFA94FAE8C6AB298273D8AE2 C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS D8889D56E0D27E57ED4591837FE71D27 C:\Windows\system32\DRIVERS\usbuhci.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbvideo.sys F642A7E4BF78CFA359CCA0A3557C28D7 C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583 C:\Windows\system32\DRIVERS\viaagp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit C:\Windows\System32\Drivers\vm331avs.sys 1C14F7C49ADFE82ED40902C58787F2F2 C:\Windows\System32\DRIVERS\volmgr.sys 384E5A2AA49934295171E499F86BA6F3 C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\volsnap.sys 58DF9D2481A56EDDE167E51B334D44FD C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7 C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882 C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WDMirror.sys EA4E9DD00E69B35F9BD3D39ACB113E3F C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys 6F9B6C0C93232CFF47D0F72D6DB1D21E C:\Windows\System32\DRIVERS\WUDFRd.sys F91FF1E51FCA30B3C3981DB7D5924252 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-22 15:56 - 2013-10-22 15:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2013-10-22 15:56 - 2013-10-22 15:56 - 00000000 ____D C:\FRST 2013-10-22 15:54 - 2013-10-22 15:54 - 01087503 _____ (Farbar) C:\Users\Jennifer Flemke\Downloads\FRST.exe 2013-10-22 15:49 - 2013-10-22 15:49 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\pdfforge 2013-10-22 15:49 - 2013-10-22 15:49 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2013-10-22 15:48 - 2013-10-22 15:52 - 00000000 ____D C:\Program Files\PDFCreator 2013-10-22 15:48 - 2013-10-22 15:48 - 00000000 ____D C:\Windows\PCHEALTH 2013-10-22 15:48 - 2013-10-22 15:48 - 00000000 ____D C:\Program Files\Microsoft.NET 2013-10-22 15:48 - 2013-04-09 15:13 - 00095416 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2013-10-22 15:48 - 2013-01-09 15:52 - 01070152 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCTL.OCX 2013-10-22 15:48 - 2012-05-05 11:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCT2.OCX 2013-10-22 15:48 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\system32\MSMAPI32.OCX 2013-10-22 15:48 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\MSMPIDE.DLL 2013-10-22 15:48 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\system32\VB6DE.DLL 2013-10-22 15:48 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\MSCMCDE.DLL 2013-10-22 15:48 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\MSCC2DE.DLL 2013-10-22 15:43 - 2013-10-22 15:43 - 17810632 _____ (pdfforge GmbH) C:\Users\Jennifer Flemke\Downloads\PDFCreator-1_7_1_setup.exe 2013-10-22 15:43 - 2013-10-22 15:43 - 00000000 ____D C:\Program Files\Microsoft Analysis Services 2013-10-22 15:42 - 2013-10-22 15:56 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-22 15:42 - 2013-10-22 15:48 - 00000000 ____D C:\Program Files\Microsoft Office 2013-10-22 15:42 - 2013-10-22 15:42 - 00000000 __RHD C:\MSOCache 2013-10-22 15:42 - 2013-10-22 15:42 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Microsoft Help 2013-10-22 15:37 - 2013-10-22 14:43 - 00000000 ____D C:\Windows\Panther 2013-10-22 15:25 - 2013-10-22 15:37 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\Mozilla 2013-10-22 15:25 - 2013-10-22 15:25 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Mozilla 2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\ProgramData\Mozilla 2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-22 15:24 - 2013-10-22 15:24 - 01110476 _____ C:\Users\Jennifer Flemke\Downloads\7z920.exe 2013-10-22 15:24 - 2013-10-22 15:24 - 00000000 ____D C:\Program Files\7-Zip 2013-10-22 15:23 - 2013-10-22 15:23 - 00281896 _____ (Mozilla) C:\Users\Jennifer Flemke\Downloads\Firefox Setup Stub 24.0.exe 2013-10-22 15:21 - 2013-10-22 15:21 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-22 15:21 - 2013-10-22 15:21 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\Malwarebytes 2013-10-22 15:21 - 2013-10-22 15:21 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-22 15:21 - 2013-10-22 15:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-22 15:21 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-22 15:20 - 2013-10-22 15:28 - 1025493776 _____ (Microsoft Corporation) C:\Users\Jennifer Flemke\Downloads\X17-75062.exe 2013-10-22 15:20 - 2013-10-22 15:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jennifer Flemke\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-22 15:17 - 2013-10-22 15:17 - 00000000 ____D C:\Users\Jennifer Flemke\Documents\Bluetooth-Exchange-Ordner 2013-10-22 15:17 - 2013-10-22 15:17 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Broadcom 2013-10-22 15:16 - 2013-10-22 15:16 - 00000000 ____D C:\Program Files\DIFX 2013-10-22 15:16 - 2010-01-15 07:22 - 00108072 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys 2013-10-22 15:16 - 2010-01-15 07:22 - 00086056 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys 2013-10-22 15:16 - 2010-01-15 07:22 - 00018472 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys 2013-10-22 15:16 - 2009-11-30 09:53 - 00045352 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btusbflt.sys 2013-10-22 15:16 - 2009-04-07 08:32 - 00029472 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys 2013-10-22 15:15 - 2013-10-22 15:15 - 49716840 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN3BTH56WW5.exe 2013-10-22 15:13 - 2013-10-22 15:14 - 14251424 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN2THP33WW5 (1).exe 2013-10-22 15:12 - 2013-10-22 15:12 - 00000000 ____D C:\Program Files\Realtek 2013-10-22 15:12 - 2009-11-11 09:11 - 07367200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSUSTORicon.dll 2013-10-22 15:12 - 2009-11-11 09:11 - 00181792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys 2013-10-22 15:11 - 2013-10-22 15:16 - 00015566 _____ C:\Windows\DPINST.LOG 2013-10-22 15:11 - 2013-10-22 15:11 - 00000000 ____D C:\Program Files\Broadcom Wireless 2013-10-22 15:11 - 2010-02-02 15:47 - 03866624 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv.dll 2013-10-22 15:11 - 2010-02-02 15:47 - 03555328 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui.dll 2013-10-22 15:11 - 2010-02-02 15:47 - 02707448 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL6.SYS 2013-10-22 15:11 - 2010-02-02 15:47 - 00091376 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll 2013-10-22 15:04 - 2013-10-22 15:04 - 00015830 _____ C:\Windows\system32\results.xml 2013-10-22 15:03 - 2013-10-22 15:03 - 00000000 ____D C:\Program Files\Common Files\Intel 2013-10-22 15:00 - 2013-10-22 15:00 - 00000308 _____ C:\Windows\PFRO.log 2013-10-22 14:59 - 2013-10-22 14:59 - 00001682 _____ C:\Users\Public\Desktop\Lenovo ReadyComm 5.lnk 2013-10-22 14:59 - 2013-10-22 14:59 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\Lenovo 2013-10-22 14:59 - 2009-07-28 21:09 - 00063240 _____ (Lenovo) C:\Windows\system32\Drivers\wdbridge.sys 2013-10-22 14:59 - 2009-07-28 21:09 - 00018184 _____ (Lenovo) C:\Windows\system32\WDMirror.dll 2013-10-22 14:59 - 2009-07-16 12:37 - 00011792 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\WDMirror.sys 2013-10-22 14:59 - 2009-07-14 17:22 - 00016648 ____R C:\Windows\system32\LogAPI.dll 2013-10-22 14:58 - 2009-06-04 18:43 - 00330264 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys 2013-10-22 14:57 - 2013-10-22 14:57 - 00000000 ____D C:\Program Files\Common Files\postureAgent 2013-10-22 14:56 - 2013-10-22 15:16 - 00000000 ____D C:\Program Files\Lenovo 2013-10-22 14:56 - 2013-10-22 14:56 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo 2013-10-22 14:56 - 2009-09-17 06:54 - 00041088 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECI.sys 2013-10-22 14:56 - 2009-09-03 10:16 - 00021256 _____ (Lenovo Corporation) C:\Windows\system32\Drivers\AcpiVpc.sys 2013-10-22 14:54 - 2013-10-22 15:03 - 00000000 ____D C:\Program Files\Intel 2013-10-22 14:54 - 2013-10-22 15:03 - 00000000 ____D C:\Intel 2013-10-22 14:54 - 2009-08-18 07:44 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll 2013-10-22 14:53 - 2013-10-22 15:40 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2013-10-22 14:53 - 2013-10-22 15:12 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-10-22 14:53 - 2013-10-22 14:53 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS 2013-10-22 14:53 - 2013-10-22 14:53 - 00008194 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT 2013-10-22 14:53 - 2013-10-22 14:53 - 00002495 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk 2013-10-22 14:53 - 2013-10-22 14:53 - 00000000 ____D C:\Program Files\Vimicro 2013-10-22 14:53 - 2013-10-22 14:53 - 00000000 ____D C:\Program Files\USB Camera 2013-10-22 14:53 - 2010-03-18 18:34 - 00185856 _____ (Vimicro Corporation) C:\Windows\system32\Drivers\vm331avs.sys 2013-10-22 14:53 - 2010-03-18 17:49 - 00001341 _____ C:\Windows\vm331Rmv.ini 2013-10-22 14:53 - 2010-01-15 20:22 - 00184320 _____ (Vimicro Corporation) C:\Windows\system32\VmCoinst.dll 2013-10-22 14:53 - 2009-12-14 16:50 - 00655360 _____ C:\Windows\system32\vmprp331.ax 2013-10-22 14:53 - 2009-11-09 14:39 - 00007409 _____ C:\Windows\system\vm331avs.rsf 2013-10-22 14:53 - 2008-12-23 17:07 - 00208896 _____ (Vimicro) C:\Windows\Reg331Unstal.dll 2013-10-22 14:52 - 2013-10-22 14:53 - 00000000 ____D C:\ProgramData\Norton 2013-10-22 14:52 - 2013-10-22 14:52 - 41975200 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN2VDO59WW5.exe 2013-10-22 14:52 - 2013-10-22 14:52 - 28936760 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN1STW12WW5.exe 2013-10-22 14:52 - 2013-10-22 14:52 - 18351760 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN1SRM27WW5.exe 2013-10-22 14:52 - 2013-10-22 14:52 - 00000000 ____D C:\Windows\system32\Drivers\NIS 2013-10-22 14:52 - 2013-10-22 14:52 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\InstallShield 2013-10-22 14:52 - 2013-10-22 14:52 - 00000000 ____D C:\Program Files\Norton Internet Security 2013-10-22 14:51 - 2013-10-22 14:51 - 14556000 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN2WLN36WW5.exe 2013-10-22 14:51 - 2013-10-22 14:51 - 14251424 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN2THP33WW5.exe 2013-10-22 14:51 - 2013-10-22 14:51 - 07191128 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN1EGC41WW5.exe 2013-10-22 14:51 - 2013-10-22 14:51 - 04673328 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN4CAR19WW5.exe 2013-10-22 14:51 - 2013-10-22 14:51 - 03169680 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN1MEI05WW5.exe 2013-10-22 14:51 - 2013-10-22 14:51 - 02856280 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN6ETN06WW5.exe 2013-10-22 14:51 - 2013-10-22 14:51 - 01418096 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN1CHP17WW5.exe 2013-10-22 14:50 - 2013-10-22 14:51 - 19296464 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN1CAM31WW5.exe 2013-10-22 14:50 - 2013-10-22 14:50 - 43006304 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN7AUD12WW5.exe 2013-10-22 14:49 - 2013-10-22 16:00 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-22 14:49 - 2013-10-22 15:04 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-22 14:49 - 2013-10-22 14:49 - 00057560 _____ C:\Users\Jennifer Flemke\AppData\Local\GDIPFONTCACHEV1.DAT 2013-10-22 14:49 - 2013-10-22 14:49 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-10-22 14:49 - 2013-10-22 14:49 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Google 2013-10-22 14:49 - 2013-10-22 14:49 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Deployment 2013-10-22 14:49 - 2013-10-22 14:49 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Apps\2.0 2013-10-22 14:49 - 2013-10-22 14:49 - 00000000 ____D C:\Program Files\Google 2013-10-22 14:47 - 2013-10-22 15:22 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-22 14:46 - 2012-02-15 07:44 - 00826368 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2013-10-22 14:46 - 2012-02-15 06:22 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2013-10-22 14:46 - 2012-02-15 06:22 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys 2013-10-22 14:46 - 2010-01-09 08:52 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll 2013-10-22 14:43 - 2013-10-22 15:07 - 00332877 _____ C:\Windows\WindowsUpdate.log 2013-10-22 14:43 - 2013-10-22 14:43 - 00001409 _____ C:\Users\Jennifer Flemke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-10-22 14:43 - 2013-10-22 14:43 - 00000020 ___SH C:\Users\Jennifer Flemke\ntuser.ini 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Startmenü 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Netzwerkumgebung 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Druckumgebung 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Documents\Eigene Musik 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Documents\Eigene Bilder 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\AppData\Local\Verlauf 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Startmenü 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Druckumgebung 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Programme 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\ProgramData\Startmenü 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\ProgramData\Dokumente 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 __SHD C:\Recovery 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\VirtualStore 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 ____D C:\Users\Jennifer Flemke 2013-10-22 14:43 - 2012-06-03 00:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2013-10-22 14:43 - 2012-06-03 00:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2013-10-22 14:43 - 2012-06-03 00:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2013-10-22 14:43 - 2012-06-03 00:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2013-10-22 14:43 - 2012-06-03 00:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2013-10-22 14:43 - 2012-06-03 00:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2013-10-22 14:43 - 2012-06-03 00:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2013-10-22 14:43 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2013-10-22 14:43 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2013-10-22 14:43 - 2009-07-14 06:42 - 00000000 ___RD C:\Users\Jennifer Flemke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-10-22 14:43 - 2009-07-14 06:37 - 00000000 ___RD C:\Users\Jennifer Flemke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-10-22 14:39 - 2013-10-22 14:40 - 00001313 _____ C:\Windows\TSSysprep.log ==================== One Month Modified Files and Folders ======= 2013-10-22 16:00 - 2013-10-22 14:49 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-22 15:56 - 2013-10-22 15:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2013-10-22 15:56 - 2013-10-22 15:56 - 00000000 ____D C:\FRST 2013-10-22 15:56 - 2013-10-22 15:42 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-22 15:56 - 2009-07-14 06:39 - 00017224 _____ C:\Windows\setupact.log 2013-10-22 15:54 - 2013-10-22 15:54 - 01087503 _____ (Farbar) C:\Users\Jennifer Flemke\Downloads\FRST.exe 2013-10-22 15:52 - 2013-10-22 15:48 - 00000000 ____D C:\Program Files\PDFCreator 2013-10-22 15:49 - 2013-10-22 15:49 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\pdfforge 2013-10-22 15:49 - 2013-10-22 15:49 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2013-10-22 15:49 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-10-22 15:48 - 2013-10-22 15:48 - 00000000 ____D C:\Windows\PCHEALTH 2013-10-22 15:48 - 2013-10-22 15:48 - 00000000 ____D C:\Program Files\Microsoft.NET 2013-10-22 15:48 - 2013-10-22 15:42 - 00000000 ____D C:\Program Files\Microsoft Office 2013-10-22 15:43 - 2013-10-22 15:43 - 17810632 _____ (pdfforge GmbH) C:\Users\Jennifer Flemke\Downloads\PDFCreator-1_7_1_setup.exe 2013-10-22 15:43 - 2013-10-22 15:43 - 00000000 ____D C:\Program Files\Microsoft Analysis Services 2013-10-22 15:43 - 2009-07-14 10:57 - 00000000 ____D C:\Windows\ShellNew 2013-10-22 15:42 - 2013-10-22 15:42 - 00000000 __RHD C:\MSOCache 2013-10-22 15:42 - 2013-10-22 15:42 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Microsoft Help 2013-10-22 15:40 - 2013-10-22 14:53 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2013-10-22 15:37 - 2013-10-22 15:25 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\Mozilla 2013-10-22 15:36 - 2009-07-14 06:57 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG 2013-10-22 15:36 - 2009-07-14 06:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template 2013-10-22 15:28 - 2013-10-22 15:20 - 1025493776 _____ (Microsoft Corporation) C:\Users\Jennifer Flemke\Downloads\X17-75062.exe 2013-10-22 15:25 - 2013-10-22 15:25 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Mozilla 2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\ProgramData\Mozilla 2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-22 15:24 - 2013-10-22 15:24 - 01110476 _____ C:\Users\Jennifer Flemke\Downloads\7z920.exe 2013-10-22 15:24 - 2013-10-22 15:24 - 00000000 ____D C:\Program Files\7-Zip 2013-10-22 15:23 - 2013-10-22 15:23 - 00281896 _____ (Mozilla) C:\Users\Jennifer Flemke\Downloads\Firefox Setup Stub 24.0.exe 2013-10-22 15:22 - 2013-10-22 14:47 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-22 15:21 - 2013-10-22 15:21 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-22 15:21 - 2013-10-22 15:21 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\Malwarebytes 2013-10-22 15:21 - 2013-10-22 15:21 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-22 15:21 - 2013-10-22 15:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-22 15:20 - 2013-10-22 15:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jennifer Flemke\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-22 15:17 - 2013-10-22 15:17 - 00000000 ____D C:\Users\Jennifer Flemke\Documents\Bluetooth-Exchange-Ordner 2013-10-22 15:17 - 2013-10-22 15:17 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Broadcom 2013-10-22 15:16 - 2013-10-22 15:16 - 00000000 ____D C:\Program Files\DIFX 2013-10-22 15:16 - 2013-10-22 15:11 - 00015566 _____ C:\Windows\DPINST.LOG 2013-10-22 15:16 - 2013-10-22 14:56 - 00000000 ____D C:\Program Files\Lenovo 2013-10-22 15:15 - 2013-10-22 15:15 - 49716840 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN3BTH56WW5.exe 2013-10-22 15:14 - 2013-10-22 15:13 - 14251424 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN2THP33WW5 (1).exe 2013-10-22 15:12 - 2013-10-22 15:12 - 00000000 ____D C:\Program Files\Realtek 2013-10-22 15:12 - 2013-10-22 14:53 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-10-22 15:11 - 2013-10-22 15:11 - 00000000 ____D C:\Program Files\Broadcom Wireless 2013-10-22 15:07 - 2013-10-22 14:43 - 00332877 _____ C:\Windows\WindowsUpdate.log 2013-10-22 15:04 - 2013-10-22 15:04 - 00015830 _____ C:\Windows\system32\results.xml 2013-10-22 15:04 - 2013-10-22 14:49 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-22 15:04 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-22 15:03 - 2013-10-22 15:03 - 00000000 ____D C:\Program Files\Common Files\Intel 2013-10-22 15:03 - 2013-10-22 14:54 - 00000000 ____D C:\Program Files\Intel 2013-10-22 15:03 - 2013-10-22 14:54 - 00000000 ____D C:\Intel 2013-10-22 15:03 - 2009-07-14 06:34 - 00009776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-22 15:03 - 2009-07-14 06:34 - 00009776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-22 15:00 - 2013-10-22 15:00 - 00000308 _____ C:\Windows\PFRO.log 2013-10-22 15:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE 2013-10-22 14:59 - 2013-10-22 14:59 - 00001682 _____ C:\Users\Public\Desktop\Lenovo ReadyComm 5.lnk 2013-10-22 14:59 - 2013-10-22 14:59 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\Lenovo 2013-10-22 14:57 - 2013-10-22 14:57 - 00000000 ____D C:\Program Files\Common Files\postureAgent 2013-10-22 14:56 - 2013-10-22 14:56 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo 2013-10-22 14:53 - 2013-10-22 14:53 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS 2013-10-22 14:53 - 2013-10-22 14:53 - 00008194 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT 2013-10-22 14:53 - 2013-10-22 14:53 - 00002495 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk 2013-10-22 14:53 - 2013-10-22 14:53 - 00000000 ____D C:\Program Files\Vimicro 2013-10-22 14:53 - 2013-10-22 14:53 - 00000000 ____D C:\Program Files\USB Camera 2013-10-22 14:53 - 2013-10-22 14:52 - 00000000 ____D C:\ProgramData\Norton 2013-10-22 14:53 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\twain_32 2013-10-22 14:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system 2013-10-22 14:52 - 2013-10-22 14:52 - 41975200 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN2VDO59WW5.exe 2013-10-22 14:52 - 2013-10-22 14:52 - 28936760 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN1STW12WW5.exe 2013-10-22 14:52 - 2013-10-22 14:52 - 18351760 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN1SRM27WW5.exe 2013-10-22 14:52 - 2013-10-22 14:52 - 00000000 ____D C:\Windows\system32\Drivers\NIS 2013-10-22 14:52 - 2013-10-22 14:52 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\InstallShield 2013-10-22 14:52 - 2013-10-22 14:52 - 00000000 ____D C:\Program Files\Norton Internet Security 2013-10-22 14:51 - 2013-10-22 14:51 - 14556000 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN2WLN36WW5.exe 2013-10-22 14:51 - 2013-10-22 14:51 - 14251424 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN2THP33WW5.exe 2013-10-22 14:51 - 2013-10-22 14:51 - 07191128 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN1EGC41WW5.exe 2013-10-22 14:51 - 2013-10-22 14:51 - 04673328 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN4CAR19WW5.exe 2013-10-22 14:51 - 2013-10-22 14:51 - 03169680 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN1MEI05WW5.exe 2013-10-22 14:51 - 2013-10-22 14:51 - 02856280 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN6ETN06WW5.exe 2013-10-22 14:51 - 2013-10-22 14:51 - 01418096 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN1CHP17WW5.exe 2013-10-22 14:51 - 2013-10-22 14:50 - 19296464 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN1CAM31WW5.exe 2013-10-22 14:50 - 2013-10-22 14:50 - 43006304 _____ (Lenovo Group ) C:\Users\Jennifer Flemke\Downloads\IN7AUD12WW5.exe 2013-10-22 14:49 - 2013-10-22 14:49 - 00057560 _____ C:\Users\Jennifer Flemke\AppData\Local\GDIPFONTCACHEV1.DAT 2013-10-22 14:49 - 2013-10-22 14:49 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-10-22 14:49 - 2013-10-22 14:49 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Google 2013-10-22 14:49 - 2013-10-22 14:49 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Deployment 2013-10-22 14:49 - 2013-10-22 14:49 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Apps\2.0 2013-10-22 14:49 - 2013-10-22 14:49 - 00000000 ____D C:\Program Files\Google 2013-10-22 14:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-10-22 14:43 - 2013-10-22 15:37 - 00000000 ____D C:\Windows\Panther 2013-10-22 14:43 - 2013-10-22 14:43 - 00001409 _____ C:\Users\Jennifer Flemke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-10-22 14:43 - 2013-10-22 14:43 - 00000020 ___SH C:\Users\Jennifer Flemke\ntuser.ini 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Startmenü 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Netzwerkumgebung 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Druckumgebung 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Documents\Eigene Musik 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Documents\Eigene Bilder 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\AppData\Local\Verlauf 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Startmenü 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Druckumgebung 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Programme 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\ProgramData\Startmenü 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\ProgramData\Dokumente 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 __SHD C:\Recovery 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\VirtualStore 2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 ____D C:\Users\Jennifer Flemke 2013-10-22 14:43 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\restore 2013-10-22 14:43 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default 2013-10-22 14:43 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\Recovery 2013-10-22 14:43 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Windows NT 2013-10-22 14:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2013-10-22 14:41 - 2009-07-14 06:33 - 00265640 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-22 14:40 - 2013-10-22 14:39 - 00001313 _____ C:\Windows\TSSysprep.log 2013-10-22 14:39 - 2009-07-14 06:34 - 00001774 _____ C:\Windows\DtcInstall.log Some content of TEMP: ==================== C:\Users\Jennifer Flemke\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale de-DE inherit {globalsettings} default {current} resumeobject {932cc15a-bfba-11e2-a60c-dee802e9e49b} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows-Startladeprogramm ------------------------- Bezeichner {932cc150-bfba-11e2-a60c-dee802e9e49b} device ramdisk=[C:]\Recovery\932cc150-bfba-11e2-a60c-dee802e9e49b\Winre.wim,{932cc151-bfba-11e2-a60c-dee802e9e49b} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\932cc150-bfba-11e2-a60c-dee802e9e49b\Winre.wim,{932cc151-bfba-11e2-a60c-dee802e9e49b} systemroot \windows nx OptIn winpe Yes Windows-Startladeprogramm ------------------------- Bezeichner {932cc154-bfba-11e2-a60c-dee802e9e49b} device ramdisk=[C:]\Recovery\932cc154-bfba-11e2-a60c-dee802e9e49b\Winre.wim,{932cc155-bfba-11e2-a60c-dee802e9e49b} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\932cc154-bfba-11e2-a60c-dee802e9e49b\Winre.wim,{932cc155-bfba-11e2-a60c-dee802e9e49b} systemroot \windows nx OptIn winpe Yes Windows-Startladeprogramm ------------------------- Bezeichner {932cc158-bfba-11e2-a60c-dee802e9e49b} device ramdisk=[C:]\Recovery\932cc158-bfba-11e2-a60c-dee802e9e49b\Winre.wim,{932cc159-bfba-11e2-a60c-dee802e9e49b} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\932cc158-bfba-11e2-a60c-dee802e9e49b\Winre.wim,{932cc159-bfba-11e2-a60c-dee802e9e49b} systemroot \windows nx OptIn winpe Yes Windows-Startladeprogramm ------------------------- Bezeichner {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale de-DE inherit {bootloadersettings} recoverysequence {932cc15c-bfba-11e2-a60c-dee802e9e49b} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {932cc15a-bfba-11e2-a60c-dee802e9e49b} nx OptIn Windows-Startladeprogramm ------------------------- Bezeichner {932cc15c-bfba-11e2-a60c-dee802e9e49b} device ramdisk=[C:]\Recovery\932cc15c-bfba-11e2-a60c-dee802e9e49b\Winre.wim,{932cc15d-bfba-11e2-a60c-dee802e9e49b} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\932cc15c-bfba-11e2-a60c-dee802e9e49b\Winre.wim,{932cc15d-bfba-11e2-a60c-dee802e9e49b} systemroot \windows nx OptIn winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {932cc15a-bfba-11e2-a60c-dee802e9e49b} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Windows-Speicherdiagnose locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems Yes Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {932cc151-bfba-11e2-a60c-dee802e9e49b} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\932cc150-bfba-11e2-a60c-dee802e9e49b\boot.sdi Ger„teoptionen -------------- Bezeichner {932cc155-bfba-11e2-a60c-dee802e9e49b} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\932cc154-bfba-11e2-a60c-dee802e9e49b\boot.sdi Ger„teoptionen -------------- Bezeichner {932cc159-bfba-11e2-a60c-dee802e9e49b} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\932cc158-bfba-11e2-a60c-dee802e9e49b\boot.sdi Ger„teoptionen -------------- Bezeichner {932cc15d-bfba-11e2-a60c-dee802e9e49b} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\932cc15c-bfba-11e2-a60c-dee802e9e49b\boot.sdi LastRegBack: 2013-10-22 14:38 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-10-2013
Ran by xxxe at 2013-10-22 16:02:02
Running from C:\Users\xxx\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
7-Zip 9.20
Broadcom 802.11 Wireless Driver (Version: 1.0.0.0)
Energy Management (Version: 5.3.0.9)
Google Chrome (Version: 30.0.1599.101)
Google Update Helper (Version: 1.3.21.165)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2102)
Intel(R) Management Engine Components (Version: 6.0.0.1179)
Intel® Matrix Storage Manager
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.2.1.1400)
Lenovo EasyCamera (Version: 2.10.03.18.1)
Lenovo ReadyComm 5 (Version: 5.1.1.22)
Lenovo ReadyComm 5.0 Service (Version: 5.0.0.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Single Image 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Norton Internet Security (Version: 21.1.0.18)
PDFCreator (Version: 1.7.1)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30109)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419) (Version: 02/25/2010 6.2.0.9419)
Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417) (Version: 01/19/2010 6.2.0.1417)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0D4BA32B-3BBF-4E74-88D7-402FDBA78734} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {4D8121B3-00F2-43B9-B46C-4113D96E6417} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {721ABC92-796C-47FA-9C2E-A209D4EE6E7F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {7A2DC940-7F84-4663-ACDD-9B8595947305} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-22] (Google Inc.)
Task: {D98DC02C-6D6F-4BDA-B14B-701D88CE1555} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FFBC9587-37B2-4BCC-9D0B-9CDA207B94D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-22] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-02-17 22:17 - 2010-02-17 22:17 - 00132384 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2013-10-22 14:56 - 2008-12-20 03:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll
2013-10-22 14:56 - 2008-12-20 03:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
2013-10-22 14:49 - 2013-10-09 02:01 - 00698832 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-22 14:49 - 2013-10-09 02:01 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-22 14:49 - 2013-10-09 02:02 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-22 14:49 - 2013-10-09 02:02 - 00415184 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-22 14:49 - 2013-10-09 02:01 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-10-22 14:49 - 2013-10-09 02:02 - 13584336 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/22/2013 02:59:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/22/2013 02:59:42 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/22/2013 02:59:24 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (10/22/2013 03:56:40 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (10/22/2013 03:56:40 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (10/22/2013 03:56:39 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (10/22/2013 03:56:39 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (10/22/2013 03:56:38 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (10/22/2013 03:19:32 PM) (Source: BTHUSB) (User: )
Description: Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter und einem Gerät mit Bluetooth-Adapteradresse (00:1d:d8:95:71:54) ist fehlgeschlagen.
Error: (10/22/2013 03:10:44 PM) (Source: HidBth) (User: )
Description: Die ursprüngliche Verbindung mit dem Bluetooth-HID-Gerät (00:1d:d8:95:71:54) ist fehlgeschlagen. Das Gerät wurde als persönliches bzw. paarweises Gerät entfernt. Sie müssen das Gerät erneut installieren.
Error: (10/22/2013 03:09:41 PM) (Source: BTHUSB) (User: )
Description: Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter und einem Gerät mit Bluetooth-Adapteradresse (00:1d:d8:95:71:54) ist fehlgeschlagen.
Error: (10/22/2013 03:07:04 PM) (Source: BTHUSB) (User: )
Description: Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter und einem Gerät mit Bluetooth-Adapteradresse (00:1d:d8:95:71:54) ist fehlgeschlagen.
Error: (10/22/2013 02:45:36 PM) (Source: BTHUSB) (User: )
Description: Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter und einem Gerät mit Bluetooth-Adapteradresse (00:1d:d8:95:71:54) ist fehlgeschlagen.
Microsoft Office Sessions:
=========================
Error: (10/22/2013 02:59:55 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\Lenovo\ReadyComm\BTSvc.exe
Error: (10/22/2013 02:59:42 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\Lenovo\ReadyComm\ConnUtil.dll
Error: (10/22/2013 02:59:24 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\Installer\MSICBE8.tmp
==================== Memory info ===========================
Percentage of memory in use: 74%
Total physical RAM: 3188.51 MB
Available physical RAM: 798.93 MB
Total Pagefile: 6375.29 MB
Available Pagefile: 3413.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.07 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:156.15 GB) (Free:138.86 GB) NTFS
Drive d: () (Fixed) (Total:82.22 GB) (Free:82.13 GB) NTFS
Drive e: (Stecker) (Removable) (Total:7.26 GB) (Free:4.89 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: CC210C57)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=156 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=82 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
lg Geändert von MrsTrombone (22.10.2013 um 15:19 Uhr) |
|
22.10.2013, 15:54
| #2 |
| /// the machine /// TB-Ausbilder    | ZeroAcess-Infektion? hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
22.10.2013, 16:22
| #3 |
| | ZeroAcess-Infektion? Danke. Ich habs durchgeführt. Hier der Log
__________________Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org
Database version: v2013.10.22.06
Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
XXX :: XXX [administrator]
22.10.2013 17:09:22
mbar-log-2013-10-22 (17-09-22).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 187844
Time elapsed: 11 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
23.10.2013, 06:46
| #4 |
| /// the machine /// TB-Ausbilder | ZeroAcess-Infektion? Kannst Du mir das Log von MBAM zeigen, wo das drin steht mit dem Port?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.10.2013, 07:47
| #5 |
| | ZeroAcess-Infektion?Code:
ATTFilter 2013/10/23 07:32:00 +0200 XXX (null) MESSAGE Executing scheduled update: Daily
2013/10/23 07:32:03 +0200 XXX (null) ERROR Scheduled update failed: I/O error failed with error code 0
2013/10/23 07:32:07 +0200 XXX (null) MESSAGE Starting protection
2013/10/23 07:32:07 +0200 XXX (null) MESSAGE Protection started successfully
2013/10/23 07:32:07 +0200 XXX (null) MESSAGE Starting IP protection
2013/10/23 07:32:12 +0200 XXX (null) MESSAGE IP Protection started successfully
2013/10/23 08:31:22 +0200 XXX XXX IP-BLOCK 188.130.177.8 (Type: incoming, Port: 16471, Process: svchost.exe)
2013/10/23 08:43:08 +0200 XXX XXX IP-BLOCK 85.234.191.81 (Type: incoming, Port: 16471, Process: svchost.exe)
|
|
23.10.2013, 14:34
| #6 |
| /// the machine /// TB-Ausbilder | ZeroAcess-Infektion? Beobachte mal genauer, ob das nur an der Uni kommt....
__________________ --> ZeroAcess-Infektion? |
|
28.10.2013, 09:59
| #7 |
| | ZeroAcess-Infektion? Ich habe jetzt mal ein paar Tage beobachtet. Die Meldung kommt nur in der Uni. Zu Hause ist die Meldung nicht ein einziges Mal aufgetaucht. |
|
28.10.2013, 13:51
| #8 |
| /// the machine /// TB-Ausbilder | ZeroAcess-Infektion? Uni-Netzwerk 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.10.2013, 13:52
| #9 |
| | ZeroAcess-Infektion? Also brauch ich mir weiter keine Sorgen zu machen? Vielen lieben Dank für die Hilfe |
|
28.10.2013, 18:59
| #10 |
| /// the machine /// TB-Ausbilder | ZeroAcess-Infektion? Nope
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu ZeroAcess-Infektion? |
| adblock, authentifizierung, bootmgr, defender, error, excel, farbar, farbar recovery scan tool, fehler, firefox, format, harddisk, hdaudio.sys, helper, home, logfile, neu, norton internet security, port, programm, prozess, security, software, svchost.exe, symantec, system, system32, treiber, usb, usbvideo.sys, windows, wireless |
Linear-Darstellung
