Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ZeroAcess-Infektion?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.10.2013, 15:12   #1
MrsTrombone
 
ZeroAcess-Infektion? - Standard

ZeroAcess-Infektion?



Hallo.
Hatte heute eine ZeroAcess-Infektion und habe meinen Rechner neu aufgesetzt. Alle Partitionen vorher formattiert und anschließend Windows 7 neu installiert.

Scan mit Norton Internetsecurity (full) und Malwarebyte (fast) zeigt keine Infektion. ABER: Malwarebyte zeigt immer wieder an, dass der Prozess svchost.exe über Port 16741 eine Verbindung zulassen möchte. Das verunsichert mich jetzt doch, da ich gelesen habe, dass der Port kritisch ist.

Hier der LogFile von FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2013
Ran by XXX (administrator) on XXX on 22-10-2013 15:56:49
Running from C:\Users\XXX\Downloads
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 8 <-- WAS EIN SCHMARRN, ICH NUTZ CHROME/FIREFOX
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Vimicro) C:\Program Files\USB Camera\VM331_STI.EXE
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtTray.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Users\Jennifer Flemke\Downloads\X17-75062.exe
(Microsoft Corporation) C:\Users\JENNIF~1\AppData\Local\Temp\OWP3F6.tmp\setup.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Users\JENNIF~1\AppData\Local\Temp\ose00000.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\MsiExec.exe
(Microsoft Corporation) C:\Windows\system32\MsiExec.exe
(Microsoft Corporation) C:\Windows\system32\DrvInst.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [331BigDog] - C:\Program Files\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM\...\Run: [EnergyUtility] - C:\Program Files\Lenovo\Energy Management\utility.exe [4147136 2009-12-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [6223808 2009-12-26] (Lenovo (Beijing) Limited)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xED61FDF124CFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 132.199.1.163 132.199.1.2

FireFox:
========
FF ProfilePath: C:\Users\Jennifer Flemke\AppData\Roaming\Mozilla\Firefox\Profiles\wytl5eua.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\

Chrome: 
=======
CHR HomePage: hxxp://go.microsoft.com/fwlink/?LinkId=69157
CHR Extension: (Google Docs) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail Offline) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0
CHR Extension: (AdBlock) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (Google Mail Checker) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0
CHR Extension: (Norton Identity Protection) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0
CHR Extension: (ChromeReload) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\0.9.3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Auto-Reload) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\8.0.5_0
CHR Extension: (Gmail) - C:\Users\JENNIF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx

========================== Services (Whitelisted) =================

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [595232 2010-02-17] (Broadcom Corporation.)
S3 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-15] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [575304 2009-11-17] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\diMaster.dll [567600 2013-10-08] (Symantec Corporation)
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-15] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21256 2009-09-03] (Lenovo Corporation)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx86.sys [1097304 2013-09-26] (Symantec Corporation)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-10-22] (Symantec Corporation)
U3 EraserUtilDrv11311; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [108120 2013-10-22] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20130930.001\IDSVix86.sys [392792 2013-09-24] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131022.001\NAVENG.SYS [93272 2013-10-22] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131022.001\NAVEX15.SYS [1612376 2013-10-22] (Symantec Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-10-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NIS\1501000.012\SYMNETS.SYS [446552 2013-09-26] (Symantec Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [185856 2010-03-18] (Vimicro Corporation)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider)

========================== Drivers MD5 =======================

C:\Windows\system32\DRIVERS\1394ohci.sys 6D2ACA41739BFE8CB86EE8E85F29697D
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AcpiVpc.sys E4D3DD5A1FC4AEF696D34D4B97049343
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DDC040FDB01EF1712A6B13E52AFB104C
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsata.sys 2101A86C25C154F8314B24EF49D7FBC2
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys B81C2B5616F6420A9941EA093A92B150
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl6.sys CDA161020BF75B12728AE394196AD991
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx86.sys 0E901BFF4AECC503826A5DEAEB1784BC
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys FCAFAEF6798D7B51FF029F99A9898961
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\drivers\WDBridge.sys B35BB97B6DD9913093579F5C83962636
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BTHport.sys 4A34888E13224678DD062466AFEC4240
C:\Windows\System32\Drivers\BTHUSB.sys FA04C63916FA221DBB91FCE153D07A55
C:\Windows\System32\drivers\btusbflt.sys DD5361CF05025BD61A5D0115ECC2566F
C:\Windows\System32\drivers\btwaudio.sys F8B4F60768328FAA2FFE2727F66809F8
C:\Windows\System32\DRIVERS\btwavdt.sys FA7446DD38DE84D4988D1F2EBB854589
C:\Windows\System32\DRIVERS\btwl2cap.sys AAFD7CB76BA61FBB08E302DA208C974A
C:\Windows\System32\DRIVERS\btwrchid.sys D5862FBC1CBC0404614FD9D85C8D880E
C:\Windows\system32\drivers\NIS\1501000.012\ccSetx86.sys 56C2811FD0D7B727808A69407B5BFAE0
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 8E09E52EE2E3CEB199EF3DD99CF9E3FB
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 39806CFEDDCC55E686A49BCCD2972F23
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys E1E3804F7C59EA3E14637C2A763F65E2
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys 6D84DFC3B5C5052881BF50470D0C03D1
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys 5592F5DBA26282D24D2B080EB438A4D7
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D483687EACE0C065EE772481A96E05F5
C:\Windows\system32\DRIVERS\iaStorV.sys 934AF4D7C5F457B9F0743F4299B77B67
C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20130930.001\IDSVix86.sys 2319D48CE20FA984E30C42411CC8FACC
C:\Windows\System32\DRIVERS\igdkmd32.sys B6EC6C6AC3CED90963430534A92DC7A7
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys E3C36AC5AE87EC970AE8EA2A93D59AE1
C:\Windows\System32\DRIVERS\IntcDAud.sys BF31740828A26AB451803E3B35432651
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x86.sys 6C32BFEAB708915D6BBF4B20D4F3EF7B
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 4470E3C1E0C3378E4CAB137893C12C3A
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys F4A054BE78AF7F410129C4B64B07DC9B
C:\Windows\System32\DRIVERS\mrxsmb10.sys DEFFA295BD1895C6ED8E3078412AC60B
C:\Windows\System32\DRIVERS\mrxsmb20.sys 24D76ABE5DCAD22F19D105F76FDF0CE1
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131022.001\NAVENG.SYS 81E928EE3751FAF725C87CC17726C05D
C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131022.001\NAVEX15.SYS E0C39FA6C76AE8ED53ABF043F35ECDFF
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 3795DCD21F740EE799FB7223234215AF
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nvraid.sys 3F3D04B1D08D43C16EA7963954EC768D
C:\Windows\system32\DRIVERS\nvstor.sys C99F251A5DE63C6F129CF71933ACED0F
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys C858CB77C577780ECC456A892E7E7D0F
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 835D7E81BF517A3B72384BDCC85E1CE6
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys 1E016846895B15A99F9A176A05029075
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 0399C725A9C95A6F1862B93F008DDF4A
C:\Windows\System32\drivers\rdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7
C:\Windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 6B065C88A4C05CF44793AC2BFC331AC5
C:\Windows\system32\DRIVERS\sbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5
C:\Windows\System32\DRIVERS\scfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys 4F1E5B0FE7C8050668DBFADE8999AEFB
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\system32\drivers\NIS\1501000.012\SRTSP.SYS 40714B1C586AF7E61BED7AE1D5113280
C:\Windows\system32\drivers\NIS\1501000.012\SRTSPX.SYS 1B6D68043F488F70E889276E1585B7AA
C:\Windows\System32\DRIVERS\srv.sys 2BA4EBC7DFBA845A1EDBE1F75913BE33
C:\Windows\System32\DRIVERS\srv2.sys DCE7E10FEAABD4CAE95948B3DE5340BB
C:\Windows\System32\DRIVERS\srvnet.sys B5665BAA2120B8A54E22E9CD07C05106
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\NIS\1501000.012\SYMDS.SYS 4C3DEF736D3857570166DE5C858600F5
C:\Windows\System32\drivers\NIS\1501000.012\SYMEFA.SYS 68762EF9ED8A8D4A07112B3E3590EA29
C:\Windows\system32\Drivers\SYMEVENT.SYS E987A9CB539147527F56943BB34B7375
C:\Windows\system32\drivers\NIS\1501000.012\Ironx86.SYS E3A3CA230C7547364BB3D9DA0C301A36
C:\Windows\system32\drivers\NIS\1501000.012\SYMNETS.SYS 645B1DF38BB0F91433E752852DB1E513
C:\Windows\System32\drivers\tcpip.sys 2CC3D75488ABD3EC628BBB9A4FC84EFC
C:\Windows\System32\DRIVERS\tcpip.sys 2CC3D75488ABD3EC628BBB9A4FC84EFC
C:\Windows\System32\drivers\tcpipreg.sys E64444523ADD154F86567C469BC0B17F
C:\Windows\System32\drivers\tdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF
C:\Windows\System32\drivers\tdtcp.sys 7156308896D34EA75A582F9A09E50C17
C:\Windows\System32\DRIVERS\tdx.sys CB39E896A2A83702D1737BFD402B3542
C:\Windows\System32\DRIVERS\termdd.sys C36F41EE20E6999DBF4B0425963268A5
C:\Windows\System32\DRIVERS\tssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242
C:\Windows\System32\DRIVERS\tunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 09CC3E16F8E5EE7168E01CF8FCBE061A
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 049B3A50B3D646BAEEEE9EEC9B0668DC
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 8455C4ED038EFD09E99327F9D2D48FFA
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 1C333BFD60F2FED2C7AD5DAF533CB742
C:\Windows\System32\DRIVERS\usbhub.sys EE6EF93CCFA94FAE8C6AB298273D8AE2
C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS D8889D56E0D27E57ED4591837FE71D27
C:\Windows\system32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys F642A7E4BF78CFA359CCA0A3557C28D7
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583
C:\Windows\system32\DRIVERS\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\vm331avs.sys 1C14F7C49ADFE82ED40902C58787F2F2
C:\Windows\System32\DRIVERS\volmgr.sys 384E5A2AA49934295171E499F86BA6F3
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys 58DF9D2481A56EDDE167E51B334D44FD
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WDMirror.sys EA4E9DD00E69B35F9BD3D39ACB113E3F
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 6F9B6C0C93232CFF47D0F72D6DB1D21E
C:\Windows\System32\DRIVERS\WUDFRd.sys F91FF1E51FCA30B3C3981DB7D5924252

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-22 15:56 - 2013-10-22 15:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-10-22 15:56 - 2013-10-22 15:56 - 00000000 ____D C:\FRST
2013-10-22 15:54 - 2013-10-22 15:54 - 01087503 _____ (Farbar) C:\Users\Jennifer Flemke\Downloads\FRST.exe
2013-10-22 15:49 - 2013-10-22 15:49 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\pdfforge
2013-10-22 15:49 - 2013-10-22 15:49 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-10-22 15:48 - 2013-10-22 15:52 - 00000000 ____D C:\Program Files\PDFCreator
2013-10-22 15:48 - 2013-10-22 15:48 - 00000000 ____D C:\Windows\PCHEALTH
2013-10-22 15:48 - 2013-10-22 15:48 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-10-22 15:48 - 2013-04-09 15:13 - 00095416 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2013-10-22 15:48 - 2013-01-09 15:52 - 01070152 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCTL.OCX
2013-10-22 15:48 - 2012-05-05 11:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCT2.OCX
2013-10-22 15:48 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\system32\MSMAPI32.OCX
2013-10-22 15:48 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\MSMPIDE.DLL
2013-10-22 15:48 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\system32\VB6DE.DLL
2013-10-22 15:48 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\MSCMCDE.DLL
2013-10-22 15:48 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\MSCC2DE.DLL
2013-10-22 15:43 - 2013-10-22 15:43 - 17810632 _____ (pdfforge GmbH) C:\Users\Jennifer Flemke\Downloads\PDFCreator-1_7_1_setup.exe
2013-10-22 15:43 - 2013-10-22 15:43 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-10-22 15:42 - 2013-10-22 15:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-22 15:42 - 2013-10-22 15:48 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-22 15:42 - 2013-10-22 15:42 - 00000000 __RHD C:\MSOCache
2013-10-22 15:42 - 2013-10-22 15:42 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Microsoft Help
2013-10-22 15:37 - 2013-10-22 14:43 - 00000000 ____D C:\Windows\Panther
2013-10-22 15:25 - 2013-10-22 15:37 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\Mozilla
2013-10-22 15:25 - 2013-10-22 15:25 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Mozilla
2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\ProgramData\Mozilla
2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-22 15:24 - 2013-10-22 15:24 - 01110476 _____ C:\Users\Jennifer Flemke\Downloads\7z920.exe
2013-10-22 15:24 - 2013-10-22 15:24 - 00000000 ____D C:\Program Files\7-Zip
2013-10-22 15:23 - 2013-10-22 15:23 - 00281896 _____ (Mozilla) C:\Users\Jennifer Flemke\Downloads\Firefox Setup Stub 24.0.exe
2013-10-22 15:21 - 2013-10-22 15:21 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-22 15:21 - 2013-10-22 15:21 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\Malwarebytes
2013-10-22 15:21 - 2013-10-22 15:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-22 15:21 - 2013-10-22 15:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-22 15:21 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-22 15:20 - 2013-10-22 15:28 - 1025493776 _____ (Microsoft Corporation) C:\Users\Jennifer Flemke\Downloads\X17-75062.exe
2013-10-22 15:20 - 2013-10-22 15:20 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Jennifer Flemke\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-22 15:17 - 2013-10-22 15:17 - 00000000 ____D C:\Users\Jennifer Flemke\Documents\Bluetooth-Exchange-Ordner
2013-10-22 15:17 - 2013-10-22 15:17 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Broadcom
2013-10-22 15:16 - 2013-10-22 15:16 - 00000000 ____D C:\Program Files\DIFX
2013-10-22 15:16 - 2010-01-15 07:22 - 00108072 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2013-10-22 15:16 - 2010-01-15 07:22 - 00086056 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2013-10-22 15:16 - 2010-01-15 07:22 - 00018472 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2013-10-22 15:16 - 2009-11-30 09:53 - 00045352 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btusbflt.sys
2013-10-22 15:16 - 2009-04-07 08:32 - 00029472 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2013-10-22 15:15 - 2013-10-22 15:15 - 49716840 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN3BTH56WW5.exe
2013-10-22 15:13 - 2013-10-22 15:14 - 14251424 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN2THP33WW5 (1).exe
2013-10-22 15:12 - 2013-10-22 15:12 - 00000000 ____D C:\Program Files\Realtek
2013-10-22 15:12 - 2009-11-11 09:11 - 07367200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSUSTORicon.dll
2013-10-22 15:12 - 2009-11-11 09:11 - 00181792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys
2013-10-22 15:11 - 2013-10-22 15:16 - 00015566 _____ C:\Windows\DPINST.LOG
2013-10-22 15:11 - 2013-10-22 15:11 - 00000000 ____D C:\Program Files\Broadcom Wireless
2013-10-22 15:11 - 2010-02-02 15:47 - 03866624 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv.dll
2013-10-22 15:11 - 2010-02-02 15:47 - 03555328 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui.dll
2013-10-22 15:11 - 2010-02-02 15:47 - 02707448 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL6.SYS
2013-10-22 15:11 - 2010-02-02 15:47 - 00091376 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
2013-10-22 15:04 - 2013-10-22 15:04 - 00015830 _____ C:\Windows\system32\results.xml
2013-10-22 15:03 - 2013-10-22 15:03 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-10-22 15:00 - 2013-10-22 15:00 - 00000308 _____ C:\Windows\PFRO.log
2013-10-22 14:59 - 2013-10-22 14:59 - 00001682 _____ C:\Users\Public\Desktop\Lenovo ReadyComm 5.lnk
2013-10-22 14:59 - 2013-10-22 14:59 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\Lenovo
2013-10-22 14:59 - 2009-07-28 21:09 - 00063240 _____ (Lenovo) C:\Windows\system32\Drivers\wdbridge.sys
2013-10-22 14:59 - 2009-07-28 21:09 - 00018184 _____ (Lenovo) C:\Windows\system32\WDMirror.dll
2013-10-22 14:59 - 2009-07-16 12:37 - 00011792 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\WDMirror.sys
2013-10-22 14:59 - 2009-07-14 17:22 - 00016648 ____R C:\Windows\system32\LogAPI.dll
2013-10-22 14:58 - 2009-06-04 18:43 - 00330264 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys
2013-10-22 14:57 - 2013-10-22 14:57 - 00000000 ____D C:\Program Files\Common Files\postureAgent
2013-10-22 14:56 - 2013-10-22 15:16 - 00000000 ____D C:\Program Files\Lenovo
2013-10-22 14:56 - 2013-10-22 14:56 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2013-10-22 14:56 - 2009-09-17 06:54 - 00041088 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECI.sys
2013-10-22 14:56 - 2009-09-03 10:16 - 00021256 _____ (Lenovo Corporation) C:\Windows\system32\Drivers\AcpiVpc.sys
2013-10-22 14:54 - 2013-10-22 15:03 - 00000000 ____D C:\Program Files\Intel
2013-10-22 14:54 - 2013-10-22 15:03 - 00000000 ____D C:\Intel
2013-10-22 14:54 - 2009-08-18 07:44 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll
2013-10-22 14:53 - 2013-10-22 15:40 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-10-22 14:53 - 2013-10-22 15:12 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-22 14:53 - 2013-10-22 14:53 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-10-22 14:53 - 2013-10-22 14:53 - 00008194 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-10-22 14:53 - 2013-10-22 14:53 - 00002495 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-10-22 14:53 - 2013-10-22 14:53 - 00000000 ____D C:\Program Files\Vimicro
2013-10-22 14:53 - 2013-10-22 14:53 - 00000000 ____D C:\Program Files\USB Camera
2013-10-22 14:53 - 2010-03-18 18:34 - 00185856 _____ (Vimicro Corporation) C:\Windows\system32\Drivers\vm331avs.sys
2013-10-22 14:53 - 2010-03-18 17:49 - 00001341 _____ C:\Windows\vm331Rmv.ini
2013-10-22 14:53 - 2010-01-15 20:22 - 00184320 _____ (Vimicro Corporation) C:\Windows\system32\VmCoinst.dll
2013-10-22 14:53 - 2009-12-14 16:50 - 00655360 _____ C:\Windows\system32\vmprp331.ax
2013-10-22 14:53 - 2009-11-09 14:39 - 00007409 _____ C:\Windows\system\vm331avs.rsf
2013-10-22 14:53 - 2008-12-23 17:07 - 00208896 _____ (Vimicro) C:\Windows\Reg331Unstal.dll
2013-10-22 14:52 - 2013-10-22 14:53 - 00000000 ____D C:\ProgramData\Norton
2013-10-22 14:52 - 2013-10-22 14:52 - 41975200 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN2VDO59WW5.exe
2013-10-22 14:52 - 2013-10-22 14:52 - 28936760 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN1STW12WW5.exe
2013-10-22 14:52 - 2013-10-22 14:52 - 18351760 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN1SRM27WW5.exe
2013-10-22 14:52 - 2013-10-22 14:52 - 00000000 ____D C:\Windows\system32\Drivers\NIS
2013-10-22 14:52 - 2013-10-22 14:52 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\InstallShield
2013-10-22 14:52 - 2013-10-22 14:52 - 00000000 ____D C:\Program Files\Norton Internet Security
2013-10-22 14:51 - 2013-10-22 14:51 - 14556000 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN2WLN36WW5.exe
2013-10-22 14:51 - 2013-10-22 14:51 - 14251424 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN2THP33WW5.exe
2013-10-22 14:51 - 2013-10-22 14:51 - 07191128 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN1EGC41WW5.exe
2013-10-22 14:51 - 2013-10-22 14:51 - 04673328 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN4CAR19WW5.exe
2013-10-22 14:51 - 2013-10-22 14:51 - 03169680 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN1MEI05WW5.exe
2013-10-22 14:51 - 2013-10-22 14:51 - 02856280 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN6ETN06WW5.exe
2013-10-22 14:51 - 2013-10-22 14:51 - 01418096 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN1CHP17WW5.exe
2013-10-22 14:50 - 2013-10-22 14:51 - 19296464 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN1CAM31WW5.exe
2013-10-22 14:50 - 2013-10-22 14:50 - 43006304 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN7AUD12WW5.exe
2013-10-22 14:49 - 2013-10-22 16:00 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-22 14:49 - 2013-10-22 15:04 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-22 14:49 - 2013-10-22 14:49 - 00057560 _____ C:\Users\Jennifer Flemke\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-22 14:49 - 2013-10-22 14:49 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-22 14:49 - 2013-10-22 14:49 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Google
2013-10-22 14:49 - 2013-10-22 14:49 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Deployment
2013-10-22 14:49 - 2013-10-22 14:49 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Apps\2.0
2013-10-22 14:49 - 2013-10-22 14:49 - 00000000 ____D C:\Program Files\Google
2013-10-22 14:47 - 2013-10-22 15:22 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-22 14:46 - 2012-02-15 07:44 - 00826368 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2013-10-22 14:46 - 2012-02-15 06:22 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2013-10-22 14:46 - 2012-02-15 06:22 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2013-10-22 14:46 - 2010-01-09 08:52 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2013-10-22 14:43 - 2013-10-22 15:07 - 00332877 _____ C:\Windows\WindowsUpdate.log
2013-10-22 14:43 - 2013-10-22 14:43 - 00001409 _____ C:\Users\Jennifer Flemke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-22 14:43 - 2013-10-22 14:43 - 00000020 ___SH C:\Users\Jennifer Flemke\ntuser.ini
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Startmenü
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Netzwerkumgebung
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Druckumgebung
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Documents\Eigene Musik
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Documents\Eigene Bilder
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\AppData\Local\Verlauf
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Programme
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 __SHD C:\Recovery
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\VirtualStore
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 ____D C:\Users\Jennifer Flemke
2013-10-22 14:43 - 2012-06-03 00:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-10-22 14:43 - 2012-06-03 00:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-10-22 14:43 - 2012-06-03 00:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-10-22 14:43 - 2012-06-03 00:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-10-22 14:43 - 2012-06-03 00:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-10-22 14:43 - 2012-06-03 00:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-10-22 14:43 - 2012-06-03 00:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-10-22 14:43 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-10-22 14:43 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-10-22 14:43 - 2009-07-14 06:42 - 00000000 ___RD C:\Users\Jennifer Flemke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-22 14:43 - 2009-07-14 06:37 - 00000000 ___RD C:\Users\Jennifer Flemke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-22 14:39 - 2013-10-22 14:40 - 00001313 _____ C:\Windows\TSSysprep.log

==================== One Month Modified Files and Folders =======

2013-10-22 16:00 - 2013-10-22 14:49 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-22 15:56 - 2013-10-22 15:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-10-22 15:56 - 2013-10-22 15:56 - 00000000 ____D C:\FRST
2013-10-22 15:56 - 2013-10-22 15:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-22 15:56 - 2009-07-14 06:39 - 00017224 _____ C:\Windows\setupact.log
2013-10-22 15:54 - 2013-10-22 15:54 - 01087503 _____ (Farbar) C:\Users\Jennifer Flemke\Downloads\FRST.exe
2013-10-22 15:52 - 2013-10-22 15:48 - 00000000 ____D C:\Program Files\PDFCreator
2013-10-22 15:49 - 2013-10-22 15:49 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\pdfforge
2013-10-22 15:49 - 2013-10-22 15:49 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-10-22 15:49 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-10-22 15:48 - 2013-10-22 15:48 - 00000000 ____D C:\Windows\PCHEALTH
2013-10-22 15:48 - 2013-10-22 15:48 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-10-22 15:48 - 2013-10-22 15:42 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-22 15:43 - 2013-10-22 15:43 - 17810632 _____ (pdfforge GmbH) C:\Users\Jennifer Flemke\Downloads\PDFCreator-1_7_1_setup.exe
2013-10-22 15:43 - 2013-10-22 15:43 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-10-22 15:43 - 2009-07-14 10:57 - 00000000 ____D C:\Windows\ShellNew
2013-10-22 15:42 - 2013-10-22 15:42 - 00000000 __RHD C:\MSOCache
2013-10-22 15:42 - 2013-10-22 15:42 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Microsoft Help
2013-10-22 15:40 - 2013-10-22 14:53 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-10-22 15:37 - 2013-10-22 15:25 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\Mozilla
2013-10-22 15:36 - 2009-07-14 06:57 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2013-10-22 15:36 - 2009-07-14 06:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2013-10-22 15:28 - 2013-10-22 15:20 - 1025493776 _____ (Microsoft Corporation) C:\Users\Jennifer Flemke\Downloads\X17-75062.exe
2013-10-22 15:25 - 2013-10-22 15:25 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Mozilla
2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\ProgramData\Mozilla
2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-22 15:24 - 2013-10-22 15:24 - 01110476 _____ C:\Users\Jennifer Flemke\Downloads\7z920.exe
2013-10-22 15:24 - 2013-10-22 15:24 - 00000000 ____D C:\Program Files\7-Zip
2013-10-22 15:23 - 2013-10-22 15:23 - 00281896 _____ (Mozilla) C:\Users\Jennifer Flemke\Downloads\Firefox Setup Stub 24.0.exe
2013-10-22 15:22 - 2013-10-22 14:47 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-22 15:21 - 2013-10-22 15:21 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-22 15:21 - 2013-10-22 15:21 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\Malwarebytes
2013-10-22 15:21 - 2013-10-22 15:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-22 15:21 - 2013-10-22 15:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-22 15:20 - 2013-10-22 15:20 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Jennifer Flemke\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-22 15:17 - 2013-10-22 15:17 - 00000000 ____D C:\Users\Jennifer Flemke\Documents\Bluetooth-Exchange-Ordner
2013-10-22 15:17 - 2013-10-22 15:17 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Broadcom
2013-10-22 15:16 - 2013-10-22 15:16 - 00000000 ____D C:\Program Files\DIFX
2013-10-22 15:16 - 2013-10-22 15:11 - 00015566 _____ C:\Windows\DPINST.LOG
2013-10-22 15:16 - 2013-10-22 14:56 - 00000000 ____D C:\Program Files\Lenovo
2013-10-22 15:15 - 2013-10-22 15:15 - 49716840 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN3BTH56WW5.exe
2013-10-22 15:14 - 2013-10-22 15:13 - 14251424 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN2THP33WW5 (1).exe
2013-10-22 15:12 - 2013-10-22 15:12 - 00000000 ____D C:\Program Files\Realtek
2013-10-22 15:12 - 2013-10-22 14:53 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-22 15:11 - 2013-10-22 15:11 - 00000000 ____D C:\Program Files\Broadcom Wireless
2013-10-22 15:07 - 2013-10-22 14:43 - 00332877 _____ C:\Windows\WindowsUpdate.log
2013-10-22 15:04 - 2013-10-22 15:04 - 00015830 _____ C:\Windows\system32\results.xml
2013-10-22 15:04 - 2013-10-22 14:49 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-22 15:04 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-22 15:03 - 2013-10-22 15:03 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-10-22 15:03 - 2013-10-22 14:54 - 00000000 ____D C:\Program Files\Intel
2013-10-22 15:03 - 2013-10-22 14:54 - 00000000 ____D C:\Intel
2013-10-22 15:03 - 2009-07-14 06:34 - 00009776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-22 15:03 - 2009-07-14 06:34 - 00009776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-22 15:00 - 2013-10-22 15:00 - 00000308 _____ C:\Windows\PFRO.log
2013-10-22 15:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-22 14:59 - 2013-10-22 14:59 - 00001682 _____ C:\Users\Public\Desktop\Lenovo ReadyComm 5.lnk
2013-10-22 14:59 - 2013-10-22 14:59 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\Lenovo
2013-10-22 14:57 - 2013-10-22 14:57 - 00000000 ____D C:\Program Files\Common Files\postureAgent
2013-10-22 14:56 - 2013-10-22 14:56 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2013-10-22 14:53 - 2013-10-22 14:53 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-10-22 14:53 - 2013-10-22 14:53 - 00008194 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-10-22 14:53 - 2013-10-22 14:53 - 00002495 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-10-22 14:53 - 2013-10-22 14:53 - 00000000 ____D C:\Program Files\Vimicro
2013-10-22 14:53 - 2013-10-22 14:53 - 00000000 ____D C:\Program Files\USB Camera
2013-10-22 14:53 - 2013-10-22 14:52 - 00000000 ____D C:\ProgramData\Norton
2013-10-22 14:53 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\twain_32
2013-10-22 14:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system
2013-10-22 14:52 - 2013-10-22 14:52 - 41975200 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN2VDO59WW5.exe
2013-10-22 14:52 - 2013-10-22 14:52 - 28936760 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN1STW12WW5.exe
2013-10-22 14:52 - 2013-10-22 14:52 - 18351760 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN1SRM27WW5.exe
2013-10-22 14:52 - 2013-10-22 14:52 - 00000000 ____D C:\Windows\system32\Drivers\NIS
2013-10-22 14:52 - 2013-10-22 14:52 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Roaming\InstallShield
2013-10-22 14:52 - 2013-10-22 14:52 - 00000000 ____D C:\Program Files\Norton Internet Security
2013-10-22 14:51 - 2013-10-22 14:51 - 14556000 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN2WLN36WW5.exe
2013-10-22 14:51 - 2013-10-22 14:51 - 14251424 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN2THP33WW5.exe
2013-10-22 14:51 - 2013-10-22 14:51 - 07191128 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN1EGC41WW5.exe
2013-10-22 14:51 - 2013-10-22 14:51 - 04673328 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN4CAR19WW5.exe
2013-10-22 14:51 - 2013-10-22 14:51 - 03169680 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN1MEI05WW5.exe
2013-10-22 14:51 - 2013-10-22 14:51 - 02856280 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN6ETN06WW5.exe
2013-10-22 14:51 - 2013-10-22 14:51 - 01418096 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN1CHP17WW5.exe
2013-10-22 14:51 - 2013-10-22 14:50 - 19296464 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN1CAM31WW5.exe
2013-10-22 14:50 - 2013-10-22 14:50 - 43006304 _____ (Lenovo Group                                                ) C:\Users\Jennifer Flemke\Downloads\IN7AUD12WW5.exe
2013-10-22 14:49 - 2013-10-22 14:49 - 00057560 _____ C:\Users\Jennifer Flemke\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-22 14:49 - 2013-10-22 14:49 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-22 14:49 - 2013-10-22 14:49 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Google
2013-10-22 14:49 - 2013-10-22 14:49 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Deployment
2013-10-22 14:49 - 2013-10-22 14:49 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\Apps\2.0
2013-10-22 14:49 - 2013-10-22 14:49 - 00000000 ____D C:\Program Files\Google
2013-10-22 14:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-22 14:43 - 2013-10-22 15:37 - 00000000 ____D C:\Windows\Panther
2013-10-22 14:43 - 2013-10-22 14:43 - 00001409 _____ C:\Users\Jennifer Flemke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-22 14:43 - 2013-10-22 14:43 - 00000020 ___SH C:\Users\Jennifer Flemke\ntuser.ini
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Startmenü
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Netzwerkumgebung
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Druckumgebung
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Documents\Eigene Musik
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\Documents\Eigene Bilder
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Jennifer Flemke\AppData\Local\Verlauf
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\Programme
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 __SHD C:\Recovery
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 ____D C:\Users\Jennifer Flemke\AppData\Local\VirtualStore
2013-10-22 14:43 - 2013-10-22 14:43 - 00000000 ____D C:\Users\Jennifer Flemke
2013-10-22 14:43 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\restore
2013-10-22 14:43 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-10-22 14:43 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\Recovery
2013-10-22 14:43 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Windows NT
2013-10-22 14:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-10-22 14:41 - 2009-07-14 06:33 - 00265640 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-22 14:40 - 2013-10-22 14:39 - 00001313 _____ C:\Windows\TSSysprep.log
2013-10-22 14:39 - 2009-07-14 06:34 - 00001774 _____ C:\Windows\DtcInstall.log

Some content of TEMP:
====================
C:\Users\Jennifer Flemke\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {current}
resumeobject            {932cc15a-bfba-11e2-a60c-dee802e9e49b}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {932cc150-bfba-11e2-a60c-dee802e9e49b}
device                  ramdisk=[C:]\Recovery\932cc150-bfba-11e2-a60c-dee802e9e49b\Winre.wim,{932cc151-bfba-11e2-a60c-dee802e9e49b}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\932cc150-bfba-11e2-a60c-dee802e9e49b\Winre.wim,{932cc151-bfba-11e2-a60c-dee802e9e49b}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows-Startladeprogramm
-------------------------
Bezeichner              {932cc154-bfba-11e2-a60c-dee802e9e49b}
device                  ramdisk=[C:]\Recovery\932cc154-bfba-11e2-a60c-dee802e9e49b\Winre.wim,{932cc155-bfba-11e2-a60c-dee802e9e49b}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\932cc154-bfba-11e2-a60c-dee802e9e49b\Winre.wim,{932cc155-bfba-11e2-a60c-dee802e9e49b}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows-Startladeprogramm
-------------------------
Bezeichner              {932cc158-bfba-11e2-a60c-dee802e9e49b}
device                  ramdisk=[C:]\Recovery\932cc158-bfba-11e2-a60c-dee802e9e49b\Winre.wim,{932cc159-bfba-11e2-a60c-dee802e9e49b}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\932cc158-bfba-11e2-a60c-dee802e9e49b\Winre.wim,{932cc159-bfba-11e2-a60c-dee802e9e49b}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {932cc15c-bfba-11e2-a60c-dee802e9e49b}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {932cc15a-bfba-11e2-a60c-dee802e9e49b}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {932cc15c-bfba-11e2-a60c-dee802e9e49b}
device                  ramdisk=[C:]\Recovery\932cc15c-bfba-11e2-a60c-dee802e9e49b\Winre.wim,{932cc15d-bfba-11e2-a60c-dee802e9e49b}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\932cc15c-bfba-11e2-a60c-dee802e9e49b\Winre.wim,{932cc15d-bfba-11e2-a60c-dee802e9e49b}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {932cc15a-bfba-11e2-a60c-dee802e9e49b}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {932cc151-bfba-11e2-a60c-dee802e9e49b}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\932cc150-bfba-11e2-a60c-dee802e9e49b\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {932cc155-bfba-11e2-a60c-dee802e9e49b}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\932cc154-bfba-11e2-a60c-dee802e9e49b\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {932cc159-bfba-11e2-a60c-dee802e9e49b}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\932cc158-bfba-11e2-a60c-dee802e9e49b\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {932cc15d-bfba-11e2-a60c-dee802e9e49b}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\932cc15c-bfba-11e2-a60c-dee802e9e49b\boot.sdi



LastRegBack: 2013-10-22 14:38

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-10-2013
Ran by xxxe at 2013-10-22 16:02:02
Running from C:\Users\xxx\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

7-Zip 9.20
Broadcom 802.11 Wireless Driver (Version: 1.0.0.0)
Energy Management (Version: 5.3.0.9)
Google Chrome (Version: 30.0.1599.101)
Google Update Helper (Version: 1.3.21.165)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2102)
Intel(R) Management Engine Components (Version: 6.0.0.1179)
Intel® Matrix Storage Manager
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.2.1.1400)
Lenovo EasyCamera (Version: 2.10.03.18.1)
Lenovo ReadyComm 5 (Version: 5.1.1.22)
Lenovo ReadyComm 5.0 Service (Version: 5.0.0.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Single Image 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Norton Internet Security (Version: 21.1.0.18)
PDFCreator (Version: 1.7.1)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30109)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (02/25/2010 6.2.0.9419) (Version: 02/25/2010 6.2.0.9419)
Windows Driver Package - Broadcom Bluetooth  (01/19/2010 6.2.0.1417) (Version: 01/19/2010 6.2.0.1417)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0D4BA32B-3BBF-4E74-88D7-402FDBA78734} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {4D8121B3-00F2-43B9-B46C-4113D96E6417} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {721ABC92-796C-47FA-9C2E-A209D4EE6E7F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {7A2DC940-7F84-4663-ACDD-9B8595947305} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-22] (Google Inc.)
Task: {D98DC02C-6D6F-4BDA-B14B-701D88CE1555} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FFBC9587-37B2-4BCC-9D0B-9CDA207B94D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-22] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-02-17 22:17 - 2010-02-17 22:17 - 00132384 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2013-10-22 14:56 - 2008-12-20 03:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll
2013-10-22 14:56 - 2008-12-20 03:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
2013-10-22 14:49 - 2013-10-09 02:01 - 00698832 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-22 14:49 - 2013-10-09 02:01 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-22 14:49 - 2013-10-09 02:02 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-22 14:49 - 2013-10-09 02:02 - 00415184 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-22 14:49 - 2013-10-09 02:01 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-10-22 14:49 - 2013-10-09 02:02 - 13584336 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2013 02:59:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/22/2013 02:59:42 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/22/2013 02:59:24 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (10/22/2013 03:56:40 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (10/22/2013 03:56:40 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (10/22/2013 03:56:39 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (10/22/2013 03:56:39 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (10/22/2013 03:56:38 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (10/22/2013 03:19:32 PM) (Source: BTHUSB) (User: )
Description: Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter und einem Gerät mit Bluetooth-Adapteradresse (00:1d:d8:95:71:54) ist fehlgeschlagen.

Error: (10/22/2013 03:10:44 PM) (Source: HidBth) (User: )
Description: Die ursprüngliche Verbindung mit dem Bluetooth-HID-Gerät (00:1d:d8:95:71:54) ist fehlgeschlagen. Das Gerät wurde als persönliches bzw. paarweises Gerät entfernt. Sie müssen das Gerät erneut installieren.

Error: (10/22/2013 03:09:41 PM) (Source: BTHUSB) (User: )
Description: Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter und einem Gerät mit Bluetooth-Adapteradresse (00:1d:d8:95:71:54) ist fehlgeschlagen.

Error: (10/22/2013 03:07:04 PM) (Source: BTHUSB) (User: )
Description: Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter und einem Gerät mit Bluetooth-Adapteradresse (00:1d:d8:95:71:54) ist fehlgeschlagen.

Error: (10/22/2013 02:45:36 PM) (Source: BTHUSB) (User: )
Description: Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter und einem Gerät mit Bluetooth-Adapteradresse (00:1d:d8:95:71:54) ist fehlgeschlagen.


Microsoft Office Sessions:
=========================
Error: (10/22/2013 02:59:55 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\Lenovo\ReadyComm\BTSvc.exe

Error: (10/22/2013 02:59:42 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\Lenovo\ReadyComm\ConnUtil.dll

Error: (10/22/2013 02:59:24 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\Installer\MSICBE8.tmp


==================== Memory info =========================== 

Percentage of memory in use: 74%
Total physical RAM: 3188.51 MB
Available physical RAM: 798.93 MB
Total Pagefile: 6375.29 MB
Available Pagefile: 3413.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:156.15 GB) (Free:138.86 GB) NTFS
Drive d: () (Fixed) (Total:82.22 GB) (Free:82.13 GB) NTFS
Drive e: (Stecker) (Removable) (Total:7.26 GB) (Free:4.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: CC210C57)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=156 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=82 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Vielen Dank schon mal für die Hilfe. Der Rechner ist erst seit einer Stunde neu eingerichtet... ich hoffe, ich muss nicht noch mal ran.

lg

Geändert von MrsTrombone (22.10.2013 um 15:19 Uhr)

Alt 22.10.2013, 15:54   #2
schrauber
/// the machine
/// TB-Ausbilder
 

ZeroAcess-Infektion? - Standard

ZeroAcess-Infektion?



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 22.10.2013, 16:22   #3
MrsTrombone
 
ZeroAcess-Infektion? - Standard

ZeroAcess-Infektion?



Danke. Ich habs durchgeführt. Hier der Log
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.10.22.06

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
XXX :: XXX [administrator]

22.10.2013 17:09:22
mbar-log-2013-10-22 (17-09-22).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 187844
Time elapsed: 11 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Quintessenz war: Keine Malware gefunden. Dann ist die 16471-Port-Benutzung von svchost.exe normal?
__________________

Alt 23.10.2013, 06:46   #4
schrauber
/// the machine
/// TB-Ausbilder
 

ZeroAcess-Infektion? - Standard

ZeroAcess-Infektion?



Kannst Du mir das Log von MBAM zeigen, wo das drin steht mit dem Port?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.10.2013, 07:47   #5
MrsTrombone
 
ZeroAcess-Infektion? - Standard

ZeroAcess-Infektion?



Code:
ATTFilter
2013/10/23 07:32:00 +0200	XXX	(null)	MESSAGE	Executing scheduled update:  Daily
2013/10/23 07:32:03 +0200	XXX	(null)	ERROR	Scheduled update failed:  I/O error failed with error code 0
2013/10/23 07:32:07 +0200	XXX	(null)	MESSAGE	Starting protection
2013/10/23 07:32:07 +0200	XXX	(null)	MESSAGE	Protection started successfully
2013/10/23 07:32:07 +0200	XXX	(null)	MESSAGE	Starting IP protection
2013/10/23 07:32:12 +0200	XXX	(null)	MESSAGE	IP Protection started successfully
2013/10/23 08:31:22 +0200	XXX	XXX	IP-BLOCK	188.130.177.8 (Type: incoming, Port: 16471, Process: svchost.exe)
2013/10/23 08:43:08 +0200	XXX	XXX	IP-BLOCK	85.234.191.81 (Type: incoming, Port: 16471, Process: svchost.exe)
         
Gestern Abend zu Hause kam die Meldung nicht. Heute in der Uni tauchte sie auf einmal wieder auf..


Alt 23.10.2013, 14:34   #6
schrauber
/// the machine
/// TB-Ausbilder
 

ZeroAcess-Infektion? - Standard

ZeroAcess-Infektion?



Beobachte mal genauer, ob das nur an der Uni kommt....
__________________
--> ZeroAcess-Infektion?

Alt 28.10.2013, 08:59   #7
MrsTrombone
 
ZeroAcess-Infektion? - Standard

ZeroAcess-Infektion?



Ich habe jetzt mal ein paar Tage beobachtet. Die Meldung kommt nur in der Uni. Zu Hause ist die Meldung nicht ein einziges Mal aufgetaucht.

Alt 28.10.2013, 12:51   #8
schrauber
/// the machine
/// TB-Ausbilder
 

ZeroAcess-Infektion? - Standard

ZeroAcess-Infektion?



Uni-Netzwerk
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.10.2013, 12:52   #9
MrsTrombone
 
ZeroAcess-Infektion? - Standard

ZeroAcess-Infektion?



Also brauch ich mir weiter keine Sorgen zu machen?
Vielen lieben Dank für die Hilfe

Alt 28.10.2013, 17:59   #10
schrauber
/// the machine
/// TB-Ausbilder
 

ZeroAcess-Infektion? - Standard

ZeroAcess-Infektion?



Nope
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu ZeroAcess-Infektion?
adblock, authentifizierung, bootmgr, defender, error, excel, farbar, farbar recovery scan tool, fehler, firefox, format, harddisk, hdaudio.sys, helper, home, logfile, neu, norton internet security, port, programm, prozess, security, software, svchost.exe, symantec, system, system32, treiber, usb, usbvideo.sys, windows, wireless



Ähnliche Themen: ZeroAcess-Infektion?


  1. Avast: Infektion: URL:Mal
    Plagegeister aller Art und deren Bekämpfung - 25.09.2014 (15)
  2. Avast: Infektion blockiert , Infektion: URL:Mal (bei Ebay.de)
    Plagegeister aller Art und deren Bekämpfung - 21.05.2014 (3)
  3. Trojaner Infektion?
    Plagegeister aller Art und deren Bekämpfung - 18.02.2014 (15)
  4. Infektion mit SafeSaver
    Log-Analyse und Auswertung - 04.01.2014 (7)
  5. mögliche Infektion
    Netzwerk und Hardware - 18.08.2013 (1)
  6. Seiten Infektion
    Diskussionsforum - 07.04.2013 (3)
  7. Infektion? Was tun?
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (21)
  8. 2x | Infektion? Was tun?
    Mülltonne - 21.03.2013 (1)
  9. Snap.do-Infektion
    Plagegeister aller Art und deren Bekämpfung - 01.03.2013 (7)
  10. W32/Ramnit.A Infektion
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (1)
  11. Rootkit-Infektion
    Log-Analyse und Auswertung - 03.02.2013 (1)
  12. Goingonearth-Infektion
    Plagegeister aller Art und deren Bekämpfung - 25.08.2011 (39)
  13. Vermute Infektion
    Log-Analyse und Auswertung - 11.03.2009 (3)
  14. Hartnäckige Infektion (?)
    Log-Analyse und Auswertung - 02.03.2009 (4)
  15. Spyware infektion
    Log-Analyse und Auswertung - 01.02.2009 (5)
  16. Infektion mit Virtualmonde,
    Mülltonne - 13.12.2008 (2)
  17. Seltsame Infektion...
    Log-Analyse und Auswertung - 18.11.2008 (0)

Zum Thema ZeroAcess-Infektion? - Hallo. Hatte heute eine ZeroAcess-Infektion und habe meinen Rechner neu aufgesetzt. Alle Partitionen vorher formattiert und anschließend Windows 7 neu installiert. Scan mit Norton Internetsecurity (full) und Malwarebyte (fast) zeigt - ZeroAcess-Infektion?...
Archiv
Du betrachtest: ZeroAcess-Infektion? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.