Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Wurm Problem - Worm.Zhelatin

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.08.2010, 13:04   #1
Dumbody
 
Wurm Problem - Worm.Zhelatin - Standard

Wurm Problem - Worm.Zhelatin



Hi,
vorhin habe ich noch gedacht, dass die dauernden Abstürze aller Programme am RAM liegt. Ich habe Antimalware nocheinmal durchlaufen lassen. Das log seht ihr hier:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4465

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.08.2010 13:01:51
mbam-log-2010-08-23 (13-01-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 286051
Laufzeit: 1 Stunde(n), 22 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 296

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
D:\HoN\vid_gl2.dll (Worm.Zhelatin) -> No action taken.
D:\mozilla\js3250.dll (Worm.Zhelatin) -> No action taken.
D:\mozilla\SHIFTDemo\GDFBinary.dll (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\common\call of duty modern warfare 2\UpdateDLLWrapper.dll (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\common\call of duty modern warfare 2\miles\milesEq.flt (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\common\call of duty modern warfare 2\miles\mssds3d.flt (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\common\call of duty modern warfare 2\miles\msseax.flt (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\common\call of duty modern warfare 2\miles\mssmp3.asi (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\common\call of duty modern warfare 2\miles\mssvoice.asi (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\common\champions online\CrypticError.exe (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\hl2.exe (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\bin\datamodel.dll (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\bin\dmserializers.dll (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\bin\mssmp3.asi (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\bin\mssvoice.asi (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\bin\parsifal.dll (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\bin\rdmwin32.dll (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\bin\tier0.dll (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\bin\vaudio_speex.dll (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\bin\vtex.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237313.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237314.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237315.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237316.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237317.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237318.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237511.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237512.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237513.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237514.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237517.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237518.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237521.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237522.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237523.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237525.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237526.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237527.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237528.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237529.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237531.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237532.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237533.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237535.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237536.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237537.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237538.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237539.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237540.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237541.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237542.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237543.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237544.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237545.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237546.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237547.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237548.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237549.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237550.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237551.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237552.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237553.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237554.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237556.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237557.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237558.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237559.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237561.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237562.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237563.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237564.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237565.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237566.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237567.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237568.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237647.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237648.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237649.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237650.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237651.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237652.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237653.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237654.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237655.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237656.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237658.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237659.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237660.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237661.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237662.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237663.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237664.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237665.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237666.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237667.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237668.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237669.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237670.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237671.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237672.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237673.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237674.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237675.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237676.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237677.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237679.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237680.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237681.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237682.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237683.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237684.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237685.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237686.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237688.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237689.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237690.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243332.rbf (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243333.rbf (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243334.rbf (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243349.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243350.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243351.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243352.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243353.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243354.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243355.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243356.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243357.sys (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243644.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243653.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243686.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243687.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243688.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243720.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243729.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244266.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244267.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244333.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244351.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244362.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244363.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244365.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244370.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244373.EXE (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244374.DLL (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244379.DLL (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244386.DLL (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244387.DLL (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244397.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244406.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244410.EXE (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244413.DLL (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244414.DLL (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244417.DLL (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244418.DLL (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244420.DLL (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244434.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244446.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244460.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244461.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244462.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244463.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244464.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244465.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244466.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244467.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244468.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244469.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244470.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244471.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244472.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244473.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244474.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244477.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244488.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244492.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244493.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244494.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244496.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244497.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244500.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244501.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244502.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244503.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244504.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244505.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244506.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244507.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244508.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244509.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244510.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244511.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244512.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244513.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244516.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244519.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244520.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244529.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244544.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244555.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244561.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244563.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244564.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244565.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244566.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244567.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244568.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244569.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244570.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244571.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244572.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244573.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244574.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244575.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244576.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244577.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244578.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244581.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244584.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244585.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244588.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244590.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244643.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244644.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244646.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244647.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244648.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244649.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244652.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244653.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244655.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244656.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244657.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244658.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244659.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244660.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244661.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244664.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244665.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244666.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244667.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244668.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244669.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244670.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244671.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244672.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244673.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244674.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244675.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244678.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244679.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244680.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244682.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244684.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244685.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244686.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244687.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244688.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244689.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244690.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244691.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244692.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244693.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244695.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244727.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244728.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244729.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244741.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244742.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244743.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244744.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244819.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP509\A0246029.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP509\A0246216.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP509\A0246217.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP509\A0246226.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP509\A0246227.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP509\A0246232.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP509\A0246238.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP509\A0246375.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP510\A0246399.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP510\A0246400.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP510\A0246531.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP510\A0246532.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP510\A0246533.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP516\A0247246.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP516\A0247357.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP519\A0252479.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP519\A0252509.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP521\A0264004.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP522\A0264845.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP522\A0267977.dll (Worm.Zhelatin) -> No action taken.
D:\Wc3\World of Warcraft\DivxDecoder.dll (Worm.Zhelatin) -> No action taken.
D:\Wc3\World of Warcraft\WowError.exe (Worm.Zhelatin) -> No action taken.

Ich find den edit button nimmer :P sry
Ich habe alle Dateien gelöscht und Antimalware nocheinmal durchlaufen lassen:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4465

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.08.2010 15:09:20
mbam-log-2010-08-23 (15-09-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (D:\|)
Durchsuchte Objekte: 124487
Laufzeit: 3 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Ich weis aber nicht ob das so richtig ist, da ich mich nicht sehr gut mit solchen Sachen auskenne.

Alt 24.08.2010, 20:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wurm Problem - Worm.Zhelatin - Standard

Wurm Problem - Worm.Zhelatin



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 24.08.2010, 23:44   #3
Dumbody
 
Wurm Problem - Worm.Zhelatin - Standard

Wurm Problem - Worm.Zhelatin



So nach einer halben Stunde am laufen sagt otl zu mir:

OTL: Out of Memory.

Kannst mir jemand sagen was das bedeutet?
__________________

Alt 24.08.2010, 23:46   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wurm Problem - Worm.Zhelatin - Standard

Wurm Problem - Worm.Zhelatin



Probiers so:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.08.2010, 23:56   #5
Dumbody
 
Wurm Problem - Worm.Zhelatin - Standard

Wurm Problem - Worm.Zhelatin



Otl.txt log:

mOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.08.2010 23:47:51 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Maximilian\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,55 Gb Total Space | 34,70 Gb Free Space | 46,54% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 202,40 Gb Free Space | 86,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: THT-MAXI
Current User Name: Maximilian
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\******\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\******\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Norton AntiVirus) -- C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\BHDrvx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symtdi.sys (Symantec Corporation)
DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symfw.sys (Symantec Corporation)
DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symndisv.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.002\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.002\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100820.001\IDSviA64.sys (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 DF 75 27 E7 3E CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.23 15:46:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.08.23 20:22:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.08.14 21:27:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.08.23 15:46:47 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\mozilla\Extensions
[2010.08.23 20:24:56 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\mozilla\Firefox\Profiles\wpm9ipc5.default\extensions
[2010.08.24 23:16:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL (Symantec Corporation)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Maximilian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{df496263-a261-11df-b946-001d602d0ed3}\Shell - "" = AutoRun
O33 - MountPoints2\{df496263-a261-11df-b946-001d602d0ed3}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.24 21:12:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Maximilian\Desktop\OTL.exe
[2010.08.24 13:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.08.24 12:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010.08.24 12:15:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2010.08.23 16:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010.08.23 16:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010.08.23 16:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010.08.23 15:45:01 | 008,408,392 | ---- | C] (Mozilla) -- C:\Users\Maximilian\Firefox Setup 3.6.8.exe
[2010.08.22 20:26:18 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\Diagnostics
[2010.08.22 18:56:33 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\HD Tune Pro
[2010.08.22 18:56:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune Pro
[2010.08.22 17:45:45 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\Malwarebytes
[2010.08.22 17:45:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.08.22 17:45:33 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.08.22 17:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.08.22 17:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.22 15:27:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW
[2010.08.21 18:03:28 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.21 18:03:16 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\Documents\DVDVideoSoft
[2010.08.21 18:03:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.08.21 18:03:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.08.21 17:46:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2010.08.14 21:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2010.08.13 16:14:31 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\Apps
[2010.08.13 16:14:30 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\Deployment
[2010.08.13 16:10:07 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\teamspeak2
[2010.08.13 16:10:00 | 000,034,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\lhacm.acm
[2010.08.13 16:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Teamspeak2_RC2
[2010.08.13 01:20:13 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.08.13 01:20:12 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.08.13 01:20:12 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.08.13 01:19:49 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.08.13 01:19:49 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.08.13 01:19:48 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.08.13 01:19:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.08.13 01:19:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.08.13 01:19:48 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.08.13 01:19:45 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010.08.13 01:19:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.08.13 01:19:43 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.08.12 20:15:31 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\TS3Client
[2010.08.12 00:04:41 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client
[2010.08.09 14:43:36 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010.08.09 14:43:36 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010.08.09 14:43:32 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010.08.09 14:43:31 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010.08.09 13:43:34 | 000,476,720 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtsp64.sys
[2010.08.09 13:43:34 | 000,402,992 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymEFA64.sys
[2010.08.09 13:43:34 | 000,278,576 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symtdi.sys
[2010.08.09 13:43:34 | 000,120,880 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symfw.sys
[2010.08.09 13:43:34 | 000,056,880 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symndisv.sys
[2010.08.09 13:43:34 | 000,044,080 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symndis.sys
[2010.08.09 13:43:34 | 000,043,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symids.sys
[2010.08.09 13:43:34 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtspx64.sys
[2010.08.09 13:43:33 | 000,334,384 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\BHDrvx64.sys
[2010.08.09 13:43:21 | 000,583,296 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\cchpx64.sys
[2010.08.09 13:43:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1008000.029
[2010.08.08 22:43:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010.08.08 13:34:24 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\Macromedia
[2010.08.08 13:34:24 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\Adobe
[2010.08.08 13:34:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010.08.08 13:19:04 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\Documents\Symantec
[2010.08.08 13:18:22 | 000,031,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymIMV.sys
[2010.08.08 13:18:18 | 000,172,592 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010.08.08 13:18:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2010.08.08 13:18:18 | 000,000,000 | ---D | C] -- C:\Programme\Symantec
[2010.08.08 13:17:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
[2010.08.08 13:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010.08.08 13:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
[2010.08.08 13:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.08.08 13:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.08.08 13:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010.08.08 13:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec Temporary Files
[2010.08.08 12:00:40 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\Apple Computer
[2010.08.08 12:00:39 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\Apple Computer
[2010.08.08 12:00:14 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010.08.08 12:00:14 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010.08.08 12:00:14 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010.08.08 12:00:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010.08.08 11:59:59 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.08.08 11:59:58 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.08.08 11:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.08.08 11:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010.08.08 11:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.08.08 11:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.08.08 11:58:33 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\Apple
[2010.08.08 11:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010.08.08 11:58:19 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2010.08.08 11:58:06 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.08.08 11:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.08.08 11:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.08.08 11:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010.08.07 23:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.08.07 23:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010.08.07 22:51:47 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.08.07 22:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.08.07 22:34:02 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies
[2010.08.07 22:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2010.08.07 22:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010.08.07 22:32:40 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2010.08.07 22:28:12 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\Mozilla
[2010.08.07 22:28:12 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\Mozilla
[2010.08.07 22:28:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.08.07 22:09:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010.08.07 22:07:31 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.08.07 22:07:31 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.08.07 22:07:31 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.08.07 22:07:31 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.08.07 22:07:31 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.08.07 22:07:31 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.08.07 22:07:31 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.08.07 22:07:30 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.08.07 22:07:09 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.08.07 21:56:04 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\ATI
[2010.08.07 21:56:04 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\ATI
[2010.08.07 21:40:35 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.08.07 21:40:33 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.08.07 21:40:32 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010.08.07 21:40:32 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010.08.07 21:40:31 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.08.07 21:40:31 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.08.07 21:40:21 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.08.07 21:40:21 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010.08.07 21:40:16 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010.08.07 21:40:13 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.08.07 21:40:13 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010.08.07 21:40:12 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010.08.07 21:40:07 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.08.07 21:40:07 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.08.07 21:40:07 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.08.07 21:40:07 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.08.07 21:40:07 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.08.07 21:40:07 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.08.07 21:40:07 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.08.07 21:40:07 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.08.07 21:40:07 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.08.07 21:40:07 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.08.07 21:40:07 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.08.07 21:40:07 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.08.07 21:40:06 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.08.07 21:40:06 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.08.07 21:40:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.08.07 21:40:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.08.07 21:39:59 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010.08.07 21:39:59 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.08.07 21:39:59 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.08.07 21:39:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010.08.07 21:39:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010.08.07 21:39:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010.08.07 21:39:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010.08.07 21:39:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010.08.07 21:38:58 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.08.07 21:38:54 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.08.07 21:38:54 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.08.07 21:38:53 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.08.07 21:38:52 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010.08.07 21:38:52 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.08.07 21:38:52 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.08.07 21:38:52 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.08.07 21:38:51 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010.08.07 21:38:51 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.08.07 21:38:47 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.08.07 21:38:47 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.08.07 21:38:46 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010.08.07 21:38:46 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.08.07 21:38:39 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.08.07 21:38:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.08.07 21:38:32 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010.08.07 21:38:29 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010.08.07 21:38:25 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.08.07 21:38:24 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.08.07 21:38:24 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010.08.07 21:38:24 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010.08.07 21:38:24 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.08.07 21:38:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.08.07 21:38:17 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.08.07 21:38:17 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2010.08.07 21:22:28 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.08.07 21:20:34 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010.08.07 21:20:34 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010.08.07 21:20:33 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010.08.07 21:20:33 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010.08.07 21:15:08 | 000,000,000 | ---D | C] -- C:\Windows.old
[2010.08.07 20:52:46 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Searches
[2010.08.07 20:52:37 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\Identities
[2010.08.07 20:52:35 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Contacts
[2010.08.07 20:52:34 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\VirtualStore
[2010.08.07 20:52:28 | 000,000,000 | --SD | C] -- C:\Users\Maximilian\AppData\Roaming\Microsoft
[2010.08.07 20:52:28 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Videos
[2010.08.07 20:52:28 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Saved Games
[2010.08.07 20:52:28 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Pictures
[2010.08.07 20:52:28 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Music
[2010.08.07 20:52:28 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Links
[2010.08.07 20:52:28 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Favorites
[2010.08.07 20:52:28 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Downloads
[2010.08.07 20:52:28 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Documents
[2010.08.07 20:52:28 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Desktop
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Vorlagen
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\AppData\Local\Verlauf
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\AppData\Local\Temporary Internet Files
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Startmenü
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\SendTo
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Recent
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Netzwerkumgebung
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Lokale Einstellungen
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Documents\Eigene Videos
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Documents\Eigene Musik
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Eigene Dateien
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Documents\Eigene Bilder
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Druckumgebung
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Cookies
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\AppData\Local\Anwendungsdaten
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Anwendungsdaten
[2010.08.07 20:52:28 | 000,000,000 | -H-D | C] -- C:\Users\Maximilian\AppData
[2010.08.07 20:52:28 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\Temp
[2010.08.07 20:52:28 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\Microsoft
[2010.08.07 20:52:28 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\Media Center Programs
[2010.08.07 20:52:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.08.07 20:52:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.08.07 20:52:16 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.08.07 20:52:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.08.07 20:52:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.08.07 20:52:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.08.07 20:52:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.08.07 20:52:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.08.07 20:52:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.08.07 20:26:30 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.08.07 20:23:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.08.07 20:23:34 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.08.07 20:17:04 | 000,000,000 | -HSD | C] -- C:\Boot
[2010.08.07 19:47:38 | 000,000,000 | ---D | C] -- C:\ATI
[2010.08.07 19:43:09 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.08.07 19:43:09 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.08.07 19:43:09 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.08.07 19:18:00 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.24 23:48:00 | 000,021,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.24 23:48:00 | 000,021,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.24 23:40:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.24 23:40:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.24 23:40:25 | 474,536,869 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.24 23:40:23 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.24 23:38:43 | 001,048,576 | -HS- | M] () -- C:\Users\Maximilian\ntuser.dat
[2010.08.24 23:21:58 | 001,132,046 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\Cat.DB
[2010.08.24 22:57:53 | 004,089,429 | -H-- | M] () -- C:\Users\Maximilian\AppData\Local\IconCache.db
[2010.08.24 21:12:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maximilian\Desktop\OTL.exe
[2010.08.24 13:33:45 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010.08.24 12:15:52 | 000,001,291 | ---- | M] () -- C:\Users\Maximilian\Desktop\World of Warcraft-Installationsprogramm.lnk
[2010.08.23 21:44:14 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.23 21:44:14 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.23 21:44:14 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.23 21:44:14 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.23 21:44:14 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.23 19:13:52 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.08.23 19:13:51 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010.08.23 15:46:17 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.23 15:45:15 | 008,408,392 | ---- | M] (Mozilla) -- C:\Users\Maximilian\Firefox Setup 3.6.8.exe
[2010.08.22 19:05:38 | 000,007,606 | ---- | M] () -- C:\Users\Maximilian\AppData\Local\Resmon.ResmonCfg
[2010.08.22 18:56:10 | 000,000,963 | ---- | M] () -- C:\Users\Maximilian\Desktop\HD Tune Pro.lnk
[2010.08.22 17:45:37 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.22 15:27:03 | 000,000,935 | ---- | M] () -- C:\Users\Maximilian\Desktop\SIW.lnk
[2010.08.21 18:11:53 | 000,000,059 | ---- | M] () -- C:\Windows\DelToolbox.bat
[2010.08.21 18:03:23 | 000,001,239 | ---- | M] () -- C:\Users\Maximilian\Desktop\DVDVideoSoft Free Studio.lnk
[2010.08.14 21:27:17 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.08.13 16:15:24 | 000,000,000 | ---- | M] () -- C:\Users\Maximilian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010.08.13 16:10:00 | 000,034,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\lhacm.acm
[2010.08.13 16:09:58 | 000,000,978 | ---- | M] () -- C:\Users\Maximilian\Desktop\Teamspeak 2 RC2.lnk
[2010.08.13 10:49:53 | 000,289,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.08.12 00:04:43 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.08.09 18:23:51 | 000,002,385 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010.08.09 13:43:36 | 000,172,592 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010.08.09 13:43:36 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010.08.09 13:43:36 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010.08.09 13:43:21 | 000,583,296 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\cchpx64.sys
[2010.08.09 13:43:19 | 000,009,412 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symnetv.cat
[2010.08.09 13:43:19 | 000,001,481 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymNetV.inf
[2010.08.09 13:43:19 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\isolate.ini
[2010.08.08 12:00:30 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.08.08 11:58:52 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.08.08 11:53:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.08.08 11:23:22 | 000,062,952 | ---- | M] () -- C:\Users\Maximilian\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.07 23:08:54 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.08.07 21:24:43 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010.08.07 21:23:28 | 000,524,288 | -HS- | M] () -- C:\Users\Maximilian\ntuser.dat{b358bdb9-a257-11df-b004-001d602d0ed3}.TMContainer00000000000000000002.regtrans-ms
[2010.08.07 21:23:28 | 000,065,536 | -HS- | M] () -- C:\Users\Maximilian\ntuser.dat{b358bdb9-a257-11df-b004-001d602d0ed3}.TM.blf
[2010.08.07 21:23:27 | 000,524,288 | -HS- | M] () -- C:\Users\Maximilian\ntuser.dat{b358bdb9-a257-11df-b004-001d602d0ed3}.TMContainer00000000000000000001.regtrans-ms
[2010.08.07 21:22:16 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010.08.07 21:00:31 | 000,524,288 | -HS- | M] () -- C:\Users\Maximilian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.08.07 21:00:31 | 000,524,288 | -HS- | M] () -- C:\Users\Maximilian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.08.07 21:00:31 | 000,065,536 | -HS- | M] () -- C:\Users\******\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.08.07 20:52:28 | 000,000,020 | -HS- | M] () -- C:\Users\******\ntuser.ini
[2010.08.07 20:28:12 | 000,054,699 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010.08.07 20:28:12 | 000,054,699 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010.08.07 20:25:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.07.29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
 
========== Files Created - No Company Name ==========
 
[2010.08.24 19:17:07 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.08.24 19:17:07 | 000,000,000 | ---- | C] () -- C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010.08.24 12:17:01 | 000,000,719 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010.08.24 12:15:52 | 000,001,291 | ---- | C] () -- C:\Users\*********\Desktop\World of Warcraft-Installationsprogramm.lnk
[2010.08.23 16:04:40 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010.08.23 15:46:17 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.22 18:56:10 | 000,000,963 | ---- | C] () -- C:\Users\*******\Desktop\HD Tune Pro.lnk
[2010.08.22 17:45:37 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.22 15:27:03 | 000,000,935 | ---- | C] () -- C:\Users\*******\Desktop\SIW.lnk
[2010.08.21 18:11:53 | 000,000,059 | ---- | C] () -- C:\Windows\DelToolbox.bat
[2010.08.21 18:03:17 | 000,001,239 | ---- | C] () -- C:\Users\*******\Desktop\DVDVideoSoft Free Studio.lnk
[2010.08.14 21:27:17 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.08.13 16:09:58 | 000,000,978 | ---- | C] () -- C:\Users\******\Desktop\Teamspeak 2 RC2.lnk
[2010.08.12 00:04:43 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.08.09 18:24:03 | 001,132,046 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\Cat.DB
[2010.08.09 13:43:34 | 000,009,415 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymNet.cat
[2010.08.09 13:43:34 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtsp64.cat
[2010.08.09 13:43:34 | 000,007,401 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtspx64.cat
[2010.08.09 13:43:34 | 000,007,399 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymEFA64.cat
[2010.08.09 13:43:34 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymEFA.inf
[2010.08.09 13:43:34 | 000,001,480 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymNet.inf
[2010.08.09 13:43:34 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtsp64.inf
[2010.08.09 13:43:34 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtspx64.inf
[2010.08.09 13:43:33 | 000,007,362 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\BHDrvx64.CAT
[2010.08.09 13:43:33 | 000,007,345 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\ccHPx64.cat
[2010.08.09 13:43:33 | 000,001,836 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\ccHPx64.inf
[2010.08.09 13:43:33 | 000,000,640 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\BHDrvx64.inf
[2010.08.09 13:43:19 | 000,009,412 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symnetv.cat
[2010.08.09 13:43:19 | 000,001,481 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymNetV.inf
[2010.08.09 13:43:19 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\isolate.ini
[2010.08.08 13:18:18 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010.08.08 13:18:18 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010.08.08 13:18:12 | 000,002,385 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010.08.08 12:49:31 | 000,007,606 | ---- | C] () -- C:\Users\******\AppData\Local\Resmon.ResmonCfg
[2010.08.08 12:00:30 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.08.08 11:58:52 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.08.08 11:53:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.08.07 23:08:54 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.08.07 21:24:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.08.07 21:18:20 | 000,524,288 | -HS- | C] () -- C:\Users\*******\ntuser.dat{b358bdb9-a257-11df-b004-001d602d0ed3}.TMContainer00000000000000000002.regtrans-ms
[2010.08.07 21:18:20 | 000,524,288 | -HS- | C] () -- C:\Users\********\ntuser.dat{b358bdb9-a257-11df-b004-001d602d0ed3}.TMContainer00000000000000000001.regtrans-ms
[2010.08.07 21:18:20 | 000,065,536 | -HS- | C] () -- C:\Users\*******\ntuser.dat{b358bdb9-a257-11df-b004-001d602d0ed3}.TM.blf
[2010.08.07 20:52:28 | 001,048,576 | -HS- | C] () -- C:\Users\*****\ntuser.dat
[2010.08.07 20:52:28 | 000,524,288 | -HS- | C] () -- C:\Users\*******\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.08.07 20:52:28 | 000,524,288 | -HS- | C] () -- C:\Users\******\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.08.07 20:52:28 | 000,262,144 | -HS- | C] () -- C:\Users\******\ntuser.dat.LOG1
[2010.08.07 20:52:28 | 000,065,536 | -HS- | C] () -- C:\Users\*******\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.08.07 20:52:28 | 000,000,020 | -HS- | C] () -- C:\Users\******\ntuser.ini
[2010.08.07 20:52:28 | 000,000,000 | -HS- | C] () -- C:\Users\******\ntuser.dat.LOG2
[2010.08.07 20:25:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.08.07 20:23:14 | 474,536,869 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.08.07 20:17:06 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010.08.07 20:17:04 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010.08.07 19:18:00 | 2616,057,856 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
         
--- --- ---


Alt 24.08.2010, 23:57   #6
Dumbody
 
Wurm Problem - Worm.Zhelatin - Standard

Wurm Problem - Worm.Zhelatin



Extras.txt log:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.08.2010 23:47:51 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Maximilian\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,55 Gb Total Space | 34,70 Gb Free Space | 46,54% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 202,40 Gb Free Space | 86,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: THT-MAXI
Current User Name: Maximilian
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{B93D47B2-0862-E2E6-8115-B5DAF7AE3C01}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{5662D815-DB58-5082-315B-0326B37EB7CB}" = CCC Help English
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8C65C65C-530F-B2DB-BBD7-AF554ABEBBA1}" = Catalyst Control Center Graphics Previews Common
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D69D4AE5-717C-5E56-A56F-542EF5F6A84C}" = Catalyst Control Center Graphics Previews Vista
"{DB837E02-82D0-3888-6DEC-D29587CCDC2F}" = ccc-core-static
"{F86B6849-38E0-7818-F21E-6DC637932076}" = Catalyst Control Center InstallProxy
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"HD Tune Pro_is1" = HD Tune Pro 4.50
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"NAV" = Norton AntiVirus
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"World of Warcraft" = World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.08.2010 09:25:52 | Computer Name = tht-maxi | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1614809495-QkxaMDAwMkY2SkpEMUNBQjJDMjA3ODBEZkE2a0E2REQ=._bzdn._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 23.08.2010 09:54:00 | Computer Name = tht-maxi | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1614809495-QkxaMDAwMkY2SkpEMUNBQjJDMjA3ODBEZkE2a0E2REQ=._bzdn._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 23.08.2010 14:28:00 | Computer Name = tht-maxi | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1614809495-QkxaMDAwMkY2SkpEMUNBQjJDMjA3ODBEZkE2a0E2REQ=._bzdn._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 24.08.2010 07:26:25 | Computer Name = tht-maxi | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(E2D59B3D503512C5F022BLZ0001F6JJD1CAB2C20780D`850CA\032._bzdn._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 24.08.2010 07:47:19 | Computer Name = tht-maxi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5be07e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000016d11
ID
 des fehlerhaften Prozesses: 0x384  Startzeit der fehlerhaften Anwendung: 0x01cb436cef116b59
Pfad
 der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: 595103d5-af75-11df-8743-001d602d0ed3
 
Error - 24.08.2010 07:54:13 | Computer Name = tht-maxi | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1996032853-QkxaMDAwMkY2SkpEMUNBQjJDMjA3ODBERTMqQTNCQTg=._bzdn._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 24.08.2010 08:41:22 | Computer Name = tht-maxi | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1502087261-QkxaMDAwMkY2SkpEMUNBQjJDMjA3ODBERTdDNTkzW0Iz._bzdn._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 24.08.2010 08:45:42 | Computer Name = tht-maxi | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1747257897-QkxaMDAwMkY2SkpEMUNBQjJDMjA3ODBEMUEpMDQ4MTk=._bzdn._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 24.08.2010 08:52:12 | Computer Name = tht-maxi | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1502087223-QkxaMDAwMkY2SkpEMUNBQjJDMjA3ODBEOEVEQyVBQ0FB._bzdn._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 24.08.2010 17:38:12 | Computer Name = tht-maxi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OTL.exe, Version: 3.2.10.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x31f3e0a1  ID des fehlerhaften Prozesses:
 0xe88  Startzeit der fehlerhaften Anwendung: 0x01cb43d2091a56ac  Pfad der fehlerhaften
 Anwendung: C:\Users\Maximilian\Desktop\OTL.exe  Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
 e4bdfbbc-afc7-11df-bda3-001d602d0ed3
 
[ System Events ]
Error - 24.08.2010 07:47:49 | Computer Name = tht-maxi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Zugriff auf Eingabegeräte" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 24.08.2010 07:47:49 | Computer Name = tht-maxi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Netzwerkverbindungen" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 24.08.2010 07:47:49 | Computer Name = tht-maxi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Programmkompatibilitäts-Assistent-Dienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 24.08.2010 07:47:49 | Computer Name = tht-maxi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 24.08.2010 07:47:49 | Computer Name = tht-maxi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Überwachung verteilter Verknüpfungen (Client)" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 24.08.2010 07:47:49 | Computer Name = tht-maxi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Sitzungs-Manager für Desktopfenster-Manager" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 24.08.2010 07:47:49 | Computer Name = tht-maxi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Enumeratordienst für tragbare Geräte" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 24.08.2010 07:47:49 | Computer Name = tht-maxi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework"
 wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
 werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 24.08.2010 17:40:30 | Computer Name = tht-maxi | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?08.?2010 um 23:38:48 unerwartet heruntergefahren.
 
Error - 24.08.2010 17:40:38 | Computer Name = tht-maxi | Source = BugCheck | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---

Alt 25.08.2010, 11:47   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wurm Problem - Worm.Zhelatin - Standard

Wurm Problem - Worm.Zhelatin



memtest86 - buffed.de Community Foren

Was soll das Crossposting
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.08.2010, 12:02   #8
Dumbody
 
Wurm Problem - Worm.Zhelatin - Standard

Wurm Problem - Worm.Zhelatin



In dem Thema gings ja anfangs um was ganz anderes^^ Sry wenn das trozdem falsch war. Ich werde natürlich sofort schreiben, dass das Problem hier weiter behandelt wird^^

Geändert von Dumbody (25.08.2010 um 12:16 Uhr)

Alt 10.09.2010, 14:04   #9
Dumbody
 
Wurm Problem - Worm.Zhelatin - Standard

Wurm Problem - Worm.Zhelatin



Danke für die weiter Hilfe... omg

Antwort

Themen zu Wurm Problem - Worm.Zhelatin
.dll, anti-malware, antimalware, bösartige, call of duty, champions, common, dateien, dateien gelöscht, explorer, folge, folgendes, information, minute, mozilla, online, problem, restore, steam, system, system volume information, version, volume, world, world of warcraft, worm.zhelatin, wurm, _restore



Ähnliche Themen: Wurm Problem - Worm.Zhelatin


  1. worm.Zhelatin in C:\Windows\System32\fsvk.exe.exe
    Plagegeister aller Art und deren Bekämpfung - 26.10.2015 (16)
  2. Bin ich vom Zorro Wurm (Zorro.Worm) bzw. von canibal.exe betroffen? (Z-Dateien und unbekante Konten "S-1-5-2...) auf meinem PC
    Alles rund um Windows - 24.07.2015 (17)
  3. Worm.Zhelatin in C:\Windows\System32\fsvk.exe.exe
    Log-Analyse und Auswertung - 13.12.2014 (9)
  4. worm.Zhelatin in C:\Windows\System32\fsvk.exe.exe
    Plagegeister aller Art und deren Bekämpfung - 12.06.2014 (3)
  5. Wurm W32/blaster.worm
    Plagegeister aller Art und deren Bekämpfung - 14.07.2011 (5)
  6. Wurm WORM/Agent.XO in lsass.exe gefunden
    Log-Analyse und Auswertung - 16.02.2010 (17)
  7. Wurm = Net-Worm.Koobface.ze
    Plagegeister aller Art und deren Bekämpfung - 06.07.2009 (0)
  8. Wurm Worm.Win32.AutoRun.vmq oder TR/Dldr.Agent.jag
    Plagegeister aller Art und deren Bekämpfung - 21.01.2009 (0)
  9. Worm-Wurm Problem
    Alles rund um Windows - 17.03.2008 (0)
  10. Sprechender Wurm + CiD problem
    Log-Analyse und Auswertung - 22.02.2008 (6)
  11. Wurm Worm/vb.CSP am USB-Stick
    Plagegeister aller Art und deren Bekämpfung - 08.12.2007 (0)
  12. Hier der log eintrag für meinen Wurm Win32.Worm.P2P.PUCE.G
    Mülltonne - 10.11.2007 (0)
  13. EMail-Worm.Win32.Zhelatin.al via icq bekommen
    Plagegeister aller Art und deren Bekämpfung - 10.03.2007 (6)
  14. Hilfe Wurm Win32.Worm.P2P.Backterra.D
    Log-Analyse und Auswertung - 20.02.2006 (7)
  15. Trojaner TR/Dldr.IstBar.A und Wurm Worm/Rbot.SZ.3
    Log-Analyse und Auswertung - 05.12.2004 (2)
  16. Wurm "I-Worm.LoveLetter"
    Plagegeister aller Art und deren Bekämpfung - 05.12.2004 (1)
  17. PLZ Help Wurm "I-Worm.LoveLetter"
    Log-Analyse und Auswertung - 05.12.2004 (3)

Zum Thema Wurm Problem - Worm.Zhelatin - Hi, vorhin habe ich noch gedacht, dass die dauernden Abstürze aller Programme am RAM liegt. Ich habe Antimalware nocheinmal durchlaufen lassen. Das log seht ihr hier: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org - Wurm Problem - Worm.Zhelatin...
Archiv
Du betrachtest: Wurm Problem - Worm.Zhelatin auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.