Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Wurm Problem - Worm.Zhelatin (https://www.trojaner-board.de/89854-wurm-problem-worm-zhelatin.html)

Dumbody 23.08.2010 12:04
Wurm Problem - Worm.Zhelatin
 
Hi,
vorhin habe ich noch gedacht, dass die dauernden Abstürze aller Programme am RAM liegt. Ich habe Antimalware nocheinmal durchlaufen lassen. Das log seht ihr hier:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4465

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.08.2010 13:01:51
mbam-log-2010-08-23 (13-01-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 286051
Laufzeit: 1 Stunde(n), 22 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 296

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
D:\HoN\vid_gl2.dll (Worm.Zhelatin) -> No action taken.
D:\mozilla\js3250.dll (Worm.Zhelatin) -> No action taken.
D:\mozilla\SHIFTDemo\GDFBinary.dll (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\common\call of duty modern warfare 2\UpdateDLLWrapper.dll (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\common\call of duty modern warfare 2\miles\milesEq.flt (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\common\call of duty modern warfare 2\miles\mssds3d.flt (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\common\call of duty modern warfare 2\miles\msseax.flt (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\common\call of duty modern warfare 2\miles\mssmp3.asi (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\common\call of duty modern warfare 2\miles\mssvoice.asi (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\common\champions online\CrypticError.exe (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\hl2.exe (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\bin\datamodel.dll (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\bin\dmserializers.dll (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\bin\mssmp3.asi (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\bin\mssvoice.asi (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\bin\parsifal.dll (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\bin\rdmwin32.dll (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\bin\tier0.dll (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\bin\vaudio_speex.dll (Worm.Zhelatin) -> No action taken.
D:\Steam\SteamApps\dumbody\portal\bin\vtex.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237313.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237314.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237315.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237316.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237317.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237318.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237511.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237512.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237513.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237514.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237517.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237518.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237521.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237522.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237523.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237525.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237526.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237527.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237528.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237529.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237531.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237532.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237533.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237535.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237536.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237537.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237538.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237539.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237540.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237541.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237542.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237543.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237544.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237545.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237546.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237547.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237548.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237549.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237550.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237551.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237552.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237553.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237554.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237556.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237557.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237558.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237559.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237561.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237562.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237563.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237564.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237565.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237566.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237567.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP492\A0237568.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237647.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237648.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237649.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237650.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237651.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237652.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237653.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237654.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237655.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237656.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237658.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237659.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237660.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237661.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237662.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237663.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237664.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237665.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237666.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237667.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237668.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237669.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237670.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237671.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237672.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237673.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237674.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237675.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237676.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237677.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237679.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237680.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237681.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237682.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237683.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237684.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237685.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237686.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237688.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237689.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP493\A0237690.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243332.rbf (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243333.rbf (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243334.rbf (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243349.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243350.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243351.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243352.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243353.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243354.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243355.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243356.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243357.sys (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243644.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243653.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243686.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243687.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243688.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243720.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0243729.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244266.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244267.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244333.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244351.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244362.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244363.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244365.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244370.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244373.EXE (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244374.DLL (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244379.DLL (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244386.DLL (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244387.DLL (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244397.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244406.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244410.EXE (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244413.DLL (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244414.DLL (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244417.DLL (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244418.DLL (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244420.DLL (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244434.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP502\A0244446.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244460.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244461.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244462.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244463.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244464.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244465.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244466.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244467.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244468.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244469.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244470.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244471.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244472.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244473.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244474.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244477.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244488.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244492.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244493.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244494.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244496.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244497.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244500.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244501.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244502.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244503.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244504.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244505.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244506.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244507.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244508.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244509.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244510.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244511.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244512.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244513.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244516.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244519.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244520.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244529.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244544.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244555.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244561.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244563.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244564.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244565.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244566.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244567.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244568.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244569.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244570.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244571.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244572.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244573.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244574.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244575.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244576.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244577.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244578.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244581.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244584.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244585.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244588.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP503\A0244590.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244643.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244644.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244646.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244647.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244648.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244649.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244652.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244653.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244655.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244656.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244657.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244658.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244659.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244660.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244661.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244664.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244665.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244666.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244667.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244668.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244669.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244670.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244671.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244672.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244673.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244674.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244675.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244678.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244679.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244680.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244682.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244684.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244685.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244686.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244687.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244688.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244689.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244690.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244691.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244692.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244693.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244695.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244727.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244728.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244729.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244741.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244742.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244743.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244744.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP505\A0244819.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP509\A0246029.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP509\A0246216.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP509\A0246217.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP509\A0246226.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP509\A0246227.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP509\A0246232.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP509\A0246238.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP509\A0246375.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP510\A0246399.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP510\A0246400.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP510\A0246531.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP510\A0246532.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP510\A0246533.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP516\A0247246.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP516\A0247357.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP519\A0252479.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP519\A0252509.exe (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP521\A0264004.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP522\A0264845.dll (Worm.Zhelatin) -> No action taken.
D:\System Volume Information\_restore{E4515669-5499-4B52-92A9-1C71B8679E5A}\RP522\A0267977.dll (Worm.Zhelatin) -> No action taken.
D:\Wc3\World of Warcraft\DivxDecoder.dll (Worm.Zhelatin) -> No action taken.
D:\Wc3\World of Warcraft\WowError.exe (Worm.Zhelatin) -> No action taken.

Ich find den edit button nimmer :P sry
Ich habe alle Dateien gelöscht und Antimalware nocheinmal durchlaufen lassen:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4465

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.08.2010 15:09:20
mbam-log-2010-08-23 (15-09-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (D:\|)
Durchsuchte Objekte: 124487
Laufzeit: 3 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Ich weis aber nicht ob das so richtig ist, da ich mich nicht sehr gut mit solchen Sachen auskenne.

cosinus 24.08.2010 19:48
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Dumbody 24.08.2010 22:44
So nach einer halben Stunde am laufen sagt otl zu mir:

OTL: Out of Memory.

Kannst mir jemand sagen was das bedeutet?

cosinus 24.08.2010 22:46
Probiers so:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Dumbody 24.08.2010 22:56
Otl.txt log:

mOTL Logfile:
Code:
OTL logfile created on: 24.08.2010 23:47:51 - Run 1
OTL by OldTimer - Version 3.2.10.0    Folder = C:\Users\Maximilian\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,55 Gb Total Space | 34,70 Gb Free Space | 46,54% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 202,40 Gb Free Space | 86,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: THT-MAXI
Current User Name: Maximilian
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\******\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\******\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Norton AntiVirus) -- C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\BHDrvx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symtdi.sys (Symantec Corporation)
DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symfw.sys (Symantec Corporation)
DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symndisv.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.002\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.002\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100820.001\IDSviA64.sys (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 DF 75 27 E7 3E CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.23 15:46:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.08.23 20:22:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.08.14 21:27:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.08.23 15:46:47 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\mozilla\Extensions
[2010.08.23 20:24:56 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\mozilla\Firefox\Profiles\wpm9ipc5.default\extensions
[2010.08.24 23:16:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL (Symantec Corporation)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Maximilian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{df496263-a261-11df-b946-001d602d0ed3}\Shell - "" = AutoRun
O33 - MountPoints2\{df496263-a261-11df-b946-001d602d0ed3}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.24 21:12:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Maximilian\Desktop\OTL.exe
[2010.08.24 13:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.08.24 12:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010.08.24 12:15:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2010.08.23 16:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010.08.23 16:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010.08.23 16:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010.08.23 15:45:01 | 008,408,392 | ---- | C] (Mozilla) -- C:\Users\Maximilian\Firefox Setup 3.6.8.exe
[2010.08.22 20:26:18 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\Diagnostics
[2010.08.22 18:56:33 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\HD Tune Pro
[2010.08.22 18:56:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune Pro
[2010.08.22 17:45:45 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\Malwarebytes
[2010.08.22 17:45:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.08.22 17:45:33 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.08.22 17:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.08.22 17:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.22 15:27:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW
[2010.08.21 18:03:28 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.21 18:03:16 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\Documents\DVDVideoSoft
[2010.08.21 18:03:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.08.21 18:03:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.08.21 17:46:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2010.08.14 21:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2010.08.13 16:14:31 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\Apps
[2010.08.13 16:14:30 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\Deployment
[2010.08.13 16:10:07 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\teamspeak2
[2010.08.13 16:10:00 | 000,034,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\lhacm.acm
[2010.08.13 16:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Teamspeak2_RC2
[2010.08.13 01:20:13 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.08.13 01:20:12 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.08.13 01:20:12 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.08.13 01:19:49 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.08.13 01:19:49 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.08.13 01:19:48 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.08.13 01:19:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.08.13 01:19:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.08.13 01:19:48 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.08.13 01:19:45 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010.08.13 01:19:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.08.13 01:19:43 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.08.12 20:15:31 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\TS3Client
[2010.08.12 00:04:41 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client
[2010.08.09 14:43:36 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010.08.09 14:43:36 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010.08.09 14:43:32 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010.08.09 14:43:31 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010.08.09 13:43:34 | 000,476,720 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtsp64.sys
[2010.08.09 13:43:34 | 000,402,992 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymEFA64.sys
[2010.08.09 13:43:34 | 000,278,576 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symtdi.sys
[2010.08.09 13:43:34 | 000,120,880 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symfw.sys
[2010.08.09 13:43:34 | 000,056,880 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symndisv.sys
[2010.08.09 13:43:34 | 000,044,080 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symndis.sys
[2010.08.09 13:43:34 | 000,043,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symids.sys
[2010.08.09 13:43:34 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtspx64.sys
[2010.08.09 13:43:33 | 000,334,384 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\BHDrvx64.sys
[2010.08.09 13:43:21 | 000,583,296 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\cchpx64.sys
[2010.08.09 13:43:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1008000.029
[2010.08.08 22:43:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010.08.08 13:34:24 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\Macromedia
[2010.08.08 13:34:24 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\Adobe
[2010.08.08 13:34:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010.08.08 13:19:04 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\Documents\Symantec
[2010.08.08 13:18:22 | 000,031,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymIMV.sys
[2010.08.08 13:18:18 | 000,172,592 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010.08.08 13:18:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2010.08.08 13:18:18 | 000,000,000 | ---D | C] -- C:\Programme\Symantec
[2010.08.08 13:17:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
[2010.08.08 13:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010.08.08 13:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
[2010.08.08 13:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.08.08 13:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.08.08 13:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010.08.08 13:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec Temporary Files
[2010.08.08 12:00:40 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\Apple Computer
[2010.08.08 12:00:39 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\Apple Computer
[2010.08.08 12:00:14 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010.08.08 12:00:14 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010.08.08 12:00:14 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010.08.08 12:00:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010.08.08 11:59:59 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.08.08 11:59:58 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.08.08 11:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.08.08 11:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010.08.08 11:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.08.08 11:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.08.08 11:58:33 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\Apple
[2010.08.08 11:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010.08.08 11:58:19 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2010.08.08 11:58:06 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.08.08 11:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.08.08 11:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.08.08 11:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010.08.07 23:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.08.07 23:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010.08.07 22:51:47 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.08.07 22:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.08.07 22:34:02 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies
[2010.08.07 22:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2010.08.07 22:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010.08.07 22:32:40 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2010.08.07 22:28:12 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\Mozilla
[2010.08.07 22:28:12 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\Mozilla
[2010.08.07 22:28:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.08.07 22:09:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010.08.07 22:07:31 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.08.07 22:07:31 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.08.07 22:07:31 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.08.07 22:07:31 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.08.07 22:07:31 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.08.07 22:07:31 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.08.07 22:07:31 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.08.07 22:07:30 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.08.07 22:07:09 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.08.07 21:56:04 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\ATI
[2010.08.07 21:56:04 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\ATI
[2010.08.07 21:40:35 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.08.07 21:40:33 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.08.07 21:40:32 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010.08.07 21:40:32 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010.08.07 21:40:31 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.08.07 21:40:31 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.08.07 21:40:21 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.08.07 21:40:21 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010.08.07 21:40:16 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010.08.07 21:40:13 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.08.07 21:40:13 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010.08.07 21:40:12 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010.08.07 21:40:07 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.08.07 21:40:07 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.08.07 21:40:07 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.08.07 21:40:07 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.08.07 21:40:07 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.08.07 21:40:07 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.08.07 21:40:07 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.08.07 21:40:07 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.08.07 21:40:07 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.08.07 21:40:07 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.08.07 21:40:07 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.08.07 21:40:07 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.08.07 21:40:06 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.08.07 21:40:06 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.08.07 21:40:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.08.07 21:40:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.08.07 21:39:59 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010.08.07 21:39:59 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.08.07 21:39:59 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.08.07 21:39:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010.08.07 21:39:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010.08.07 21:39:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010.08.07 21:39:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010.08.07 21:39:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010.08.07 21:38:58 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.08.07 21:38:54 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.08.07 21:38:54 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.08.07 21:38:53 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.08.07 21:38:52 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010.08.07 21:38:52 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.08.07 21:38:52 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.08.07 21:38:52 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.08.07 21:38:51 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010.08.07 21:38:51 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.08.07 21:38:47 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.08.07 21:38:47 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.08.07 21:38:46 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010.08.07 21:38:46 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.08.07 21:38:39 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.08.07 21:38:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.08.07 21:38:32 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010.08.07 21:38:29 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010.08.07 21:38:25 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.08.07 21:38:24 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.08.07 21:38:24 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010.08.07 21:38:24 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010.08.07 21:38:24 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.08.07 21:38:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.08.07 21:38:17 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.08.07 21:38:17 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2010.08.07 21:22:28 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.08.07 21:20:34 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010.08.07 21:20:34 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010.08.07 21:20:33 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010.08.07 21:20:33 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010.08.07 21:15:08 | 000,000,000 | ---D | C] -- C:\Windows.old
[2010.08.07 20:52:46 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Searches
[2010.08.07 20:52:37 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\Identities
[2010.08.07 20:52:35 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Contacts
[2010.08.07 20:52:34 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\VirtualStore
[2010.08.07 20:52:28 | 000,000,000 | --SD | C] -- C:\Users\Maximilian\AppData\Roaming\Microsoft
[2010.08.07 20:52:28 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Videos
[2010.08.07 20:52:28 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Saved Games
[2010.08.07 20:52:28 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Pictures
[2010.08.07 20:52:28 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Music
[2010.08.07 20:52:28 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Links
[2010.08.07 20:52:28 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Favorites
[2010.08.07 20:52:28 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Downloads
[2010.08.07 20:52:28 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Documents
[2010.08.07 20:52:28 | 000,000,000 | R--D | C] -- C:\Users\Maximilian\Desktop
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Vorlagen
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\AppData\Local\Verlauf
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\AppData\Local\Temporary Internet Files
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Startmenü
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\SendTo
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Recent
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Netzwerkumgebung
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Lokale Einstellungen
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Documents\Eigene Videos
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Documents\Eigene Musik
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Eigene Dateien
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Documents\Eigene Bilder
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Druckumgebung
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Cookies
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\AppData\Local\Anwendungsdaten
[2010.08.07 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\Maximilian\Anwendungsdaten
[2010.08.07 20:52:28 | 000,000,000 | -H-D | C] -- C:\Users\Maximilian\AppData
[2010.08.07 20:52:28 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\Temp
[2010.08.07 20:52:28 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Local\Microsoft
[2010.08.07 20:52:28 | 000,000,000 | ---D | C] -- C:\Users\Maximilian\AppData\Roaming\Media Center Programs
[2010.08.07 20:52:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.08.07 20:52:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.08.07 20:52:16 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.08.07 20:52:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.08.07 20:52:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.08.07 20:52:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.08.07 20:52:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.08.07 20:52:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.08.07 20:52:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.08.07 20:26:30 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.08.07 20:23:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.08.07 20:23:34 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.08.07 20:17:04 | 000,000,000 | -HSD | C] -- C:\Boot
[2010.08.07 19:47:38 | 000,000,000 | ---D | C] -- C:\ATI
[2010.08.07 19:43:09 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.08.07 19:43:09 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.08.07 19:43:09 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.08.07 19:18:00 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.24 23:48:00 | 000,021,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.24 23:48:00 | 000,021,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.24 23:40:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.24 23:40:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.24 23:40:25 | 474,536,869 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.24 23:40:23 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.24 23:38:43 | 001,048,576 | -HS- | M] () -- C:\Users\Maximilian\ntuser.dat
[2010.08.24 23:21:58 | 001,132,046 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\Cat.DB
[2010.08.24 22:57:53 | 004,089,429 | -H-- | M] () -- C:\Users\Maximilian\AppData\Local\IconCache.db
[2010.08.24 21:12:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maximilian\Desktop\OTL.exe
[2010.08.24 13:33:45 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010.08.24 12:15:52 | 000,001,291 | ---- | M] () -- C:\Users\Maximilian\Desktop\World of Warcraft-Installationsprogramm.lnk
[2010.08.23 21:44:14 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.23 21:44:14 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.23 21:44:14 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.23 21:44:14 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.23 21:44:14 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.23 19:13:52 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.08.23 19:13:51 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010.08.23 15:46:17 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.23 15:45:15 | 008,408,392 | ---- | M] (Mozilla) -- C:\Users\Maximilian\Firefox Setup 3.6.8.exe
[2010.08.22 19:05:38 | 000,007,606 | ---- | M] () -- C:\Users\Maximilian\AppData\Local\Resmon.ResmonCfg
[2010.08.22 18:56:10 | 000,000,963 | ---- | M] () -- C:\Users\Maximilian\Desktop\HD Tune Pro.lnk
[2010.08.22 17:45:37 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.22 15:27:03 | 000,000,935 | ---- | M] () -- C:\Users\Maximilian\Desktop\SIW.lnk
[2010.08.21 18:11:53 | 000,000,059 | ---- | M] () -- C:\Windows\DelToolbox.bat
[2010.08.21 18:03:23 | 000,001,239 | ---- | M] () -- C:\Users\Maximilian\Desktop\DVDVideoSoft Free Studio.lnk
[2010.08.14 21:27:17 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.08.13 16:15:24 | 000,000,000 | ---- | M] () -- C:\Users\Maximilian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010.08.13 16:10:00 | 000,034,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\lhacm.acm
[2010.08.13 16:09:58 | 000,000,978 | ---- | M] () -- C:\Users\Maximilian\Desktop\Teamspeak 2 RC2.lnk
[2010.08.13 10:49:53 | 000,289,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.08.12 00:04:43 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.08.09 18:23:51 | 000,002,385 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010.08.09 13:43:36 | 000,172,592 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010.08.09 13:43:36 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010.08.09 13:43:36 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010.08.09 13:43:21 | 000,583,296 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\cchpx64.sys
[2010.08.09 13:43:19 | 000,009,412 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symnetv.cat
[2010.08.09 13:43:19 | 000,001,481 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymNetV.inf
[2010.08.09 13:43:19 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\isolate.ini
[2010.08.08 12:00:30 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.08.08 11:58:52 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.08.08 11:53:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.08.08 11:23:22 | 000,062,952 | ---- | M] () -- C:\Users\Maximilian\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.07 23:08:54 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.08.07 21:24:43 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010.08.07 21:23:28 | 000,524,288 | -HS- | M] () -- C:\Users\Maximilian\ntuser.dat{b358bdb9-a257-11df-b004-001d602d0ed3}.TMContainer00000000000000000002.regtrans-ms
[2010.08.07 21:23:28 | 000,065,536 | -HS- | M] () -- C:\Users\Maximilian\ntuser.dat{b358bdb9-a257-11df-b004-001d602d0ed3}.TM.blf
[2010.08.07 21:23:27 | 000,524,288 | -HS- | M] () -- C:\Users\Maximilian\ntuser.dat{b358bdb9-a257-11df-b004-001d602d0ed3}.TMContainer00000000000000000001.regtrans-ms
[2010.08.07 21:22:16 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010.08.07 21:00:31 | 000,524,288 | -HS- | M] () -- C:\Users\Maximilian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.08.07 21:00:31 | 000,524,288 | -HS- | M] () -- C:\Users\Maximilian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.08.07 21:00:31 | 000,065,536 | -HS- | M] () -- C:\Users\******\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.08.07 20:52:28 | 000,000,020 | -HS- | M] () -- C:\Users\******\ntuser.ini
[2010.08.07 20:28:12 | 000,054,699 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010.08.07 20:28:12 | 000,054,699 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010.08.07 20:25:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.07.29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
 
========== Files Created - No Company Name ==========
 
[2010.08.24 19:17:07 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.08.24 19:17:07 | 000,000,000 | ---- | C] () -- C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010.08.24 12:17:01 | 000,000,719 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010.08.24 12:15:52 | 000,001,291 | ---- | C] () -- C:\Users\*********\Desktop\World of Warcraft-Installationsprogramm.lnk
[2010.08.23 16:04:40 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010.08.23 15:46:17 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.22 18:56:10 | 000,000,963 | ---- | C] () -- C:\Users\*******\Desktop\HD Tune Pro.lnk
[2010.08.22 17:45:37 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.22 15:27:03 | 000,000,935 | ---- | C] () -- C:\Users\*******\Desktop\SIW.lnk
[2010.08.21 18:11:53 | 000,000,059 | ---- | C] () -- C:\Windows\DelToolbox.bat
[2010.08.21 18:03:17 | 000,001,239 | ---- | C] () -- C:\Users\*******\Desktop\DVDVideoSoft Free Studio.lnk
[2010.08.14 21:27:17 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.08.13 16:09:58 | 000,000,978 | ---- | C] () -- C:\Users\******\Desktop\Teamspeak 2 RC2.lnk
[2010.08.12 00:04:43 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.08.09 18:24:03 | 001,132,046 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\Cat.DB
[2010.08.09 13:43:34 | 000,009,415 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymNet.cat
[2010.08.09 13:43:34 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtsp64.cat
[2010.08.09 13:43:34 | 000,007,401 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtspx64.cat
[2010.08.09 13:43:34 | 000,007,399 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymEFA64.cat
[2010.08.09 13:43:34 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymEFA.inf
[2010.08.09 13:43:34 | 000,001,480 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymNet.inf
[2010.08.09 13:43:34 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtsp64.inf
[2010.08.09 13:43:34 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtspx64.inf
[2010.08.09 13:43:33 | 000,007,362 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\BHDrvx64.CAT
[2010.08.09 13:43:33 | 000,007,345 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\ccHPx64.cat
[2010.08.09 13:43:33 | 000,001,836 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\ccHPx64.inf
[2010.08.09 13:43:33 | 000,000,640 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\BHDrvx64.inf
[2010.08.09 13:43:19 | 000,009,412 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symnetv.cat
[2010.08.09 13:43:19 | 000,001,481 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymNetV.inf
[2010.08.09 13:43:19 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\isolate.ini
[2010.08.08 13:18:18 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010.08.08 13:18:18 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010.08.08 13:18:12 | 000,002,385 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010.08.08 12:49:31 | 000,007,606 | ---- | C] () -- C:\Users\******\AppData\Local\Resmon.ResmonCfg
[2010.08.08 12:00:30 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.08.08 11:58:52 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.08.08 11:53:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.08.07 23:08:54 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.08.07 21:24:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.08.07 21:18:20 | 000,524,288 | -HS- | C] () -- C:\Users\*******\ntuser.dat{b358bdb9-a257-11df-b004-001d602d0ed3}.TMContainer00000000000000000002.regtrans-ms
[2010.08.07 21:18:20 | 000,524,288 | -HS- | C] () -- C:\Users\********\ntuser.dat{b358bdb9-a257-11df-b004-001d602d0ed3}.TMContainer00000000000000000001.regtrans-ms
[2010.08.07 21:18:20 | 000,065,536 | -HS- | C] () -- C:\Users\*******\ntuser.dat{b358bdb9-a257-11df-b004-001d602d0ed3}.TM.blf
[2010.08.07 20:52:28 | 001,048,576 | -HS- | C] () -- C:\Users\*****\ntuser.dat
[2010.08.07 20:52:28 | 000,524,288 | -HS- | C] () -- C:\Users\*******\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.08.07 20:52:28 | 000,524,288 | -HS- | C] () -- C:\Users\******\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.08.07 20:52:28 | 000,262,144 | -HS- | C] () -- C:\Users\******\ntuser.dat.LOG1
[2010.08.07 20:52:28 | 000,065,536 | -HS- | C] () -- C:\Users\*******\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.08.07 20:52:28 | 000,000,020 | -HS- | C] () -- C:\Users\******\ntuser.ini
[2010.08.07 20:52:28 | 000,000,000 | -HS- | C] () -- C:\Users\******\ntuser.dat.LOG2
[2010.08.07 20:25:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.08.07 20:23:14 | 474,536,869 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.08.07 20:17:06 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010.08.07 20:17:04 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010.08.07 19:18:00 | 2616,057,856 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
--- --- ---

Dumbody 24.08.2010 22:57
Extras.txt log:OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 24.08.2010 23:47:51 - Run 1
OTL by OldTimer - Version 3.2.10.0    Folder = C:\Users\Maximilian\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,55 Gb Total Space | 34,70 Gb Free Space | 46,54% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 202,40 Gb Free Space | 86,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: THT-MAXI
Current User Name: Maximilian
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{B93D47B2-0862-E2E6-8115-B5DAF7AE3C01}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{5662D815-DB58-5082-315B-0326B37EB7CB}" = CCC Help English
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8C65C65C-530F-B2DB-BBD7-AF554ABEBBA1}" = Catalyst Control Center Graphics Previews Common
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D69D4AE5-717C-5E56-A56F-542EF5F6A84C}" = Catalyst Control Center Graphics Previews Vista
"{DB837E02-82D0-3888-6DEC-D29587CCDC2F}" = ccc-core-static
"{F86B6849-38E0-7818-F21E-6DC637932076}" = Catalyst Control Center InstallProxy
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"HD Tune Pro_is1" = HD Tune Pro 4.50
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"NAV" = Norton AntiVirus
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"World of Warcraft" = World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.08.2010 09:25:52 | Computer Name = tht-maxi | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1614809495-QkxaMDAwMkY2SkpEMUNBQjJDMjA3ODBEZkE2a0E2REQ=._bzdn._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 23.08.2010 09:54:00 | Computer Name = tht-maxi | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1614809495-QkxaMDAwMkY2SkpEMUNBQjJDMjA3ODBEZkE2a0E2REQ=._bzdn._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 23.08.2010 14:28:00 | Computer Name = tht-maxi | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1614809495-QkxaMDAwMkY2SkpEMUNBQjJDMjA3ODBEZkE2a0E2REQ=._bzdn._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 24.08.2010 07:26:25 | Computer Name = tht-maxi | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(E2D59B3D503512C5F022BLZ0001F6JJD1CAB2C20780D`850CA\032._bzdn._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 24.08.2010 07:47:19 | Computer Name = tht-maxi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5be07e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000016d11
ID
 des fehlerhaften Prozesses: 0x384  Startzeit der fehlerhaften Anwendung: 0x01cb436cef116b59
Pfad
 der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: 595103d5-af75-11df-8743-001d602d0ed3
 
Error - 24.08.2010 07:54:13 | Computer Name = tht-maxi | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1996032853-QkxaMDAwMkY2SkpEMUNBQjJDMjA3ODBERTMqQTNCQTg=._bzdn._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 24.08.2010 08:41:22 | Computer Name = tht-maxi | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1502087261-QkxaMDAwMkY2SkpEMUNBQjJDMjA3ODBERTdDNTkzW0Iz._bzdn._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 24.08.2010 08:45:42 | Computer Name = tht-maxi | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1747257897-QkxaMDAwMkY2SkpEMUNBQjJDMjA3ODBEMUEpMDQ4MTk=._bzdn._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 24.08.2010 08:52:12 | Computer Name = tht-maxi | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1502087223-QkxaMDAwMkY2SkpEMUNBQjJDMjA3ODBEOEVEQyVBQ0FB._bzdn._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 24.08.2010 17:38:12 | Computer Name = tht-maxi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OTL.exe, Version: 3.2.10.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x31f3e0a1  ID des fehlerhaften Prozesses:
 0xe88  Startzeit der fehlerhaften Anwendung: 0x01cb43d2091a56ac  Pfad der fehlerhaften
 Anwendung: C:\Users\Maximilian\Desktop\OTL.exe  Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
 e4bdfbbc-afc7-11df-bda3-001d602d0ed3
 
[ System Events ]
Error - 24.08.2010 07:47:49 | Computer Name = tht-maxi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Zugriff auf Eingabegeräte" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 24.08.2010 07:47:49 | Computer Name = tht-maxi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Netzwerkverbindungen" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 24.08.2010 07:47:49 | Computer Name = tht-maxi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Programmkompatibilitäts-Assistent-Dienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 24.08.2010 07:47:49 | Computer Name = tht-maxi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 24.08.2010 07:47:49 | Computer Name = tht-maxi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Überwachung verteilter Verknüpfungen (Client)" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 24.08.2010 07:47:49 | Computer Name = tht-maxi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Sitzungs-Manager für Desktopfenster-Manager" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 24.08.2010 07:47:49 | Computer Name = tht-maxi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Enumeratordienst für tragbare Geräte" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 24.08.2010 07:47:49 | Computer Name = tht-maxi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework"
 wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
 werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 24.08.2010 17:40:30 | Computer Name = tht-maxi | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?08.?2010 um 23:38:48 unerwartet heruntergefahren.
 
Error - 24.08.2010 17:40:38 | Computer Name = tht-maxi | Source = BugCheck | ID = 1001
Description =
 
 
< End of report >
--- --- ---

cosinus 25.08.2010 10:47
memtest86 - buffed.de Community Foren

Was soll das Crossposting :koch: :pfui:

Dumbody 25.08.2010 11:02
In dem Thema gings ja anfangs um was ganz anderes^^ Sry wenn das trozdem falsch war. Ich werde natürlich sofort schreiben, dass das Problem hier weiter behandelt wird^^

Dumbody 10.09.2010 13:04
Danke für die weiter Hilfe... omg


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:21 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129