|
Log-Analyse und Auswertung: "Erkennungsprogramm des Backdoorprogrammes BDS/Papras.GX" - Entfernung nicht möglichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.06.2010, 12:46 | #16 |
/// Malware-holic | "Erkennungsprogramm des Backdoorprogrammes BDS/Papras.GX" - Entfernung nicht möglich reinige mit otcleanit: http://oldtimer.geekstogo.com/OTM.exe Klicke cleanup! dein pc wird evtl. neu starten programm löscht sich selbst, + die verwendeten tools die systemwiederherstellung de- und reaktivieren: Systemwiederherstellung deaktivieren unter Vista - Windows Tipps Tricks Computer PC Hilfe nutze ab sofort secunia, damit deine software aktuell bleibt: http://www.trojaner-board.de/83959-s...ector-psi.html zum schluss noch den eset online scanner nutzen: Free ESET Online Antivirus Scanner eventuelle funde löschen, log posten. |
21.06.2010, 09:43 | #17 |
| "Erkennungsprogramm des Backdoorprogrammes BDS/Papras.GX" - Entfernung nicht möglich Moin da ich eine ähnliches Problem habe dachte ich mir ich schreibs hier mit rein. OTL hab ich mit den hier aufgefüherten angaben durchlaufen lassen und folgend sind die beiden LOG files. Ich hoffe ihr könnt mir weiter helfen.
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.06.2010 10:28:41 - Run 1 OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\Vod Katitten\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,79 Gb Total Space | 8,51 Gb Free Space | 7,61% Space Free | Partition Type: NTFS Drive D: | 446,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: VODKATITTEN-PC Current User Name: Vod Katitten Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Vod Katitten\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream) PRC - C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe () PRC - C:\Programme\Motorola\MotoConnectService\MotoConnect.exe (Motorola) PRC - C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) PRC - C:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com) PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Motorola Media Link\NServiceEntry.exe (Nero AG) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Programme\FlashGet\flashget.exe (FlashGet.com) PRC - C:\Programme\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) ========== Modules (SafeList) ========== MOD - C:\Users\Vod Katitten\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MotoConnect Service) -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe () SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks) SRV - (DeviceMonitorService) -- C:\Program Files\Motorola Media Link\NServiceEntry.exe (Nero AG) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (CoordinatorServiceHost) -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.) SRV - (Viewpoint Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (easytether) -- C:\Windows\System32\drivers\easytthr.sys (Mobile Stream) DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola) DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (RivaTuner32) -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys () DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (androidusb) -- C:\Windows\System32\drivers\motoandroid.sys (Motorola) DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (MotDev) -- C:\Windows\System32\drivers\motodrv.sys (Motorola Inc) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola) DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc) DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4229533654-402872888-3748907340-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com IE - HKU\S-1-5-21-4229533654-402872888-3748907340-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4229533654-402872888-3748907340-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4229533654-402872888-3748907340-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 7C 97 08 06 4C CA 01 [binary data] IE - HKU\S-1-5-21-4229533654-402872888-3748907340-1001\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-4229533654-402872888-3748907340-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-4229533654-402872888-3748907340-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.fal40k.de" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.06 18:09:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.16 06:42:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.17 18:59:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.10.13 15:24:11 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\mozilla\Extensions [2010.06.18 19:50:02 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\mozilla\Firefox\Profiles\f7f6b0so.default\extensions [2010.01.17 15:18:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Vod Katitten\AppData\Roaming\mozilla\Firefox\Profiles\f7f6b0so.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.06.15 22:34:04 | 000,000,944 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\Mozilla\FireFox\Profiles\f7f6b0so.default\searchplugins\icqplugin.xml [2010.04.06 18:09:19 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.10.13 16:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.03.12 16:16:54 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Programme\Mozilla Firefox\plugins\npEModelPlugin.dll [2010.03.21 18:18:33 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.21 18:18:33 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.21 18:18:34 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.21 18:18:34 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.21 18:18:34 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll (www.flashget.com) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com) O4 - HKLM..\Run: [mumservice] C:\Programme\Motorola\Software Update\mumservice.exe (Motorola) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.) O4 - HKU\S-1-5-21-4229533654-402872888-3748907340-1001..\Run: [cmdkGDI] C:\Benutzer\Vod Katitten\AppData\Local\Temp\dispvaws.dll File not found O4 - HKU\S-1-5-21-4229533654-402872888-3748907340-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-4229533654-402872888-3748907340-1001..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream) O4 - HKU\S-1-5-21-4229533654-402872888-3748907340-1001..\Run: [EPSON Stylus DX5000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-4229533654-402872888-3748907340-1001..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Vod Katitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntuser_mssec.exe () O4 - Startup: C:\Users\Vod Katitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\JC_LINK.HTM () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.10.12 11:51:20 | 000,000,027 | R--- | M] () - D:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{54c35cbc-b7f7-11de-8bb3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{54c35cbc-b7f7-11de-8bb3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2009.10.12 11:52:20 | 000,756,290 | R--- | M] (Motorola ) O33 - MountPoints2\{7ceb653e-b80e-11de-8812-00a0d16a4b62}\Shell - "" = AutoRun O33 - MountPoints2\{7ceb653e-b80e-11de-8812-00a0d16a4b62}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found O33 - MountPoints2\{7ceb653e-b80e-11de-8812-00a0d16a4b62}\Shell\readit\command - "" = notepad readme.doc O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2009.07.14 04:37:08 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {320247A1-2A0B-37CD-22F4-91D2143B631F} - Microsoft Windows Media Player ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A3002172-AE8F-34A3-E266-A74569940473} - Themes Setup ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CE2BF76C-0C17-30EC-504E-D50B8C25CAAE} - Java (Sun) ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Packed With Joy !) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.divx - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll () Drivers32: vidc.vp60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.vp61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.vp62 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) ========== Files/Folders - Created Within 30 Days ========== [2010.06.21 10:26:35 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Vod Katitten\Desktop\OTL.exe [2010.06.16 19:41:40 | 000,000,000 | ---D | C] -- C:\Users\Vod Katitten\Documents\BT [2010.06.15 17:06:10 | 000,000,000 | ---D | C] -- C:\Users\Vod Katitten\Documents\bla [2010.06.14 16:31:22 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.06.14 16:31:21 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.06.14 16:31:15 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.06.14 16:31:15 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.06.14 16:31:14 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.06.14 16:31:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.06.14 16:31:06 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.06.14 16:31:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.06.10 17:46:43 | 000,010,496 | ---- | C] (Mobile Stream) -- C:\Windows\System32\drivers\easytthr.sys [2010.06.10 17:46:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2010.06.10 17:46:42 | 000,000,000 | ---D | C] -- C:\Programme\Mobile Stream [2010.05.26 17:46:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll ========== Files - Modified Within 30 Days ========== [2010.06.21 10:31:29 | 005,505,024 | -HS- | M] () -- C:\Users\Vod Katitten\NTUSER.DAT [2010.06.21 10:05:34 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.21 10:05:34 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.21 09:57:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.21 09:57:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.21 09:57:48 | 1609,080,832 | -HS- | M] () -- C:\hiberfil.sys [2010.06.21 01:09:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Vod Katitten\Desktop\OTL.exe [2010.06.18 20:29:07 | 001,758,587 | -H-- | M] () -- C:\Users\Vod Katitten\AppData\Local\IconCache.db [2010.06.18 17:00:50 | 000,000,100 | --S- | M] () -- C:\Users\Vod Katitten\AppData\Local\2218950567.dat [2010.06.18 16:59:15 | 000,000,008 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\dhxiuw.dat [2010.06.17 16:31:48 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.17 16:31:48 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.17 16:31:48 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.17 16:31:48 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.17 16:31:48 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.16 19:09:12 | 000,003,119 | ---- | M] () -- C:\Users\Vod Katitten\Desktop\nomencl.ist [2010.06.15 16:04:46 | 000,450,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.10 17:48:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motoandroid_01007.Wdf [2010.05.28 23:18:54 | 000,010,496 | ---- | M] (Mobile Stream) -- C:\Windows\System32\drivers\easytthr.sys [2010.05.27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.05.27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll ========== Files Created - No Company Name ========== [2010.06.18 16:59:20 | 000,000,100 | --S- | C] () -- C:\Users\Vod Katitten\AppData\Local\2218950567.dat [2010.06.18 16:59:13 | 000,000,008 | ---- | C] () -- C:\Users\Vod Katitten\AppData\Roaming\dhxiuw.dat [2010.06.16 19:09:12 | 000,003,119 | ---- | C] () -- C:\Users\Vod Katitten\Desktop\nomencl.ist [2010.06.10 17:48:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motoandroid_01007.Wdf [2009.10.26 12:54:07 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2009.10.22 23:08:04 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll [2009.10.22 14:06:30 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI [2009.10.20 12:23:27 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.10.13 17:37:45 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.08.27 21:04:44 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll [2009.08.27 21:04:32 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll [2009.08.27 21:03:52 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2009.08.25 20:07:36 | 000,683,520 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll [2009.08.25 19:38:04 | 000,238,080 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2009.08.25 18:56:56 | 000,791,742 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.08.25 18:37:02 | 000,145,609 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.02 19:15:44 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2009.06.02 19:15:18 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll [2009.06.02 19:15:04 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2009.06.02 19:14:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2009.06.02 19:14:30 | 000,485,888 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2009.06.02 19:13:58 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2009.06.02 19:13:50 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2009.06.02 19:11:26 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2009.06.02 19:11:16 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.01.11 00:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll [2009.01.11 00:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll [2009.01.11 00:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll [2009.01.11 00:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll [2009.01.11 00:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll [2009.01.11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll [2009.01.11 00:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll [2009.01.11 00:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll [2009.01.11 00:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll [2009.01.11 00:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll [2009.01.11 00:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll [2008.12.04 00:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2007.10.13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini [2007.07.10 19:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2007.02.09 01:36:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll ========== LOP Check ========== [2010.03.27 10:59:56 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\Academic Software Zurich [2009.10.13 17:42:23 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\DAEMON Tools Lite [2010.03.24 07:36:17 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\FileZilla [2010.01.02 10:40:35 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\FlashGet [2010.01.02 10:16:55 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\GrabPro [2009.12.08 15:27:28 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\gtk-2.0 [2010.06.05 13:39:38 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\ICQ [2009.10.26 12:54:56 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\IM [2009.12.23 18:27:23 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\ImgBurn [2010.03.24 20:06:17 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\JabRef 2.5 [2009.12.02 12:33:13 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\OpenOffice.org [2010.06.21 10:26:54 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\Orbit [2010.01.25 11:08:53 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\PTC [2009.10.13 15:51:48 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\Thunderbird [2010.05.14 12:15:37 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\uTorrent [2010.05.31 20:48:44 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.03.27 10:59:56 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\Academic Software Zurich [2009.10.15 07:26:48 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\Adobe [2009.10.13 17:42:23 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\DAEMON Tools Lite [2009.10.22 23:09:46 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\DivX [2010.03.24 07:36:17 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\FileZilla [2010.01.02 10:40:35 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\FlashGet [2010.01.02 10:16:55 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\GrabPro [2009.12.08 15:27:28 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\gtk-2.0 [2010.06.05 13:39:38 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\ICQ [2009.10.13 15:06:01 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\Identities [2009.10.26 12:54:56 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\IM [2009.12.23 18:27:23 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\ImgBurn [2010.03.24 20:06:17 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\JabRef 2.5 [2009.10.13 15:10:26 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\Macromedia [2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\Media Center Programs [2010.02.20 12:16:15 | 000,000,000 | --SD | M] -- C:\Users\Vod Katitten\AppData\Roaming\Microsoft [2009.10.23 11:43:53 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX [2009.10.13 15:51:49 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\Mozilla [2009.12.02 12:33:13 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\OpenOffice.org [2010.06.21 10:26:54 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\Orbit [2010.01.25 11:08:53 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\PTC [2010.06.21 10:28:26 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\Skype [2010.06.21 09:58:31 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\skypePM [2010.06.16 19:09:59 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\SolidWorks [2009.10.13 15:51:48 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\Thunderbird [2010.05.14 12:15:37 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\uTorrent [2010.05.10 18:28:49 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\vlc [2009.11.23 19:27:45 | 000,000,000 | ---D | M] -- C:\Users\Vod Katitten\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2009.06.22 20:03:08 | 000,048,946 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\JabRef 2.5\JabRef.exe [2010.03.24 20:06:17 | 000,062,536 | ---- | M] (JabRef Team) -- C:\Users\Vod Katitten\AppData\Roaming\JabRef 2.5\uninstall.exe [2009.07.14 03:14:39 | 000,058,880 | R-S- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntuser_mssec.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\afm2afm.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\authorindex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\autoinst.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\bdftops.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\bib2xhtml.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\bibhtml.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html1.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html2.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html3.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\birm.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\cmap2enc.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\config.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\csvtools.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbcontext.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\dblatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmcontext.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmlatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmmex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmtex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmtexi.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmxelatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmxetex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbtex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbtexi.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbxelatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbxetex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\dumphint.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\eps2eps.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\escontext.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\eslatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\esmex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\estex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\estexi.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\esxelatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\esxetex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\feynmf.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\fig4latex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\findhyph.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\fixmswrd.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\fixwada2.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\font2afm.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\font2c.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsbj.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsdj.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsdj500.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\gslj.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\gslp.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsnd.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsndt.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\gssetgs.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\gst.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\gstt.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\ht.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\htcontext.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\htlatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\htmex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\httex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\httexi.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\htxelatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\htxetex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\ibyhyph.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1context.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1latex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1mex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1tex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1texi.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1xelatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1xetex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhcontext.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhlatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhmex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhtex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhtexi.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhxelatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhxetex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jkpexa.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmcontext.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmlatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmmex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmtex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmtexi.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmxelatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmxetex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jscontext.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jslatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsmex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jstex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jstexi.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsxelatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsxetex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-fast.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-so.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-vc.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexmk.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexrevise.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\lp386.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\lp386r2.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\lpgs.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\lpr2.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\makeglossaries.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\makeuniwada.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\merge.exe [2009.09.23 16:47:53 | 001,234,432 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\miktex-taskbar-icon.exe [2009.09.23 16:47:53 | 001,234,432 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\miktex-update.exe [2009.09.23 16:47:53 | 001,234,944 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\miktex-update_admin.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\mk4ht.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\mkt1font.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\mm.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzcontext.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzlatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzmex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\mztex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\mztexi.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzxelatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzxetex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\nts.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\oocontext.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\oolatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\oomex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\ootex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\ootexi.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\ooxelatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\ooxetex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\orderrefs.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\ot2kpx.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdf2dsc.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdf2ps.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfatfi.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfcrop.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfopt.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\pedigree.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\perltex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\pf2afm.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\pfbtopfa.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\pfm2kpx.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\pftogsf.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\plind.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\pn2pdf.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ascii.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2epsi.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf12.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf13.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf14.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdfxx.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ps.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ps2.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps4pdf.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\pst2pdf.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\rcsinfo.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\showglyphs.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\splitindex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\svn-multi.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\teicontext.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\teilatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimcontext.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimlatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimmex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimtex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimtexi.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimxelatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimxetex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\teitex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\teitexi.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\teixelatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\teixetex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\texcount.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\texdiff.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\texdirflatten.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\texshow.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\thumbpdf.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\urlbst.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhcontext.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhlatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhmex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhtex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhtexi.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhxelatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhxetex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\vpl2ovp.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\vpl2vpl.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\wcontext.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\wlatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\wmakebat.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\wmex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\wtex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\wtexi.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\wxelatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\wxetex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\xdv2pdf_mergemarks.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhcontext.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhlatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmcontext.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmlatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmmex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmtex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmtexi.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmxelatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmxetex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhtex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhtexi.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhxelatex.exe [2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Vod Katitten\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhxetex.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2009.10.13 17:37:45 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2009.07.14 03:15:28 | 000,186,368 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 180 bytes -> C:\Users\Vod Katitten\Desktop\turb.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 180 bytes -> C:\Users\Vod Katitten\Desktop\Gast.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 180 bytes -> C:\Users\Vod Katitten\Desktop\fs.jpeg:3or4kl4x13tuuug3Byamue2s4b < End of report > Gruß Benny |
21.06.2010, 09:44 | #18 |
| "Erkennungsprogramm des Backdoorprogrammes BDS/Papras.GX" - Entfernung nicht möglich Da der erste Post zu lang war hier die 2. Log
__________________OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.06.2010 10:28:41 - Run 1 OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\Vod Katitten\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,79 Gb Total Space | 8,51 Gb Free Space | 7,61% Space Free | Partition Type: NTFS Drive D: | 446,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: VODKATITTEN-PC Current User Name: Vod Katitten Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4229533654-402872888-3748907340-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{1B140425-1EA0-4AB8-BB31-1830C4A0A1F2}" = DWGeditor "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17 "{52C5486C-ADA3-462E-8A8C-2B6A15965BF5}" = SolidWorks 2009 SP03 "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{80BA07B3-537F-4189-92F7-26E2BA76095A}" = SolidWorks eDrawings 2009 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007 "{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components "{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme "{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch "{CDF43D8A-1F37-48FF-A010-1291799BA87E}" = CFdesign 3D-Viewer "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{D9DC70B6-BE13-41DD-9053-9E617E72D085}" = MOTOROLA MEDIA LINK "{E5FCCD4A-1619-48AB-AB37-E0A678FD3FF1}" = Motorola Software Update "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate "{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI "{FCD2F99C-3CB4-454E-BBA6-28FDCF2040D0}" = EasyTether "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Citavi" = Citavi 2.5 "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Emperor" = Emperor: Battle For Dune "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Printer and Utilities" = EPSON-Drucker-Software "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "FileZilla Client" = FileZilla Client 3.3.2 "FlashGet" = FlashGet 1.9.6.1073 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "ICQToolbar" = ICQ Toolbar "ImgBurn" = ImgBurn "InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers. "Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU "MiKTeX 2.8" = MiKTeX 2.8 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24) "NVIDIA Drivers" = NVIDIA Drivers "Orbit_is1" = Orbit Downloader "Password Safe" = Password Safe "Picasa 3" = Picasa 3 "PRJPRO" = Microsoft Office Project Professional 2007 "Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M092" = Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M092 "RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition "SolidWorks Installation Manager 20090-40300-1100-200" = SolidWorks 2009 SP03 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1 "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "ViewpointMediaPlayer" = Viewpoint Media Player "VISPRO" = Microsoft Office Visio Professional 2007 "VLC media player" = VLC media player 1.0.3 "Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.1.0 "WinGimp-2.0_is1" = GIMP 2.6.7 "WinRAR archiver" = WinRAR "xp-AntiSpy" = xp-AntiSpy 3.97-3 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4229533654-402872888-3748907340-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "pdfsam" = pdfsam ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 17.06.2010 11:51:48 | Computer Name = VodKatitten-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 17.06.2010 11:51:48 | Computer Name = VodKatitten-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\ia64\msvsmon.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.06.2010 00:40:23 | Computer Name = VodKatitten-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Motorola Media Link\MML.exe.Manifest". Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.06.2010 10:44:43 | Computer Name = VodKatitten-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Motorola Media Link\MML.exe.Manifest". Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.06.2010 13:39:46 | Computer Name = VodKatitten-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Motorola Media Link\MML.exe.Manifest". Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.06.2010 14:21:09 | Computer Name = VodKatitten-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Motorola Media Link\NMDllHost.exe.Manifest". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.06.2010 14:21:13 | Computer Name = VodKatitten-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Motorola Media Link\MML.exe.Manifest". Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.06.2010 14:23:16 | Computer Name = VodKatitten-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.06.2010 14:23:16 | Computer Name = VodKatitten-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\ia64\msvsmon.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 21.06.2010 03:58:11 | Computer Name = VodKatitten-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Motorola Media Link\MML.exe.Manifest". Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ OSession Events ] Error - 10.11.2009 10:08:22 | Computer Name = VodKatitten-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1468 seconds with 1080 seconds of active time. This session ended with a crash. Error - 14.12.2009 11:04:22 | Computer Name = VodKatitten-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash. Error - 15.12.2009 14:45:44 | Computer Name = VodKatitten-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 114 seconds with 0 seconds of active time. This session ended with a crash. Error - 26.01.2010 10:44:47 | Computer Name = VodKatitten-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22 seconds with 0 seconds of active time. This session ended with a crash. Error - 26.01.2010 12:35:14 | Computer Name = VodKatitten-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 45 seconds with 0 seconds of active time. This session ended with a crash. Error - 04.06.2010 13:16:53 | Computer Name = VodKatitten-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 685 seconds with 420 seconds of active time. This session ended with a crash. [ System Events ] Error - 15.06.2010 10:11:08 | Computer Name = VodKatitten-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 15.06.2010 10:11:09 | Computer Name = VodKatitten-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 15.06.2010 10:11:09 | Computer Name = VodKatitten-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 15.06.2010 10:11:10 | Computer Name = VodKatitten-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 16.06.2010 12:57:15 | Computer Name = VodKatitten-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 16.06.2010 12:57:16 | Computer Name = VodKatitten-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 16.06.2010 12:57:17 | Computer Name = VodKatitten-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 16.06.2010 12:57:18 | Computer Name = VodKatitten-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 16.06.2010 12:57:18 | Computer Name = VodKatitten-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 16.06.2010 12:57:19 | Computer Name = VodKatitten-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. < End of report > [/CODE] Gruß Benny |
Themen zu "Erkennungsprogramm des Backdoorprogrammes BDS/Papras.GX" - Entfernung nicht möglich |
adaware, bds/papras.gx, community, dateien, deaktivieren, entfernung, erhalte, folge, folgende, folgendes, forum, gefährliche, genannt, hilfesuchend, meldung, neustart, nicht möglich, nichts, ratlos, spybot, systemwiederherstellung, thema, theme, themen, tipps, verdächtige, wirklich, zugriff |