Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne

Mülltonne: Java Agents /Exploits

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 13.12.2010, 16:12   #1
caspieler
 
Java Agents /Exploits - Standard

Java Agents /Exploits



Hallo,
nach einem Suchlauf hat mein Antivir folgende Spyware auf dem Computer gefunden. Wie werde ich sie los ohne mein System zu formatieren?

Java/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-27646895



JAVA/Agent.DU in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-27646895'


EXP/Java.2009-3867 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\3e36666f-5493f87c'
EXP/Java.2009-3867'

hier ist der OTL-Text
Code:
ATTFilter
OTL logfile created on: 12/13/2010 4:06:34 PM - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Ngo\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.07 Gb Total Space | 874.42 Gb Free Space | 95.14% Space Free | Partition Type: NTFS
Drive D: | 12.35 Gb Total Space | 1.51 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
 
Computer Name: NGO-HP | User Name: Ngo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ngo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Ngo\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\ezSharedSvcHost.exe File not found
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (VX3000) -- C:\Windows\SysNative\drivers\VX3000.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/12 19:06:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/12 19:06:07 | 000,000,000 | ---D | M]
 
[2010/09/11 15:09:53 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\mozilla\Extensions
[2010/12/13 15:55:33 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\mozilla\Firefox\Profiles\yjysjok6.default\extensions
[2010/09/19 18:05:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ngo\AppData\Roaming\mozilla\Firefox\Profiles\yjysjok6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/11 16:44:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/11 16:44:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/11 16:44:37 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/11 16:17:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/10/22 18:04:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/10/22 18:04:51 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/10/22 18:04:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/10/22 18:04:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/10/22 18:04:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ngo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ngo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/12/12 19:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2010/12/12 14:46:10 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/12/12 14:46:10 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/12/12 14:46:10 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/12/12 14:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/12/07 17:34:07 | 000,143,872 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iacenc.dll
[2010/12/03 20:03:15 | 000,000,000 | ---D | C] -- C:\Users\Ngo\Documents\Tunngle
[2010/12/03 20:03:12 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys
[2010/12/03 20:03:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle
[2010/11/27 20:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2010/11/19 16:54:47 | 000,000,000 | ---D | C] -- C:\Users\Ngo\Documents\Cross Fire
[2010/11/16 19:09:51 | 000,000,000 | ---D | C] -- C:\Users\Ngo\AppData\Roaming\Canneverbe Limited
[2010/11/16 19:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2010/11/16 19:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
 
========== Files - Modified Within 30 Days ==========
 
[2010/12/13 15:49:21 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/13 15:49:21 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/13 15:46:08 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/13 15:46:08 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010/12/13 15:46:08 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/13 15:46:08 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010/12/13 15:46:08 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/13 15:41:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/13 15:41:46 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/12 19:27:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2010/12/12 18:59:30 | 000,007,605 | ---- | M] () -- C:\Users\Ngo\AppData\Local\Resmon.ResmonCfg
[2010/12/12 14:46:06 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010/12/12 14:46:06 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/12/12 14:46:06 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/12/12 14:46:06 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/12/12 12:14:38 | 000,107,815 | ---- | M] () -- C:\Users\Ngo\Desktop\800px-New-Map-Francophone_World.PNG
[2010/12/07 20:15:29 | 000,361,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/06 18:46:28 | 000,061,151 | ---- | M] () -- C:\Users\Ngo\Documents\44B02FF3d01.pdf
[2010/11/28 13:30:15 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/11/27 20:18:27 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\Age of Mythology.lnk
[2010/11/15 17:25:54 | 001,960,452 | ---- | M] () -- C:\Users\Ngo\Documents\deutschblatt.jpg
 
========== Files Created - No Company Name ==========
 
[2010/12/12 18:59:30 | 000,007,605 | ---- | C] () -- C:\Users\Ngo\AppData\Local\Resmon.ResmonCfg
[2010/12/12 12:14:38 | 000,107,815 | ---- | C] () -- C:\Users\Ngo\Desktop\800px-New-Map-Francophone_World.PNG
[2010/12/07 17:34:07 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2010/12/06 18:46:42 | 000,061,151 | ---- | C] () -- C:\Users\Ngo\Documents\44B02FF3d01.pdf
[2010/11/27 20:18:27 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\Age of Mythology.lnk
[2010/11/15 17:24:44 | 001,960,452 | ---- | C] () -- C:\Users\Ngo\Documents\deutschblatt.jpg
[2010/09/11 16:33:04 | 000,000,284 | ---- | C] () -- C:\Users\Ngo\AppData\Roaming\wklnhst.dat
[2010/05/20 14:26:30 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2010/02/10 02:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
========== LOP Check ==========
 
[2010/11/16 19:09:51 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\Canneverbe Limited
[2010/11/10 17:01:12 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\Canon
[2010/10/16 11:40:48 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/09/11 16:18:19 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\Foxit Software
[2010/12/12 19:06:06 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\Mp3tag
[2010/09/11 17:00:08 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\OpenOffice.org
[2010/11/10 17:31:59 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\PhotoScape
[2010/10/22 18:05:55 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\springlobby
[2010/10/22 18:05:44 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\springsettings
[2010/09/11 16:33:20 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\Template
[2010/12/12 19:06:06 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\Tunngle
[2010/09/11 16:28:11 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\_MDLogs
[2010/10/31 10:05:57 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2010/12/05 18:27:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Und der Extra-text:
Code:
ATTFilter
OTL Extras logfile created on: 12/13/2010 4:06:34 PM - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Ngo\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.07 Gb Total Space | 874.42 Gb Free Space | 95.14% Space Free | Partition Type: NTFS
Drive D: | 12.35 Gb Total Space | 1.51 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
 
Computer Name: NGO-HP | User Name: Ngo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5C7FD70-2C0A-401E-95E9-916363567DDA}" = HP Setup
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Age of Mythology 1.0" = Age of Mythology
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"Combat Arms EU" = Combat Arms EU
"Cross Fire_is1" = Cross Fire En
"DivX Setup.divx.com" = DivX-Setup
"Foxit Reader" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Mp3tag" = Mp3tag v2.46a
"MusicStationNetstaller" = MusicStation
"PhotoScape" = PhotoScape
"PokerStars.net" = PokerStars.net
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Messenger" = Yahoo! Messenger
"Yenka" = Yenka
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11/21/2010 12:44:01 PM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Engine.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cca188f  Name des fehlerhaften Moduls: cshell.dll, Version: 0.0.0.0, Zeitstempel:
 0x4cca1a60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x003b6643  ID des fehlerhaften Prozesses:
 0xfa0  Startzeit der fehlerhaften Anwendung: 0x01cb89992b89f466  Pfad der fehlerhaften
 Anwendung: C:\Nexon\Combat Arms EU\Engine.exe  Pfad des fehlerhaften Moduls: C:\Nexon\Combat
 Arms EU\Game\cshell.dll  Berichtskennung: 8a96e18f-f58e-11df-a0bf-78e7d1d99740
 
Error - 11/21/2010 1:24:41 PM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Engine.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cca188f  Name des fehlerhaften Moduls: cshell.dll, Version: 0.0.0.0, Zeitstempel:
 0x4cca1a60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x003b6643  ID des fehlerhaften Prozesses:
 0xc9c  Startzeit der fehlerhaften Anwendung: 0x01cb899f127ace21  Pfad der fehlerhaften
 Anwendung: C:\Nexon\Combat Arms EU\Engine.exe  Pfad des fehlerhaften Moduls: C:\Nexon\Combat
 Arms EU\Game\cshell.dll  Berichtskennung: 38e838e3-f594-11df-b846-78e7d1d99740
 
Error - 11/22/2010 2:54:02 PM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Engine.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cca188f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0a4c0000  ID des fehlerhaften Prozesses:
 0xd4c  Startzeit der fehlerhaften Anwendung: 0x01cb8a74b8c17e6e  Pfad der fehlerhaften
 Anwendung: C:\Nexon\Combat Arms EU\Engine.exe  Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
 debb507b-f669-11df-b568-78e7d1d99740
 
Error - 11/24/2010 2:42:21 PM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3951,
 Zeitstempel: 0x4cc7ae16  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0xcf0  Startzeit der fehlerhaften Anwendung: 0x01cb8c073d3bfec7  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 91a71697-f7fa-11df-abc0-78e7d1d99740
 
Error - 11/26/2010 2:49:22 PM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3951,
 Zeitstempel: 0x4cc7ae16  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0x390  Startzeit der fehlerhaften Anwendung: 0x01cb8d97a7b1b635  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 e196d683-f98d-11df-b39b-78e7d1d99740
 
Error - 12/3/2010 11:32:20 AM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Engine.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ce4e419  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0a5b0000  ID des fehlerhaften Prozesses:
 0xb98  Startzeit der fehlerhaften Anwendung: 0x01cb92f9ae13d88f  Pfad der fehlerhaften
 Anwendung: C:\Nexon\Combat Arms EU\Engine.exe  Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
 8418ea42-fef2-11df-9e1b-78e7d1d99740
 
Error - 12/4/2010 8:27:21 AM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3951,
 Zeitstempel: 0x4cc7ae16  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0xf38  Startzeit der fehlerhaften Anwendung: 0x01cb93ab8eaf0e23  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 d6e7d6f3-ffa1-11df-a174-78e7d1d99740
 
Error - 12/4/2010 8:57:12 AM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aebab8d  Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7600.16644,
 Zeitstempel: 0x4c4ef25d  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000002884f2
ID
 des fehlerhaften Prozesses: 0x604  Startzeit der fehlerhaften Anwendung: 0x01cb93ab5fbb8bce
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\SHELL32.dll  Berichtskennung: 0249f460-ffa6-11df-a174-78e7d1d99740
 
Error - 12/5/2010 11:40:55 AM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3951,
 Zeitstempel: 0x4cc7ae16  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0xf40  Startzeit der fehlerhaften Anwendung: 0x01cb94914558bff3  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 0bb864f3-0086-11e0-9db9-78e7d1d99740
 
Error - 12/6/2010 1:46:29 PM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3951,
 Zeitstempel: 0x4cc7ae16  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0xe48  Startzeit der fehlerhaften Anwendung: 0x01cb95682bcb661d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 c0c05855-0160-11e0-9def-78e7d1d99740
 
[ System Events ]
Error - 10/27/2010 12:59:43 AM | Computer Name = Ngo-HP | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
 nicht richtig heruntergefahren werden.
 
Error - 11/11/2010 12:00:45 PM | Computer Name = Ngo-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 11/15/2010 5:42:00 PM | Computer Name = Ngo-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 11/15/2010 5:45:11 PM | Computer Name = Ngo-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 11/15/2010 5:45:57 PM | Computer Name = Ngo-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 11/15/2010 8:13:00 PM | Computer Name = Ngo-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 11/15/2010 8:13:10 PM | Computer Name = Ngo-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 11/18/2010 3:41:21 PM | Computer Name = Ngo-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Volumeschattenkopie erreicht.
 
Error - 11/18/2010 3:41:21 PM | Computer Name = Ngo-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Volumeschattenkopie" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 11/18/2010 3:41:31 PM | Computer Name = Ngo-HP | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         

Alt 14.12.2010, 11:20   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java Agents /Exploits - Standard

Java Agents /Exploits



Wieso doppelt??

http://www.trojaner-board.de/93694-m...steuerung.html
__________________

__________________

Alt 14.12.2010, 15:20   #3
caspieler
 
Java Agents /Exploits - Standard

Java Agents /Exploits



ich hab gedacht die beschreibung wär nicht passend genug.
und ich wusste nicht wie man threads löscht.
versuche ihn nun zu schließen
entschuldigung deswegen
__________________

 

Themen zu Java Agents /Exploits
64-bit, 7-zip, adblock, adobe, antivir, autorun, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, computer, converter, defender, desktop, error, firefox, firefox.exe, flash player, home, home premium, ieframe.dll, install.exe, java agent, java exploit, location, logfile, mozilla, mp3, oldtimer, otl.exe, plug-in, programdata, realtek, registry, rundll, saver, scan, sched.exe, searchplugins, security, shell32.dll, shortcut, software, spyware, system, syswow64, webcheck, windows



Ähnliche Themen: Java Agents /Exploits


  1. Avira : ADWARE/ShareW.Gen und div. Java-Viren/ -Exploits
    Log-Analyse und Auswertung - 23.06.2014 (15)
  2. Erkennungsmuster des Exploits EXP/Java.HLP.GJ
    Log-Analyse und Auswertung - 25.10.2013 (3)
  3. Exploits EXP/JAVA.Edilage.Gen gefunden!
    Log-Analyse und Auswertung - 05.09.2013 (11)
  4. Exploits, java Viren, Trojaner gefunden.
    Log-Analyse und Auswertung - 03.03.2013 (11)
  5. Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WW
    Log-Analyse und Auswertung - 21.02.2013 (19)
  6. Exploits EXP/JAVA.Ivinest.Gen und EXP/CVE-2012-1723
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (17)
  7. Trojaner, Java Viren und Exploits - in Form von z.B. Rogue.KD, Kalika.E, Agent.MT verschiedene Exploits :(
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (9)
  8. Befall mit Exploits Java.Expkit.B, C und E und Virus JAVA/Blacole.GD , vermutlich durch searchnu Toolbar
    Log-Analyse und Auswertung - 22.12.2012 (26)
  9. AVSCAN hat mehrere Java-Viren JAVA/Agent.M* und Exploits EXP/CVE-2011-3544 gefunden
    Log-Analyse und Auswertung - 15.10.2012 (24)
  10. Java Exploits von Avira gemeldet, OTL Logfiles
    Log-Analyse und Auswertung - 19.04.2012 (5)
  11. GEMA-Trojaner, Java-Exploits, BDS/Sinowal.bogyo, etc. auf PC
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (21)
  12. Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (18)
  13. Exploits EXP/Java.Dldr.A wurde gefunden...
    Log-Analyse und Auswertung - 15.11.2011 (1)
  14. Mehrer Trojaner und Java Exploits gefunden
    Plagegeister aller Art und deren Bekämpfung - 06.02.2011 (9)
  15. Java-Virus JAVA/Agent.BH und Exploits EXP/Pidief.3582
    Log-Analyse und Auswertung - 27.01.2011 (1)
  16. TR/Agents, Java-Script-Viren und Malware --- HILFE!
    Log-Analyse und Auswertung - 01.02.2009 (0)
  17. TR/Agents, Java-Script-Viren und Malware
    Plagegeister aller Art und deren Bekämpfung - 31.01.2009 (0)

Zum Thema Java Agents /Exploits - Hallo, nach einem Suchlauf hat mein Antivir folgende Spyware auf dem Computer gefunden. Wie werde ich sie los ohne mein System zu formatieren? Java/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-27646895 JAVA/Agent.DU in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-27646895' EXP/Java.2009-3867 - Java Agents /Exploits...
Archiv
Du betrachtest: Java Agents /Exploits auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.