Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne

Mülltonne: Java Agents /Exploits

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 13.12.2010, 16:12   #1
caspieler
 
Java Agents /Exploits - Standard

Java Agents /Exploits



Hallo,
nach einem Suchlauf hat mein Antivir folgende Spyware auf dem Computer gefunden. Wie werde ich sie los ohne mein System zu formatieren?

Java/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-27646895



JAVA/Agent.DU in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-27646895'


EXP/Java.2009-3867 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\3e36666f-5493f87c'
EXP/Java.2009-3867'

hier ist der OTL-Text
Code:
ATTFilter
OTL logfile created on: 12/13/2010 4:06:34 PM - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Ngo\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.07 Gb Total Space | 874.42 Gb Free Space | 95.14% Space Free | Partition Type: NTFS
Drive D: | 12.35 Gb Total Space | 1.51 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
 
Computer Name: NGO-HP | User Name: Ngo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ngo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Ngo\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\ezSharedSvcHost.exe File not found
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (VX3000) -- C:\Windows\SysNative\drivers\VX3000.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/12 19:06:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/12 19:06:07 | 000,000,000 | ---D | M]
 
[2010/09/11 15:09:53 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\mozilla\Extensions
[2010/12/13 15:55:33 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\mozilla\Firefox\Profiles\yjysjok6.default\extensions
[2010/09/19 18:05:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ngo\AppData\Roaming\mozilla\Firefox\Profiles\yjysjok6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/11 16:44:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/11 16:44:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/11 16:44:37 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/11 16:17:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/10/22 18:04:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/10/22 18:04:51 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/10/22 18:04:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/10/22 18:04:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/10/22 18:04:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ngo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ngo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/12/12 19:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2010/12/12 14:46:10 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/12/12 14:46:10 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/12/12 14:46:10 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/12/12 14:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/12/07 17:34:07 | 000,143,872 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iacenc.dll
[2010/12/03 20:03:15 | 000,000,000 | ---D | C] -- C:\Users\Ngo\Documents\Tunngle
[2010/12/03 20:03:12 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys
[2010/12/03 20:03:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle
[2010/11/27 20:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2010/11/19 16:54:47 | 000,000,000 | ---D | C] -- C:\Users\Ngo\Documents\Cross Fire
[2010/11/16 19:09:51 | 000,000,000 | ---D | C] -- C:\Users\Ngo\AppData\Roaming\Canneverbe Limited
[2010/11/16 19:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2010/11/16 19:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
 
========== Files - Modified Within 30 Days ==========
 
[2010/12/13 15:49:21 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/13 15:49:21 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/13 15:46:08 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/13 15:46:08 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010/12/13 15:46:08 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/13 15:46:08 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010/12/13 15:46:08 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/13 15:41:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/13 15:41:46 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/12 19:27:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2010/12/12 18:59:30 | 000,007,605 | ---- | M] () -- C:\Users\Ngo\AppData\Local\Resmon.ResmonCfg
[2010/12/12 14:46:06 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010/12/12 14:46:06 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/12/12 14:46:06 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/12/12 14:46:06 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/12/12 12:14:38 | 000,107,815 | ---- | M] () -- C:\Users\Ngo\Desktop\800px-New-Map-Francophone_World.PNG
[2010/12/07 20:15:29 | 000,361,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/06 18:46:28 | 000,061,151 | ---- | M] () -- C:\Users\Ngo\Documents\44B02FF3d01.pdf
[2010/11/28 13:30:15 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/11/27 20:18:27 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\Age of Mythology.lnk
[2010/11/15 17:25:54 | 001,960,452 | ---- | M] () -- C:\Users\Ngo\Documents\deutschblatt.jpg
 
========== Files Created - No Company Name ==========
 
[2010/12/12 18:59:30 | 000,007,605 | ---- | C] () -- C:\Users\Ngo\AppData\Local\Resmon.ResmonCfg
[2010/12/12 12:14:38 | 000,107,815 | ---- | C] () -- C:\Users\Ngo\Desktop\800px-New-Map-Francophone_World.PNG
[2010/12/07 17:34:07 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2010/12/06 18:46:42 | 000,061,151 | ---- | C] () -- C:\Users\Ngo\Documents\44B02FF3d01.pdf
[2010/11/27 20:18:27 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\Age of Mythology.lnk
[2010/11/15 17:24:44 | 001,960,452 | ---- | C] () -- C:\Users\Ngo\Documents\deutschblatt.jpg
[2010/09/11 16:33:04 | 000,000,284 | ---- | C] () -- C:\Users\Ngo\AppData\Roaming\wklnhst.dat
[2010/05/20 14:26:30 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2010/02/10 02:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
========== LOP Check ==========
 
[2010/11/16 19:09:51 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\Canneverbe Limited
[2010/11/10 17:01:12 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\Canon
[2010/10/16 11:40:48 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/09/11 16:18:19 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\Foxit Software
[2010/12/12 19:06:06 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\Mp3tag
[2010/09/11 17:00:08 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\OpenOffice.org
[2010/11/10 17:31:59 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\PhotoScape
[2010/10/22 18:05:55 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\springlobby
[2010/10/22 18:05:44 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\springsettings
[2010/09/11 16:33:20 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\Template
[2010/12/12 19:06:06 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\Tunngle
[2010/09/11 16:28:11 | 000,000,000 | ---D | M] -- C:\Users\Ngo\AppData\Roaming\_MDLogs
[2010/10/31 10:05:57 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2010/12/05 18:27:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Und der Extra-text:
Code:
ATTFilter
OTL Extras logfile created on: 12/13/2010 4:06:34 PM - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Ngo\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.07 Gb Total Space | 874.42 Gb Free Space | 95.14% Space Free | Partition Type: NTFS
Drive D: | 12.35 Gb Total Space | 1.51 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
 
Computer Name: NGO-HP | User Name: Ngo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5C7FD70-2C0A-401E-95E9-916363567DDA}" = HP Setup
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Age of Mythology 1.0" = Age of Mythology
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"Combat Arms EU" = Combat Arms EU
"Cross Fire_is1" = Cross Fire En
"DivX Setup.divx.com" = DivX-Setup
"Foxit Reader" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Mp3tag" = Mp3tag v2.46a
"MusicStationNetstaller" = MusicStation
"PhotoScape" = PhotoScape
"PokerStars.net" = PokerStars.net
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Messenger" = Yahoo! Messenger
"Yenka" = Yenka
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11/21/2010 12:44:01 PM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Engine.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cca188f  Name des fehlerhaften Moduls: cshell.dll, Version: 0.0.0.0, Zeitstempel:
 0x4cca1a60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x003b6643  ID des fehlerhaften Prozesses:
 0xfa0  Startzeit der fehlerhaften Anwendung: 0x01cb89992b89f466  Pfad der fehlerhaften
 Anwendung: C:\Nexon\Combat Arms EU\Engine.exe  Pfad des fehlerhaften Moduls: C:\Nexon\Combat
 Arms EU\Game\cshell.dll  Berichtskennung: 8a96e18f-f58e-11df-a0bf-78e7d1d99740
 
Error - 11/21/2010 1:24:41 PM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Engine.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cca188f  Name des fehlerhaften Moduls: cshell.dll, Version: 0.0.0.0, Zeitstempel:
 0x4cca1a60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x003b6643  ID des fehlerhaften Prozesses:
 0xc9c  Startzeit der fehlerhaften Anwendung: 0x01cb899f127ace21  Pfad der fehlerhaften
 Anwendung: C:\Nexon\Combat Arms EU\Engine.exe  Pfad des fehlerhaften Moduls: C:\Nexon\Combat
 Arms EU\Game\cshell.dll  Berichtskennung: 38e838e3-f594-11df-b846-78e7d1d99740
 
Error - 11/22/2010 2:54:02 PM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Engine.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cca188f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0a4c0000  ID des fehlerhaften Prozesses:
 0xd4c  Startzeit der fehlerhaften Anwendung: 0x01cb8a74b8c17e6e  Pfad der fehlerhaften
 Anwendung: C:\Nexon\Combat Arms EU\Engine.exe  Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
 debb507b-f669-11df-b568-78e7d1d99740
 
Error - 11/24/2010 2:42:21 PM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3951,
 Zeitstempel: 0x4cc7ae16  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0xcf0  Startzeit der fehlerhaften Anwendung: 0x01cb8c073d3bfec7  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 91a71697-f7fa-11df-abc0-78e7d1d99740
 
Error - 11/26/2010 2:49:22 PM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3951,
 Zeitstempel: 0x4cc7ae16  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0x390  Startzeit der fehlerhaften Anwendung: 0x01cb8d97a7b1b635  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 e196d683-f98d-11df-b39b-78e7d1d99740
 
Error - 12/3/2010 11:32:20 AM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Engine.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ce4e419  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0a5b0000  ID des fehlerhaften Prozesses:
 0xb98  Startzeit der fehlerhaften Anwendung: 0x01cb92f9ae13d88f  Pfad der fehlerhaften
 Anwendung: C:\Nexon\Combat Arms EU\Engine.exe  Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
 8418ea42-fef2-11df-9e1b-78e7d1d99740
 
Error - 12/4/2010 8:27:21 AM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3951,
 Zeitstempel: 0x4cc7ae16  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0xf38  Startzeit der fehlerhaften Anwendung: 0x01cb93ab8eaf0e23  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 d6e7d6f3-ffa1-11df-a174-78e7d1d99740
 
Error - 12/4/2010 8:57:12 AM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aebab8d  Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7600.16644,
 Zeitstempel: 0x4c4ef25d  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000002884f2
ID
 des fehlerhaften Prozesses: 0x604  Startzeit der fehlerhaften Anwendung: 0x01cb93ab5fbb8bce
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\SHELL32.dll  Berichtskennung: 0249f460-ffa6-11df-a174-78e7d1d99740
 
Error - 12/5/2010 11:40:55 AM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3951,
 Zeitstempel: 0x4cc7ae16  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0xf40  Startzeit der fehlerhaften Anwendung: 0x01cb94914558bff3  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 0bb864f3-0086-11e0-9db9-78e7d1d99740
 
Error - 12/6/2010 1:46:29 PM | Computer Name = Ngo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3951,
 Zeitstempel: 0x4cc7ae16  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0xe48  Startzeit der fehlerhaften Anwendung: 0x01cb95682bcb661d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 c0c05855-0160-11e0-9def-78e7d1d99740
 
[ System Events ]
Error - 10/27/2010 12:59:43 AM | Computer Name = Ngo-HP | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
 nicht richtig heruntergefahren werden.
 
Error - 11/11/2010 12:00:45 PM | Computer Name = Ngo-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 11/15/2010 5:42:00 PM | Computer Name = Ngo-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 11/15/2010 5:45:11 PM | Computer Name = Ngo-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 11/15/2010 5:45:57 PM | Computer Name = Ngo-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 11/15/2010 8:13:00 PM | Computer Name = Ngo-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 11/15/2010 8:13:10 PM | Computer Name = Ngo-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 11/18/2010 3:41:21 PM | Computer Name = Ngo-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Volumeschattenkopie erreicht.
 
Error - 11/18/2010 3:41:21 PM | Computer Name = Ngo-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Volumeschattenkopie" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 11/18/2010 3:41:31 PM | Computer Name = Ngo-HP | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         

Alt 14.12.2010, 11:20   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java Agents /Exploits - Standard

Java Agents /Exploits



Wieso doppelt??

http://www.trojaner-board.de/93694-m...steuerung.html
__________________

__________________

Alt 14.12.2010, 15:20   #3
caspieler
 
Java Agents /Exploits - Standard

Java Agents /Exploits



ich hab gedacht die beschreibung wär nicht passend genug.
und ich wusste nicht wie man threads löscht.
versuche ihn nun zu schließen
entschuldigung deswegen
__________________

 

Themen zu Java Agents /Exploits
64-bit, 7-zip, adblock, adobe, antivir, autorun, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, computer, converter, defender, desktop, error, firefox, firefox.exe, flash player, home, home premium, ieframe.dll, install.exe, java agent, java exploit, location, logfile, mozilla, mp3, oldtimer, otl.exe, programdata, realtek, registry, rundll, saver, scan, sched.exe, searchplugins, security, shell32.dll, shortcut, software, spyware, system, syswow64, webcheck, windows



Ähnliche Themen: Java Agents /Exploits


  1. Avira : ADWARE/ShareW.Gen und div. Java-Viren/ -Exploits
    Log-Analyse und Auswertung - 23.06.2014 (15)
  2. Erkennungsmuster des Exploits EXP/Java.HLP.GJ
    Log-Analyse und Auswertung - 25.10.2013 (3)
  3. Exploits EXP/JAVA.Edilage.Gen gefunden!
    Log-Analyse und Auswertung - 05.09.2013 (11)
  4. Exploits, java Viren, Trojaner gefunden.
    Log-Analyse und Auswertung - 03.03.2013 (11)
  5. Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WW
    Log-Analyse und Auswertung - 21.02.2013 (19)
  6. Exploits EXP/JAVA.Ivinest.Gen und EXP/CVE-2012-1723
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (17)
  7. Trojaner, Java Viren und Exploits - in Form von z.B. Rogue.KD, Kalika.E, Agent.MT verschiedene Exploits :(
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (9)
  8. Befall mit Exploits Java.Expkit.B, C und E und Virus JAVA/Blacole.GD , vermutlich durch searchnu Toolbar
    Log-Analyse und Auswertung - 22.12.2012 (26)
  9. AVSCAN hat mehrere Java-Viren JAVA/Agent.M* und Exploits EXP/CVE-2011-3544 gefunden
    Log-Analyse und Auswertung - 15.10.2012 (24)
  10. Java Exploits von Avira gemeldet, OTL Logfiles
    Log-Analyse und Auswertung - 19.04.2012 (5)
  11. GEMA-Trojaner, Java-Exploits, BDS/Sinowal.bogyo, etc. auf PC
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (21)
  12. Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (18)
  13. Exploits EXP/Java.Dldr.A wurde gefunden...
    Log-Analyse und Auswertung - 15.11.2011 (1)
  14. Mehrer Trojaner und Java Exploits gefunden
    Plagegeister aller Art und deren Bekämpfung - 06.02.2011 (9)
  15. Java-Virus JAVA/Agent.BH und Exploits EXP/Pidief.3582
    Log-Analyse und Auswertung - 27.01.2011 (1)
  16. TR/Agents, Java-Script-Viren und Malware --- HILFE!
    Log-Analyse und Auswertung - 01.02.2009 (0)
  17. TR/Agents, Java-Script-Viren und Malware
    Plagegeister aller Art und deren Bekämpfung - 31.01.2009 (0)

Zum Thema Java Agents /Exploits - Hallo, nach einem Suchlauf hat mein Antivir folgende Spyware auf dem Computer gefunden. Wie werde ich sie los ohne mein System zu formatieren? Java/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-27646895 JAVA/Agent.DU in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-27646895' EXP/Java.2009-3867 - Java Agents /Exploits...
Archiv
Du betrachtest: Java Agents /Exploits auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.