Zurück   Trojaner-Board > Malware entfernen > Diskussionsforum

Diskussionsforum: Bitcoin und Combofix

Windows 7 Hier sind ausschließlich fachspezifische Diskussionen erwünscht. Bitte keine Log-Files, Hilferufe oder ähnliches posten. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Bereinigungen von nicht ausgebildeten Usern sind hier untersagt. Wenn du dir einen Virus doer Trojaner eingefangen hast, eröffne ein Thema in den Bereinigungsforen oben.

Antwort
Alt 02.03.2012, 06:02   #1
Lord_Yu
 
Bitcoin und Combofix - Standard

Bitcoin und Combofix



Hallo,

ich hatte in letzter Zeit Probleme mit einem Virus/Trojaner. Atras2/Atraps2 oder so ähnlich hieß der. Hatte hier im Forum gelesen, dass man den mit Combofix killen könnte.

(Antivir beenden ging irgendwie nicht)


Zitat:
ComboFix 12-03-01.02 - Ozymandias 02.03.2012 5:50.1.6 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1033.18.8188.5979 [GMT 1:00]
ausgeführt von:: c:\users\Ozymandias\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\faCEmoodstlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\auth.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\burnlib.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\dsp_sps.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\enc_aacplus.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\enc_flac.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\enc_lame.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\enc_vorbis.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\enc_wav.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\enc_wma.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_classicart.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_crasher.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_ff.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_find_on_disk.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_hotkeys.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_jumpex.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_ml.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_nopro.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_orgler.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_skinmanager.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_timerestore.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_tray.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_undo.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_avi.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_cdda.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_dshow.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_flac.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_flv.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_linein.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_midi.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_mkv.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_mod.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_mp3.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_mp4.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_nsv.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_swf.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_vorbis.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_wav.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_wave.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_wm.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_wv.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_addons.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_autotag.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_bookmarks.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_devices.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_disc.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_downloads.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_enqplay.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_history.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_impex.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_local.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_nowplaying.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_online.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_orb.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_playlists.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_plg.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_pmp.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_rg.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_transcode.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_wire.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ombrowser.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\out_disk.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\out_ds.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\out_wave.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\playlist.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_activesync.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_android.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_ipod.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_njb.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_p4s.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_usb.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_wifi.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\tagz.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\vis_avs.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\vis_milk2.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\vis_nsfs.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\winamp.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\winampa.lng
c:\users\Ozymandias\002.jpg
c:\users\Ozymandias\113.jpg

c:\users\Ozymandias\AppData\Local\546936c0
c:\users\Ozymandias\AppData\Local\546936c0\@
c:\users\Ozymandias\AppData\Local\546936c0\loader.tlb
c:\users\Ozymandias\AppData\Local\546936c0\U\800000cb.@
c:\users\Ozymandias\AppData\Local\546936c0\X
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3621474A-F26F-4AD3-A681-22F4BAD61C09}.xps
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{46EF2DD5-AE74-4397-87B4-9030051857CD}.xps
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{648A320F-8851-49CE-94FF-2547B1639BE7}.xps
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{721CF1F9-B930-475C-BC69-9FCF1B45ADCD}.xps
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{74E4196E-DAFC-4268-A0EF-660EEAD395A7}.xps
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7C5EF362-7CAD-4982-B325-6DC3188D29B8}.xps
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{96CC6B1E-8408-49D7-84CE-DB7A86B36423}.xps
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\auth.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\burnlib.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\dsp_sps.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\enc_aacplus.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\enc_flac.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\enc_lame.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\enc_vorbis.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\enc_wav.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\enc_wma.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_classicart.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_crasher.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_ff.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_find_on_disk.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_hotkeys.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_jumpex.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_ml.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_nopro.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_orgler.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_skinmanager.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_timerestore.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_tray.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_undo.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_avi.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_cdda.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_dshow.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_flac.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_flv.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_linein.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_midi.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_mkv.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_mod.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_mp3.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_mp4.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_nsv.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_swf.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_vorbis.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_wav.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_wave.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_wm.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_wv.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_addons.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_autotag.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_bookmarks.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_devices.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_disc.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_downloads.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_enqplay.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_history.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_impex.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_local.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_nowplaying.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_online.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_orb.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_playlists.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_plg.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_pmp.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_rg.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_transcode.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_wire.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ombrowser.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\out_disk.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\out_ds.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\out_wave.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\playlist.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_activesync.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_android.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_ipod.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_njb.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_p4s.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_usb.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_wifi.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\tagz.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\vis_avs.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\vis_milk2.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\vis_nsfs.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\winamp.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\winampa.lng
c:\users\Ozymandias\AppData\Roaming\Bitcoin
c:\users\Ozymandias\AppData\Roaming\Bitcoin\.lock
c:\users\Ozymandias\AppData\Roaming\Bitcoin\__db.001
c:\users\Ozymandias\AppData\Roaming\Bitcoin\__db.002
c:\users\Ozymandias\AppData\Roaming\Bitcoin\__db.003
c:\users\Ozymandias\AppData\Roaming\Bitcoin\__db.004
c:\users\Ozymandias\AppData\Roaming\Bitcoin\__db.005
c:\users\Ozymandias\AppData\Roaming\Bitcoin\__db.006
c:\users\Ozymandias\AppData\Roaming\Bitcoin\addr.dat
c:\users\Ozymandias\AppData\Roaming\Bitcoin\bitcoin.conf
c:\users\Ozymandias\AppData\Roaming\Bitcoin\blk0001.dat
c:\users\Ozymandias\AppData\Roaming\Bitcoin\blkindex.dat
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000333
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000334
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000335
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000336
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000337
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000338
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000339
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000340
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000341
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000342
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000343
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000344
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000345
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000346
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000347
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000348
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000349
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000350
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000351
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000352
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000353
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000354
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000355
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000356
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000357
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000358
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000359
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000360
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000361
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000362
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000363
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000364
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000365
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000366
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000367
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000368
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000369
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000370
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000371
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000372
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000373
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000374
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000375
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000376
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000377
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000378
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000379
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000380
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000381
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000382
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000383
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000384
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000385
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000386
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000387
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000388
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000389
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000390
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000391
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000392
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000393
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000394
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000395
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000396
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000397
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000398
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000399
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000400
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000401
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000402
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000403
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000404
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000405
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000406
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000407
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000408
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000409
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000410
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000411
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000412
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000413
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000414
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000415
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000416
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000417
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000418
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000419
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000420
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000421
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000422
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000423
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000424
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000425
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000426
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000427
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000428
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000429
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000430
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000431
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000432
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000433
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000434
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000435
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000436
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000437
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000438
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000439
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000440
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000441
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000442
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000443
c:\users\Ozymandias\AppData\Roaming\Bitcoin\db.log
c:\users\Ozymandias\AppData\Roaming\Bitcoin\debug.log
c:\users\Ozymandias\AppData\Roaming\Bitcoin\wallet.dat
c:\users\Ozymandias\Imma WS11-12 .pdf

c:\windows\assembly\tmp\U
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-02 bis 2012-03-02 ))))))))))))))))))))))))))))))
.
.
2012-03-02 04:57 . 2012-03-02 04:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-02 04:32 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-03-02 04:32 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-03-02 04:32 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-03-02 04:32 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-02 04:32 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-02 04:32 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-02 04:26 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-02 04:26 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-03-02 04:25 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-03-02 04:25 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-03-02 04:16 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-02 04:16 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-27 05:03 . 2012-02-27 05:03 -------- d-----w- c:\windows\system32\Macromed
2012-02-23 14:09 . 2012-02-23 14:17 -------- d-----w- c:\users\Ozymandias\AppData\Roaming\Mobipocket
2012-02-23 14:08 . 2012-02-23 14:08 -------- d-----w- c:\program files (x86)\Mobipocket.com
2012-02-03 12:54 . 2012-02-03 12:54 -------- d-----w- c:\users\Ozymandias\AppData\Roaming\.silc
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-22 05:41 . 2012-01-22 05:41 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ff88a983-649d-4207-9336-9b999280b436}"= "c:\program files (x86)\SFT_de3\prxtbSFT_.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ff88a983-649d-4207-9336-9b999280b436}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ff88a983-649d-4207-9336-9b999280b436}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\SFT_de3\prxtbSFT_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ff88a983-649d-4207-9336-9b999280b436}"= "c:\program files (x86)\SFT_de3\prxtbSFT_.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ff88a983-649d-4207-9336-9b999280b436}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="c:\program files (x86)\QIP Infium\infium.exe" [2011-05-11 6848384]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
.
c:\users\Ozymandias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bitcoin.lnk - c:\program files (x86)\Bitcoin\bitcoin.exe [N/A]
Dropbox.lnk - c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-05-25 136616]
R3 GPU-Z;GPU-Z;c:\users\OZYMAN~1\AppData\Local\Temp\GPU-Z.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\Razerlow.sys [x]
R3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2011-03-02 224256]
S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-05-18 62184]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AODDriver4.01;AODDriver4.01;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-05-25 55424]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024760405-3643043278-2720284224-1000Core.job
- c:\users\Ozymandias\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 22:19]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024760405-3643043278-2720284224-1000UA.job
- c:\users\Ozymandias\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 22:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2011-04-26 6704304]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2011-04-26 71344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:4444
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ozymandias\AppData\Roaming\Mozilla\Firefox\Profiles\2mwr55xj.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 4444
FF - prefs.js: network.proxy.type - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\05\18\0a\06\0e,"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Winamp\winamp.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-02 06:17:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-02 05:17
.
Vor Suchlauf: 20.767.662.080 bytes free
Nach Suchlauf: 23.000.485.888 bytes free
.
- - End Of File - - 0460ADBF655E2E4944B9BEA7FDC02032
Warum hat Combofix die 2 Bilder gelöscht, meine alte Immatrikulationsbescheinigung (die PDF) und meine Bitcoin-Geldbörse. Zum Glück war nicht viel drin.

Ist das normal, dass Combofix einfach so solche Dateien ohne Fragen löscht?

Naja, ich war etwas naiv und engstirnig, aber vielleicht hilft der Thread ja jemanden.

Alt 02.03.2012, 06:15   #2
Lord_Yu
 
Bitcoin und Combofix - Standard

Bitcoin und Combofix



Edit: Hab herausgefunden wo Combofix meine Daten in die Quarantäne gesteckt hat.
__________________


Alt 02.03.2012, 06:45   #3
Psychotic
/// Malwareteam
 
Bitcoin und Combofix - Standard

Bitcoin und Combofix



WARUM CF dir diese Dateien gelöscht hat, ist einfach:

Weil es aufgrund seiner Suchroutinen der Meinung war, dass sie deinem Rechner gefährlich sein könnten.
So etwas kann bei einem mächtigen Tool wie Combofix vorkommen.

Deshalb bedarf der Einsatz von ComboFix grundsätzlich immer einer vorhergehenden Analyse/Bewertung durch eine Fachperson.

Nicht umsonst gibt es diesen Warnhinweis!

Noch einmal: CF ist kein Spielzeug und auch nicht dafür gedacht, ohne weiteres eingesetzt zu werden!


Außerdem ist damit noch lange nicht gesagt, dass dein System auch sauber ist. In deinem Fall lassen sich nämlich noch Anzeichen erkennen, die das Gegenteil vermuten lassen.

Code:
ATTFilter
c:\windows\assembly\tmp\U
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 4444
FF - prefs.js: network.proxy.type - 4
         
Um Abhilfe zu schaffen, eröffne hier einen Thread. Beachte jedoch die Infos Für alle Hilfesuchenden!
__________________
__________________

Geändert von Psychotic (02.03.2012 um 06:58 Uhr)

Antwort

Themen zu Bitcoin und Combofix
acrobat update, adobe, antivir, avg, avgnt, avira, bitcoin, combofix, dateien, defender, desktop, downloader, excel, explorer, firefox, frage, helper, internet, internet explorer, mozilla, neu, prozesse, security, software, sound, system, temp, windows



Ähnliche Themen: Bitcoin und Combofix


  1. l+f: Bitcoin-App Blockchain generierte Gemeinschaftskonto
    Nachrichten - 02.06.2015 (0)
  2. Untergang der Bitcoin-Börse Mt. Gox: Ermittlungen deuten auf Insider-Tat
    Nachrichten - 02.01.2015 (0)
  3. Bitcoin Miner c:\windows\logs\logonui.exe
    Plagegeister aller Art und deren Bekämpfung - 20.11.2014 (8)
  4. Bitcoin-Dienstleister wider die 51-Prozent-Bedrohung
    Nachrichten - 17.07.2014 (0)
  5. Bitcoin: Erstmals gefährliche Konzentration der Mining-Leistung
    Nachrichten - 16.06.2014 (0)
  6. Virenscanner warnt vor Bitcoin-Blockchain
    Nachrichten - 17.05.2014 (0)
  7. Synology-NAS-Geräte als Bitcoin-Miner missbraucht
    Nachrichten - 14.02.2014 (0)
  8. Ich bin Opfer eines Bitcoin Mining-Netzes
    Plagegeister aller Art und deren Bekämpfung - 15.12.2013 (5)
  9. Bitcoin-Dienste: Hackerangriffe, Betrug und Millionenverluste
    Nachrichten - 13.11.2013 (0)
  10. Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner
    Log-Analyse und Auswertung - 10.11.2013 (11)
  11. Bitcoin: Diebstahl bei Bitcoin-Central und Ozcoin
    Nachrichten - 25.04.2013 (0)
  12. Bitcoin trotz Hackerattacken auf nächstem Rekordhoch
    Nachrichten - 08.04.2013 (0)
  13. Bitcoin-Börse Mt. Gox unter DDoS-Feuer
    Nachrichten - 04.04.2013 (0)
  14. Erhöhtes Hacker-Risiko bei Bitcoin Brainwallets
    Nachrichten - 28.03.2013 (0)
  15. Kontosperre durch Bitcoin-Lücke
    Nachrichten - 18.05.2012 (0)
  16. Bitcoin-Börse Bitcoinica ausgeraubt
    Nachrichten - 14.05.2012 (0)
  17. Bitcoin-Tauschbörse nach Angriff geschlossen
    Nachrichten - 20.06.2011 (0)

Zum Thema Bitcoin und Combofix - Hallo, ich hatte in letzter Zeit Probleme mit einem Virus/Trojaner. Atras2/Atraps2 oder so ähnlich hieß der. Hatte hier im Forum gelesen, dass man den mit Combofix killen könnte. (Antivir beenden - Bitcoin und Combofix...
Archiv
Du betrachtest: Bitcoin und Combofix auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.