Zurück   Trojaner-Board > Malware entfernen > Diskussionsforum
Bitcoin und Combofix

Bitcoin und Combofix


Diskussionsforum: Bitcoin und Combofix

Windows 7 Hier sind ausschließlich fachspezifische Diskussionen erwünscht. Bitte keine Log-Files, Hilferufe oder ähnliches posten. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Bereinigungen von nicht ausgebildeten Usern sind hier untersagt. Wenn du dir einen Virus doer Trojaner eingefangen hast, eröffne ein Thema in den Bereinigungsforen oben.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 02.03.2012, 07:02   #1
Lord_Yu
 
Bitcoin und Combofix - Standard

Bitcoin und Combofix


Hallo,

ich hatte in letzter Zeit Probleme mit einem Virus/Trojaner. Atras2/Atraps2 oder so ähnlich hieß der. Hatte hier im Forum gelesen, dass man den mit Combofix killen könnte.

(Antivir beenden ging irgendwie nicht)


Zitat:
ComboFix 12-03-01.02 - Ozymandias 02.03.2012 5:50.1.6 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1033.18.8188.5979 [GMT 1:00]
ausgeführt von:: c:\users\Ozymandias\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\faCEmoodstlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\auth.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\burnlib.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\dsp_sps.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\enc_aacplus.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\enc_flac.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\enc_lame.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\enc_vorbis.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\enc_wav.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\enc_wma.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_classicart.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_crasher.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_ff.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_find_on_disk.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_hotkeys.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_jumpex.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_ml.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_nopro.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_orgler.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_skinmanager.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_timerestore.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_tray.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_undo.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_avi.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_cdda.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_dshow.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_flac.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_flv.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_linein.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_midi.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_mkv.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_mod.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_mp3.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_mp4.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_nsv.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_swf.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_vorbis.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_wav.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_wave.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_wm.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_wv.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_addons.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_autotag.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_bookmarks.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_devices.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_disc.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_downloads.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_enqplay.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_history.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_impex.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_local.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_nowplaying.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_online.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_orb.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_playlists.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_plg.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_pmp.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_rg.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_transcode.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_wire.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ombrowser.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\out_disk.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\out_ds.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\out_wave.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\playlist.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_activesync.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_android.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_ipod.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_njb.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_p4s.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_usb.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_wifi.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\tagz.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\vis_avs.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\vis_milk2.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\vis_nsfs.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\winamp.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\winampa.lng
c:\users\Ozymandias\002.jpg
c:\users\Ozymandias\113.jpg
c:\users\Ozymandias\AppData\Local\546936c0
c:\users\Ozymandias\AppData\Local\546936c0\@
c:\users\Ozymandias\AppData\Local\546936c0\loader.tlb
c:\users\Ozymandias\AppData\Local\546936c0\U\800000cb.@
c:\users\Ozymandias\AppData\Local\546936c0\X
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3621474A-F26F-4AD3-A681-22F4BAD61C09}.xps
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{46EF2DD5-AE74-4397-87B4-9030051857CD}.xps
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{648A320F-8851-49CE-94FF-2547B1639BE7}.xps
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{721CF1F9-B930-475C-BC69-9FCF1B45ADCD}.xps
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{74E4196E-DAFC-4268-A0EF-660EEAD395A7}.xps
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7C5EF362-7CAD-4982-B325-6DC3188D29B8}.xps
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{96CC6B1E-8408-49D7-84CE-DB7A86B36423}.xps
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\auth.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\burnlib.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\dsp_sps.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\enc_aacplus.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\enc_flac.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\enc_lame.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\enc_vorbis.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\enc_wav.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\enc_wma.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_classicart.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_crasher.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_ff.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_find_on_disk.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_hotkeys.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_jumpex.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_ml.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_nopro.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_orgler.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_skinmanager.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_timerestore.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_tray.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_undo.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_avi.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_cdda.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_dshow.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_flac.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_flv.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_linein.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_midi.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_mkv.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_mod.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_mp3.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_mp4.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_nsv.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_swf.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_vorbis.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_wav.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_wave.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_wm.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_wv.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_addons.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_autotag.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_bookmarks.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_devices.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_disc.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_downloads.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_enqplay.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_history.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_impex.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_local.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_nowplaying.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_online.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_orb.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_playlists.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_plg.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_pmp.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_rg.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_transcode.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_wire.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ombrowser.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\out_disk.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\out_ds.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\out_wave.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\playlist.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_activesync.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_android.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_ipod.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_njb.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_p4s.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_usb.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_wifi.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\tagz.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\vis_avs.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\vis_milk2.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\vis_nsfs.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\winamp.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\winampa.lng
c:\users\Ozymandias\AppData\Roaming\Bitcoin
c:\users\Ozymandias\AppData\Roaming\Bitcoin\.lock
c:\users\Ozymandias\AppData\Roaming\Bitcoin\__db.001
c:\users\Ozymandias\AppData\Roaming\Bitcoin\__db.002
c:\users\Ozymandias\AppData\Roaming\Bitcoin\__db.003
c:\users\Ozymandias\AppData\Roaming\Bitcoin\__db.004
c:\users\Ozymandias\AppData\Roaming\Bitcoin\__db.005
c:\users\Ozymandias\AppData\Roaming\Bitcoin\__db.006
c:\users\Ozymandias\AppData\Roaming\Bitcoin\addr.dat
c:\users\Ozymandias\AppData\Roaming\Bitcoin\bitcoin.conf
c:\users\Ozymandias\AppData\Roaming\Bitcoin\blk0001.dat
c:\users\Ozymandias\AppData\Roaming\Bitcoin\blkindex.dat
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000333
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000334
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000335
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000336
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000337
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000338
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000339
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000340
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000341
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000342
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000343
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000344
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000345
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000346
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000347
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000348
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000349
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000350
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000351
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000352
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000353
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000354
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000355
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000356
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000357
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000358
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000359
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000360
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000361
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000362
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000363
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000364
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000365
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000366
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000367
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000368
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000369
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000370
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000371
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000372
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000373
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000374
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000375
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000376
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000377
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000378
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000379
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000380
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000381
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000382
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000383
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000384
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000385
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000386
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000387
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000388
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000389
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000390
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000391
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000392
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000393
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000394
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000395
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000396
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000397
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000398
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000399
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000400
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000401
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000402
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000403
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000404
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000405
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000406
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000407
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000408
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000409
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000410
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000411
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000412
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000413
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000414
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000415
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000416
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000417
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000418
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000419
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000420
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000421
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000422
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000423
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000424
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000425
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000426
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000427
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000428
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000429
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000430
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000431
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000432
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000433
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000434
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000435
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000436
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000437
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000438
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000439
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000440
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000441
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000442
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000443
c:\users\Ozymandias\AppData\Roaming\Bitcoin\db.log
c:\users\Ozymandias\AppData\Roaming\Bitcoin\debug.log
c:\users\Ozymandias\AppData\Roaming\Bitcoin\wallet.dat
c:\users\Ozymandias\Imma WS11-12 .pdf
c:\windows\assembly\tmp\U
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-02 bis 2012-03-02 ))))))))))))))))))))))))))))))
.
.
2012-03-02 04:57 . 2012-03-02 04:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-02 04:32 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-03-02 04:32 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-03-02 04:32 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-03-02 04:32 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-02 04:32 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-02 04:32 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-02 04:26 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-02 04:26 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-03-02 04:25 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-03-02 04:25 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-03-02 04:16 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-02 04:16 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-27 05:03 . 2012-02-27 05:03 -------- d-----w- c:\windows\system32\Macromed
2012-02-23 14:09 . 2012-02-23 14:17 -------- d-----w- c:\users\Ozymandias\AppData\Roaming\Mobipocket
2012-02-23 14:08 . 2012-02-23 14:08 -------- d-----w- c:\program files (x86)\Mobipocket.com
2012-02-03 12:54 . 2012-02-03 12:54 -------- d-----w- c:\users\Ozymandias\AppData\Roaming\.silc
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-22 05:41 . 2012-01-22 05:41 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ff88a983-649d-4207-9336-9b999280b436}"= "c:\program files (x86)\SFT_de3\prxtbSFT_.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ff88a983-649d-4207-9336-9b999280b436}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ff88a983-649d-4207-9336-9b999280b436}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\SFT_de3\prxtbSFT_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ff88a983-649d-4207-9336-9b999280b436}"= "c:\program files (x86)\SFT_de3\prxtbSFT_.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ff88a983-649d-4207-9336-9b999280b436}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="c:\program files (x86)\QIP Infium\infium.exe" [2011-05-11 6848384]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
.
c:\users\Ozymandias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bitcoin.lnk - c:\program files (x86)\Bitcoin\bitcoin.exe [N/A]
Dropbox.lnk - c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-05-25 136616]
R3 GPU-Z;GPU-Z;c:\users\OZYMAN~1\AppData\Local\Temp\GPU-Z.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\Razerlow.sys [x]
R3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2011-03-02 224256]
S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-05-18 62184]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AODDriver4.01;AODDriver4.01;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-05-25 55424]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024760405-3643043278-2720284224-1000Core.job
- c:\users\Ozymandias\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 22:19]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024760405-3643043278-2720284224-1000UA.job
- c:\users\Ozymandias\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 22:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2011-04-26 6704304]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2011-04-26 71344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:4444
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ozymandias\AppData\Roaming\Mozilla\Firefox\Profiles\2mwr55xj.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 4444
FF - prefs.js: network.proxy.type - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\05\18\0a\06\0e,"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Winamp\winamp.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-02 06:17:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-02 05:17
.
Vor Suchlauf: 20.767.662.080 bytes free
Nach Suchlauf: 23.000.485.888 bytes free
.
- - End Of File - - 0460ADBF655E2E4944B9BEA7FDC02032
Warum hat Combofix die 2 Bilder gelöscht, meine alte Immatrikulationsbescheinigung (die PDF) und meine Bitcoin-Geldbörse. Zum Glück war nicht viel drin.

Ist das normal, dass Combofix einfach so solche Dateien ohne Fragen löscht?

Naja, ich war etwas naiv und engstirnig, aber vielleicht hilft der Thread ja jemanden.

 

Themen zu Bitcoin und Combofix
acrobat update, adobe, antivir, avg, avgnt, avira, bitcoin, combofix, dateien, defender, desktop, downloader, excel, explorer, firefox, frage, helper, internet, internet explorer, mozilla, neu, prozesse, security, software, sound, system, temp, windows


« PC Tools Spyware Doctor oder MalwareBytes Anti-Malware Vollversion? | Bundestag Petition: Aussetzen der Ratifizierung von ACTA »


Ähnliche Themen: Bitcoin und Combofix


  1. l+f: Bitcoin-App Blockchain generierte Gemeinschaftskonto
    Nachrichten - 02.06.2015 (0)
  2. Untergang der Bitcoin-Börse Mt. Gox: Ermittlungen deuten auf Insider-Tat
    Nachrichten - 02.01.2015 (0)
  3. Bitcoin Miner c:\windows\logs\logonui.exe
    Plagegeister aller Art und deren Bekämpfung - 20.11.2014 (8)
  4. Bitcoin-Dienstleister wider die 51-Prozent-Bedrohung
    Nachrichten - 17.07.2014 (0)
  5. Bitcoin: Erstmals gefährliche Konzentration der Mining-Leistung
    Nachrichten - 16.06.2014 (0)
  6. Virenscanner warnt vor Bitcoin-Blockchain
    Nachrichten - 17.05.2014 (0)
  7. Synology-NAS-Geräte als Bitcoin-Miner missbraucht
    Nachrichten - 14.02.2014 (0)
  8. Ich bin Opfer eines Bitcoin Mining-Netzes
    Plagegeister aller Art und deren Bekämpfung - 15.12.2013 (5)
  9. Bitcoin-Dienste: Hackerangriffe, Betrug und Millionenverluste
    Nachrichten - 13.11.2013 (0)
  10. Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner
    Log-Analyse und Auswertung - 10.11.2013 (11)
  11. Bitcoin: Diebstahl bei Bitcoin-Central und Ozcoin
    Nachrichten - 25.04.2013 (0)
  12. Bitcoin trotz Hackerattacken auf nächstem Rekordhoch
    Nachrichten - 08.04.2013 (0)
  13. Bitcoin-Börse Mt. Gox unter DDoS-Feuer
    Nachrichten - 04.04.2013 (0)
  14. Erhöhtes Hacker-Risiko bei Bitcoin Brainwallets
    Nachrichten - 28.03.2013 (0)
  15. Kontosperre durch Bitcoin-Lücke
    Nachrichten - 18.05.2012 (0)
  16. Bitcoin-Börse Bitcoinica ausgeraubt
    Nachrichten - 14.05.2012 (0)
  17. Bitcoin-Tauschbörse nach Angriff geschlossen
    Nachrichten - 20.06.2011 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bitcoin und Combofix - Hallo, ich hatte in letzter Zeit Probleme mit einem Virus/Trojaner. Atras2/Atraps2 oder so ähnlich hieß der. Hatte hier im Forum gelesen, dass man den mit Combofix killen könnte. (Antivir beenden - Bitcoin und Combofix...
Archiv
Du betrachtest: Bitcoin und Combofix auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131