Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Diskussionsforum (https://www.trojaner-board.de/diskussionsforum/)
-   -   Bitcoin und Combofix (https://www.trojaner-board.de/110724-bitcoin-combofix.html)

Lord_Yu 02.03.2012 07:02
Bitcoin und Combofix
 
Hallo,

ich hatte in letzter Zeit Probleme mit einem Virus/Trojaner. Atras2/Atraps2 oder so ähnlich hieß der. Hatte hier im Forum gelesen, dass man den mit Combofix killen könnte.

(Antivir beenden ging irgendwie nicht)


Zitat:
ComboFix 12-03-01.02 - Ozymandias 02.03.2012 5:50.1.6 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1033.18.8188.5979 [GMT 1:00]
ausgeführt von:: c:\users\Ozymandias\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\faCEmoodstlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\auth.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\burnlib.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\dsp_sps.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\enc_aacplus.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\enc_flac.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\enc_lame.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\enc_vorbis.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\enc_wav.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\enc_wma.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_classicart.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_crasher.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_ff.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_find_on_disk.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_hotkeys.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_jumpex.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_ml.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_nopro.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_orgler.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_skinmanager.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_timerestore.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_tray.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\gen_undo.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_avi.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_cdda.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_dshow.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_flac.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_flv.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_linein.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_midi.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_mkv.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_mod.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_mp3.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_mp4.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_nsv.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_swf.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_vorbis.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_wav.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_wave.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_wm.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\in_wv.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_addons.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_autotag.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_bookmarks.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_devices.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_disc.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_downloads.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_enqplay.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_history.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_impex.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_local.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_nowplaying.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_online.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_orb.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_playlists.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_plg.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_pmp.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_rg.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_transcode.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ml_wire.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\ombrowser.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\out_disk.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\out_ds.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\out_wave.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\playlist.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_activesync.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_android.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_ipod.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_njb.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_p4s.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_usb.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\pmp_wifi.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\tagz.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\vis_avs.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\vis_milk2.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\vis_nsfs.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\winamp.lng
c:\users\OZYMAN~1\AppData\Local\Temp\WLZ5169.tmp\winampa.lng
c:\users\Ozymandias\002.jpg
c:\users\Ozymandias\113.jpg
c:\users\Ozymandias\AppData\Local\546936c0
c:\users\Ozymandias\AppData\Local\546936c0\@
c:\users\Ozymandias\AppData\Local\546936c0\loader.tlb
c:\users\Ozymandias\AppData\Local\546936c0\U\800000cb.@
c:\users\Ozymandias\AppData\Local\546936c0\X
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3621474A-F26F-4AD3-A681-22F4BAD61C09}.xps
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{46EF2DD5-AE74-4397-87B4-9030051857CD}.xps
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{648A320F-8851-49CE-94FF-2547B1639BE7}.xps
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{721CF1F9-B930-475C-BC69-9FCF1B45ADCD}.xps
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{74E4196E-DAFC-4268-A0EF-660EEAD395A7}.xps
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7C5EF362-7CAD-4982-B325-6DC3188D29B8}.xps
c:\users\Ozymandias\AppData\Local\Microsoft\Windows\Temporary Internet Files\{96CC6B1E-8408-49D7-84CE-DB7A86B36423}.xps
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\auth.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\burnlib.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\dsp_sps.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\enc_aacplus.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\enc_flac.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\enc_lame.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\enc_vorbis.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\enc_wav.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\enc_wma.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_classicart.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_crasher.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_ff.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_find_on_disk.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_hotkeys.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_jumpex.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_ml.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_nopro.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_orgler.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_skinmanager.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_timerestore.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_tray.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\gen_undo.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_avi.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_cdda.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_dshow.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_flac.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_flv.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_linein.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_midi.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_mkv.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_mod.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_mp3.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_mp4.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_nsv.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_swf.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_vorbis.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_wav.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_wave.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_wm.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\in_wv.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_addons.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_autotag.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_bookmarks.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_devices.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_disc.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_downloads.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_enqplay.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_history.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_impex.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_local.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_nowplaying.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_online.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_orb.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_playlists.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_plg.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_pmp.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_rg.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_transcode.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ml_wire.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\ombrowser.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\out_disk.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\out_ds.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\out_wave.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\playlist.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_activesync.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_android.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_ipod.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_njb.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_p4s.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_usb.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\pmp_wifi.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\tagz.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\vis_avs.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\vis_milk2.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\vis_nsfs.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\winamp.lng
c:\users\Ozymandias\AppData\Local\Temp\WLZ5169.tmp\winampa.lng
c:\users\Ozymandias\AppData\Roaming\Bitcoin
c:\users\Ozymandias\AppData\Roaming\Bitcoin\.lock
c:\users\Ozymandias\AppData\Roaming\Bitcoin\__db.001
c:\users\Ozymandias\AppData\Roaming\Bitcoin\__db.002
c:\users\Ozymandias\AppData\Roaming\Bitcoin\__db.003
c:\users\Ozymandias\AppData\Roaming\Bitcoin\__db.004
c:\users\Ozymandias\AppData\Roaming\Bitcoin\__db.005
c:\users\Ozymandias\AppData\Roaming\Bitcoin\__db.006
c:\users\Ozymandias\AppData\Roaming\Bitcoin\addr.dat
c:\users\Ozymandias\AppData\Roaming\Bitcoin\bitcoin.conf
c:\users\Ozymandias\AppData\Roaming\Bitcoin\blk0001.dat
c:\users\Ozymandias\AppData\Roaming\Bitcoin\blkindex.dat
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000333
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000334
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000335
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000336
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000337
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000338
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000339
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000340
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000341
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000342
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000343
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000344
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000345
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000346
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000347
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000348
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000349
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000350
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000351
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000352
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000353
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000354
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000355
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000356
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000357
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000358
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000359
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000360
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000361
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000362
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000363
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000364
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000365
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000366
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000367
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000368
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000369
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000370
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000371
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000372
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000373
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000374
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000375
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000376
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000377
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000378
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000379
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000380
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000381
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000382
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000383
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000384
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000385
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000386
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000387
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000388
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000389
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000390
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000391
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000392
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000393
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000394
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000395
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000396
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000397
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000398
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000399
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000400
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000401
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000402
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000403
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000404
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000405
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000406
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000407
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000408
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000409
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000410
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000411
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000412
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000413
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000414
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000415
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000416
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000417
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000418
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000419
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000420
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000421
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000422
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000423
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000424
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000425
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000426
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000427
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000428
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000429
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000430
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000431
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000432
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000433
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000434
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000435
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000436
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000437
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000438
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000439
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000440
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000441
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000442
c:\users\Ozymandias\AppData\Roaming\Bitcoin\database\log.0000000443
c:\users\Ozymandias\AppData\Roaming\Bitcoin\db.log
c:\users\Ozymandias\AppData\Roaming\Bitcoin\debug.log
c:\users\Ozymandias\AppData\Roaming\Bitcoin\wallet.dat
c:\users\Ozymandias\Imma WS11-12 .pdf
c:\windows\assembly\tmp\U
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-02 bis 2012-03-02 ))))))))))))))))))))))))))))))
.
.
2012-03-02 04:57 . 2012-03-02 04:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-02 04:32 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-03-02 04:32 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-03-02 04:32 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-03-02 04:32 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-02 04:32 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-02 04:32 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-02 04:26 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-02 04:26 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-03-02 04:25 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-03-02 04:25 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-03-02 04:16 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-02 04:16 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-27 05:03 . 2012-02-27 05:03 -------- d-----w- c:\windows\system32\Macromed
2012-02-23 14:09 . 2012-02-23 14:17 -------- d-----w- c:\users\Ozymandias\AppData\Roaming\Mobipocket
2012-02-23 14:08 . 2012-02-23 14:08 -------- d-----w- c:\program files (x86)\Mobipocket.com
2012-02-03 12:54 . 2012-02-03 12:54 -------- d-----w- c:\users\Ozymandias\AppData\Roaming\.silc
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-22 05:41 . 2012-01-22 05:41 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ff88a983-649d-4207-9336-9b999280b436}"= "c:\program files (x86)\SFT_de3\prxtbSFT_.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ff88a983-649d-4207-9336-9b999280b436}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ff88a983-649d-4207-9336-9b999280b436}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\SFT_de3\prxtbSFT_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ff88a983-649d-4207-9336-9b999280b436}"= "c:\program files (x86)\SFT_de3\prxtbSFT_.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ff88a983-649d-4207-9336-9b999280b436}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="c:\program files (x86)\QIP Infium\infium.exe" [2011-05-11 6848384]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
.
c:\users\Ozymandias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bitcoin.lnk - c:\program files (x86)\Bitcoin\bitcoin.exe [N/A]
Dropbox.lnk - c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-05-25 136616]
R3 GPU-Z;GPU-Z;c:\users\OZYMAN~1\AppData\Local\Temp\GPU-Z.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\Razerlow.sys [x]
R3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2011-03-02 224256]
S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-05-18 62184]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AODDriver4.01;AODDriver4.01;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-05-25 55424]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024760405-3643043278-2720284224-1000Core.job
- c:\users\Ozymandias\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 22:19]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024760405-3643043278-2720284224-1000UA.job
- c:\users\Ozymandias\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 22:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ozymandias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2011-04-26 6704304]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2011-04-26 71344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:4444
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ozymandias\AppData\Roaming\Mozilla\Firefox\Profiles\2mwr55xj.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 4444
FF - prefs.js: network.proxy.type - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\05\18\0a\06\0e,"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Winamp\winamp.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-02 06:17:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-02 05:17
.
Vor Suchlauf: 20.767.662.080 bytes free
Nach Suchlauf: 23.000.485.888 bytes free
.
- - End Of File - - 0460ADBF655E2E4944B9BEA7FDC02032
Warum hat Combofix die 2 Bilder gelöscht, meine alte Immatrikulationsbescheinigung (die PDF) und meine Bitcoin-Geldbörse. Zum Glück war nicht viel drin.

Ist das normal, dass Combofix einfach so solche Dateien ohne Fragen löscht?

Naja, ich war etwas naiv und engstirnig, aber vielleicht hilft der Thread ja jemanden. ;)

Lord_Yu 02.03.2012 07:15
Edit: Hab herausgefunden wo Combofix meine Daten in die Quarantäne gesteckt hat. :D

Psychotic 02.03.2012 07:45
WARUM CF dir diese Dateien gelöscht hat, ist einfach:

Weil es aufgrund seiner Suchroutinen der Meinung war, dass sie deinem Rechner gefährlich sein könnten.
So etwas kann bei einem mächtigen Tool wie Combofix vorkommen.

Deshalb bedarf der Einsatz von ComboFix grundsätzlich immer einer vorhergehenden Analyse/Bewertung durch eine Fachperson.

Nicht umsonst gibt es diesen Warnhinweis!

Noch einmal: CF ist kein Spielzeug und auch nicht dafür gedacht, ohne weiteres eingesetzt zu werden! :twak:


Außerdem ist damit noch lange nicht gesagt, dass dein System auch sauber ist. In deinem Fall lassen sich nämlich noch Anzeichen erkennen, die das Gegenteil vermuten lassen.

Code:
c:\windows\assembly\tmp\U
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 4444
FF - prefs.js: network.proxy.type - 4
Um Abhilfe zu schaffen, eröffne hier einen Thread. Beachte jedoch die Infos Für alle Hilfesuchenden! ;)


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55