'TR/Alureon.BF.2' [trojan] bekomme ich nicht los

realdojo

Teil III

"TCP Query User{66DFB49F-BDBE-49CA-AE76-BAD1163D5ABA}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{1FC2329E-A467-4EB7-8A64-9B49F711F2EC}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{C3826956-510C-41CD-B7A3-A7AF4FCAAC7D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3CCB6510-B42D-4F90-952E-F77105C83EF3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{655989EF-9B18-48C4-9C0B-3B5F0684BC93}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{AFC1AEF5-9EE1-4059-9174-39DBF22DDA49}"= Disabled:UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{0E7AF583-FFED-49AF-ABF8-5F421EAC37A3}"= Disabled:TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{BAEBB70B-70BC-463C-8C93-8EAC81465A71}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{CD672117-7F63-4AF4-886D-8E2E3AFD6715}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{796CA619-B8EB-4D16-9B28-3177FA3DA6BE}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{F899E985-5B1E-4179-89B4-B92F5A6A9800}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exeNA
"UDP Query User{D04A2679-D854-4835-8A84-598F76708FC2}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exeNA
"{2A3F0F33-119B-4A2F-B620-ECB5A1C97107}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F3A6B3B7-861B-473F-AA10-3FD1043818E1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F8127DAB-60F5-4662-98AE-325FE34D37FB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F1198147-8A14-4652-BD5B-16231663F68B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{95FD7ADE-358B-4451-B746-F5F8021587BF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{28AE51FB-03A3-4E49-9799-DBDE0F71FF78}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{77F074FC-C21A-4D98-A6C8-7EA4A477DC09}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7F860512-CA63-406C-8EBC-B719B9FA9F85}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{72C8B57B-24D7-43D5-99CE-1C04AB062E56}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C3A3A076-3821-4E46-8FF6-09E049A2C772}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CE5913A3-EF56-4F72-BE75-6D4D276E1FBC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{59CDA3AE-9006-4A91-9647-09F99AD37B84}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8F5523C4-7732-4B7A-8FDE-BA3C5570B039}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7BF0D88A-22C9-4768-AA39-4E87ACD67313}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{CAA42384-CF92-4454-8337-F6299C9AC8EB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4142A83A-4529-48DF-9E16-76AD4E7CAED4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A16F3A2E-3090-4491-9534-5F02EC21DE74}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3BD0411F-0385-4E79-8123-BC80E8AEB33E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7307E280-76D9-4E86-8F48-44BBF67C44E7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{53CA7498-DD1C-48F4-A521-6162F9CB0B5F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{7BFCA665-036C-467A-9087-D1DFD349A397}c:\\program files\\fritz!box monitor\\fritzboxmonitor.exe"= UDP:c:\program files\fritz!box monitor\fritzboxmonitor.exe:FRITZ!Box Monitor
"UDP Query User{99A5D827-9D24-40D0-8CBC-040D7F9685CF}c:\\program files\\fritz!box monitor\\fritzboxmonitor.exe"= TCP:c:\program files\fritz!box monitor\fritzboxmonitor.exe:FRITZ!Box Monitor
"{14203BA7-056C-49B5-93FD-94C73C549071}"= UDP:c:\users\Jochen\AppData\Local\Apps\2.0\BQBQRO34.3H6\D733KVPQ.NTC\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe:FRITZ!Box USB-Fernanschluss
"{3EDF25FB-721E-45C9-AC25-0616A63F47EB}"= TCP:c:\users\Jochen\AppData\Local\Apps\2.0\BQBQRO34.3H6\D733KVPQ.NTC\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe:FRITZ!Box USB-Fernanschluss
"{9AB637FD-A2DD-452D-98A6-BD1398BB7FCE}"= UDP:c:\users\Jochen\AppData\Local\Apps\2.0\BQBQRO34.3H6\D733KVPQ.NTC\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe:FRITZ!Box USB-Fernanschluss
"{3ABEF803-2781-47E7-BDF5-8A5FB20C5F80}"= TCP:c:\users\Jochen\AppData\Local\Apps\2.0\BQBQRO34.3H6\D733KVPQ.NTC\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe:FRITZ!Box USB-Fernanschluss
"{CFE66C27-C423-48F0-A70E-6F734C1E34D4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{84D004FF-B9F8-47E4-8D65-75B62862A00C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{61C16FF0-4CB9-4A09-98EC-0835434778CA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8F05718B-A30D-4DBA-AD7C-16C35ED20742}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{76505692-0328-4F1F-96A8-38142AB8D042}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{39F1A2DB-43A0-4C02-9845-192D520C964F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B48E1A44-06E3-4252-9537-742A47678BE2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A5D80C4B-2724-49EC-BE55-7D24857684E7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E5F724AC-5B93-4E94-8207-B23DFE88BBD4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{48BE7DDB-A00A-427A-A968-D464E0B9611E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1C0C06FB-098C-462D-85FB-D2D91BFEC09C}"= Disabled:UDP:c:\program files\Tobit ClipInc\Player\ClipInc-Player.exe:ClipInc Player
"{A4A6E27D-7718-4C86-908F-3CBCB7BB6296}"= Disabled:TCP:c:\program files\Tobit ClipInc\Player\ClipInc-Player.exe:ClipInc Player
"{88CAFDF4-6522-4A4D-BC8A-A859B2841BAE}"= Disabled:UDP:c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe:ClipInc Server
"{2F9AD9C9-7AB0-4932-9D97-436A7E5D7602}"= Disabled:TCP:c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe:ClipInc Server
"{34003C3C-F94B-4067-ABCA-1CF5EEA53859}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E149AE3E-30DB-49B3-9F61-DF6F07C45AC1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{48BE8201-0908-40D3-9CA1-C11874CDC7AF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{30A67C99-1356-4B7F-B251-B4E2F3288069}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7C6CEC58-5644-484C-AD76-F54623D9761E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D191BE23-8C06-469F-8284-E230F7D249F7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{04A01671-046A-47EF-A886-AD964149B8C1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5EA0C766-A6B6-4EF9-8671-DC09B83E990F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DAA79E1B-2311-4D9C-8356-6B73E4B0D441}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 ui11rdr;ui11rdr;c:\windows\System32\drivers\ui11rdr.SYS [14.01.2009 15:49 272384]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [09.07.2009 22:14 108289]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [03.01.2007 11:19 11032]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.04.2009 13:57 92008]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [19.07.2009 00:44 604416]
R2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys [18.09.2008 23:06 54960]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.03.2009 16:28 1533808]
R2 XTAgent;Novell XTier Agent Services;c:\windows\System32\Novell\xtagent.exe [08.09.2005 17:14 61440]
R3 avmaura;AVM USB-Fernanschluss;c:\windows\System32\drivers\avmaura.sys [23.11.2008 19:19 101248]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [13.04.2007 20:34 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [13.04.2007 20:34 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [13.04.2007 20:34 31104]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [23.04.2007 14:29 812544]
S2 gupdate1c9c7544b4339d8;Google Update Service (gupdate1c9c7544b4339d8);c:\program files\Google\Update\GoogleUpdate.exe [27.04.2009 18:21 133104]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [08.04.2009 17:09 1527900]
S3 IPJ;IPJ;c:\users\Jochen\AppData\Local\Temp\IPJ.exe --> c:\users\Jochen\AppData\Local\Temp\IPJ.exe [?]
S3 NKZDJILO;NKZDJILO;c:\users\Jochen\AppData\Local\Temp\NKZDJILO.exe --> c:\users\Jochen\AppData\Local\Temp\NKZDJILO.exe [?]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [08.04.2009 17:08 544768]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\VAIO Media Integrated Server\UCLS.exe [24.05.2007 15:20 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [24.05.2007 15:19 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [24.05.2007 15:19 1089536]
S4 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24.11.2008 23:31 29263712]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyServer = isa01:8008
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\users\Jochen\AppData\Roaming\Mozilla\Firefox\Profiles\d4x6gtuk.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************
Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien:

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3735403668-3670143366-2106169524-1003\Software\SecuROM\License information*]
"datasecu"=hex:4b,54,b8,b5,69,ea,ec,e9,cb,70,5b,31,09,f6,8b,22,30,cb,64,48,4a,
94,f2,ce,eb,a9,eb,3a,ff,fc,e5,be,87,8c,14,87,76,a4,e5,c0,f3,0c,4e,f8,1a,f9,\
"rkeysecu"=hex:d1,ab,58,10,5e,07,80,29,a0,d4,a0,72,0a,09,e5,36

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(2924)
c:\windows\System32\ui11np.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\brsvc01a.exe
c:\windows\System32\brss01a.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\System32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\TCPSVCS.EXE
c:\program files\sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\conime.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\program files\sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-08-14 22:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-08-14 20:53

Vor Suchlauf: 14 Verzeichnis(se), 15.910.793.216 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 17.033.170.944 Bytes frei

454 --- E O F --- 2009-08-12 09:55