Trojaner-Board - http://www.searchqu.com/406

Combofix Logfile:
Code:
ComboFix 11-07-28.07 - SZ GmbH 29.07.2011   8:34.1.2 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2045.858 [GMT 2:00]

ausgeführt von:: c:\users\SZ GmbH\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\SZ GmbH\Desktop\CFScript.txt.txt

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Norton Internet Security

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-06-28 bis 2011-07-29  ))))))))))))))))))))))))))))))

.

.

2011-07-29 06:41 . 2011-07-29 06:44        --------        d-----w-        c:\users\SZ GmbH\AppData\Local\temp

2011-07-28 06:58 . 2011-07-28 06:58        --------        d-----w-        C:\_OTL

2011-07-26 12:54 . 2011-07-26 12:54        --------        d-----w-        c:\program files (x86)\ESET

2011-07-26 11:02 . 2011-07-26 11:02        --------        d-----w-        c:\program files\CCleaner

2011-07-26 09:38 . 2011-07-27 12:22        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2011-07-26 09:38 . 2011-07-27 12:19        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy

2011-07-26 09:34 . 2011-07-26 09:34        --------        d-----w-        c:\users\SZ GmbH\AppData\Roaming\Malwarebytes

2011-07-26 09:34 . 2011-07-06 17:52        41272        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-26 09:34 . 2011-07-26 09:34        --------        d-----w-        c:\programdata\Malwarebytes

2011-07-26 09:34 . 2011-07-26 09:34        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-07-26 09:34 . 2011-07-06 17:52        25912        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-07-26 06:27 . 2011-07-26 06:27        --------        d-----w-        c:\programdata\boost_interprocess

2011-07-25 09:08 . 2011-07-25 09:09        --------        d-----w-        c:\users\SZ GmbH\AppData\Local\Ilivid Player

2011-07-25 09:07 . 2011-07-25 09:07        --------        d-----w-        c:\users\SZ GmbH\AppData\Local\PackageAware

2011-07-20 12:24 . 2011-07-20 12:24        --------        d-----w-        c:\users\SZ GmbH\AppData\Roaming\ERS Game Studios

2011-07-20 11:58 . 2011-07-20 11:58        --------        d-----w-        c:\users\SZ GmbH\AppData\Roaming\Artogon

2011-07-20 10:42 . 2011-07-20 10:42        --------        d-----w-        c:\users\SZ GmbH\AppData\Roaming\MagicIndie

2011-07-20 07:08 . 2011-07-20 07:08        --------        d-----w-        c:\users\SZ GmbH\AppData\Roaming\Artifex Mundi

2011-07-19 08:51 . 2011-07-19 08:51        --------        d-----w-        c:\users\SZ GmbH\AppData\Roaming\Merscom

2011-07-19 08:51 . 2011-07-19 08:51        --------        d-----w-        c:\programdata\Merscom

2011-07-19 08:37 . 2011-07-27 12:17        --------        d-----w-        c:\programdata\Big Fish Games

2011-07-14 06:36 . 2011-06-02 13:50        2764288        ----a-w-        c:\windows\system32\win32k.sys

2011-07-14 06:36 . 2011-04-20 16:03        451072        ----a-w-        c:\windows\system32\winsrv.dll

2011-07-14 06:36 . 2011-04-20 15:58        85504        ----a-w-        c:\windows\system32\csrsrv.dll

2011-07-04 07:48 . 2011-07-04 07:48        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-29 09:48 . 2011-04-29 16:15        344576        ----a-w-        c:\windows\system32\schannel.dll

2011-06-29 09:48 . 2011-04-29 15:59        276992        ----a-w-        c:\windows\SysWow64\schannel.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-29 09:40 . 2010-09-21 06:27        88288        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-06-29 09:40 . 2010-09-21 06:27        123784        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-05-28 06:28 . 2011-06-16 06:40        1147904        ----a-w-        c:\windows\system32\wininet.dll

2011-05-28 06:24 . 2011-06-16 06:40        56832        ----a-w-        c:\windows\system32\licmgr10.dll

2011-05-28 06:23 . 2011-06-16 06:40        1538560        ----a-w-        c:\windows\system32\inetcpl.cpl

2011-05-28 06:23 . 2011-06-16 06:40        132096        ----a-w-        c:\windows\system32\iesysprep.dll

2011-05-28 06:23 . 2011-06-16 06:40        77312        ----a-w-        c:\windows\system32\iesetup.dll

2011-05-28 06:08 . 2011-06-16 06:40        916480        ----a-w-        c:\windows\SysWow64\wininet.dll

2011-05-28 06:04 . 2011-06-16 06:40        43520        ----a-w-        c:\windows\SysWow64\licmgr10.dll

2011-05-28 06:04 . 2011-06-16 06:40        1469440        ----a-w-        c:\windows\SysWow64\inetcpl.cpl

2011-05-28 06:04 . 2011-06-16 06:40        71680        ----a-w-        c:\windows\SysWow64\iesetup.dll

2011-05-28 06:04 . 2011-06-16 06:40        109056        ----a-w-        c:\windows\SysWow64\iesysprep.dll

2011-05-28 05:33 . 2011-06-16 06:40        479232        ----a-w-        c:\windows\system32\html.iec

2011-05-28 05:10 . 2011-06-16 06:40        385024        ----a-w-        c:\windows\SysWow64\html.iec

2011-05-28 04:53 . 2011-06-16 06:40        162816        ----a-w-        c:\windows\system32\ieUnatt.exe

2011-05-28 04:52 . 2011-06-16 06:40        1638912        ----a-w-        c:\windows\system32\mshtml.tlb

2011-05-28 04:33 . 2011-06-16 06:40        133632        ----a-w-        c:\windows\SysWow64\ieUnatt.exe

2011-05-28 04:31 . 2011-06-16 06:40        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2011-05-24 17:14 . 2009-10-05 06:20        270720        ------w-        c:\windows\system32\MpSigStub.exe

2011-05-20 06:40 . 2011-05-20 06:40        1138440        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-05-04 02:52 . 2010-06-24 07:20        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2011-05-02 17:16 . 2011-06-16 06:40        739328        ----a-w-        c:\windows\SysWow64\inetcomm.dll

2011-05-02 17:13 . 2011-06-16 06:40        975360        ----a-w-        c:\windows\system32\inetcomm.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]

"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-05 630784]

"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2006-11-07 65536]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SkyUserDevmode-Update.lnk - c:\datev\PROGRAMM\B0001401\UpdateDevmode.exe [2010-12-2 27744]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=  

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]

R3 DATEV Update-Service;DATEV Update-Service;c:\datev\PROGRAMM\INSTALL\DvInesASDSvc.Exe [2010-12-10 155232]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]

S2 DatevPrintService;DATEV Druckservice;c:\datev\PROGRAMM\B0001442\PSNTSERV.EXE [2010-12-08 79872]

S2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 27648]

S2 MSSQL$DATEV_CL_DE01;SQL Server (DATEV_CL_DE01);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

ezSharedSvc

.

Inhalt des "geplante Tasks" Ordners

.

2011-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 07:56]

.

2011-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 07:56]

.

2011-07-28 c:\windows\Tasks\User_Feed_Synchronization-{67AF7CCF-DF5A-4391-8D58-C6420564FB80}.job

- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-05-07 6291456]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.searchqu.com/406

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://home.sweetim.com/?crg=2.1002

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\SZ GmbH\AppData\Roaming\Mozilla\Firefox\Profiles\o3pnwm1o.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.de

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\HidService.exe

c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\SysWOW64\IoctlSvc.exe

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-07-29  08:49:46 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-07-29 06:49

ComboFix2.txt  2011-07-28 12:46

.

Vor Suchlauf: 23 Verzeichnis(se), 484.832.862.208 Bytes frei

Nach Suchlauf: 24 Verzeichnis(se), 484.770.050.048 Bytes frei

.

- - End Of File - - CC3B81D01F6E36580A3A42EA79CCECBC
--- --- ---