ComboFix 08-04-28.2 - gretur 2008-04-29 7:59:26.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.479 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\gretur\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat C:\WINDOWS\system32\iQWvxyay.ini C:\WINDOWS\system32\iQWvxyay.ini2 C:\WINDOWS\system32\pskill.exe ----- BITS: Possible infected sites ----- hxxp://server . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF ((((((((((((((((((((((( Dateien erstellt von 2008-03-28 bis 2008-04-29 )))))))))))))))))))))))))))))) . 2008-04-29 07:53 . 2008-04-29 07:53 d-------- C:\Programme\CCleaner 2008-04-27 23:36 . 2008-04-27 23:36 d-------- C:\VundoFix Backups 2008-04-03 22:30 . 2008-04-03 22:30 d-------- C:\FILES 2008-04-03 22:17 . 2004-03-03 04:06 221,184 -ra------ C:\WINDOWS\system32\HP3AIOZ6.dll 2008-04-03 22:17 . 2004-03-15 11:02 412 -ra------ C:\WINDOWS\system32\HP3AIOZ6.dat 2008-04-03 22:13 . 2008-04-03 22:13 d-------- C:\Programme\PrintServer Network driver 2008-04-03 22:13 . 2005-08-29 17:53 192,512 --a------ C:\WINDOWS\system32\Bot.dll 2008-04-03 22:13 . 2005-08-04 11:27 84,480 --a------ C:\WINDOWS\system32\pswin.dll 2008-04-03 22:13 . 2005-08-03 17:19 69,120 --a------ C:\WINDOWS\system32\psnt.dll 2008-04-03 22:13 . 2008-04-29 08:10 202 --a------ C:\WINDOWS\system32\PSLOG 2008-04-03 22:13 . 2001-03-15 17:36 101 --a------ C:\WINDOWS\PSXLPR.INI . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-28 16:27 --------- d-----w C:\Programme\Microsoft SCSF 2008-04-27 20:35 --------- d-----w C:\Programme\Microsoft Silverlight 2008-04-27 20:35 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic 2008-04-27 11:32 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2008-04-09 21:09 --------- d-----w C:\Dokumente und Einstellungen\gretur\Anwendungsdaten\Skype 2008-04-07 20:20 --------- d-----w C:\Programme\RTL3DSoftware20 2008-04-03 20:28 --------- d-----w C:\Programme\MSECache 2008-03-19 14:02 --------- d-----w C:\Programme\AvantGo 2008-03-17 17:48 --------- d-----w C:\Programme\JasperSoft 2008-03-10 07:23 --------- d-----w C:\Programme\Styler 2008-03-10 07:12 --------- d-----w C:\Dokumente und Einstellungen\gretur\Anwendungsdaten\ViStart 2008-03-10 06:58 --------- d-----w C:\Programme\WinFlip 2008-03-10 06:58 --------- d-----w C:\Programme\TrueTransparency 2008-03-10 06:58 --------- d-----w C:\Dokumente und Einstellungen\gretur\Anwendungsdaten\Styler 2008-03-04 07:24 --------- d-----w C:\Dokumente und Einstellungen\gretur\Anwendungsdaten\Juniper Networks 2008-02-13 21:30 737,280 ----a-w C:\WINDOWS\iun6002.exe 2006-08-21 17:07 774,144 ----a-w C:\Programme\RngInterstitial.dll . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN] @={30351346-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN] @={30351347-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN] @={30351348-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN] @={3035134B-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN] @={3035134C-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN] @={3035134D-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN] @={3035134E-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}] 2006-09-16 10:58 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}] 2006-09-16 10:58 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}] 2006-09-16 10:58 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}] 2006-09-16 10:58 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}] 2006-09-16 10:58 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}] 2006-09-16 10:58 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}] 2006-09-16 10:58 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "TPKMAPMN"="C:\Programme\ThinkPad\Utilities\TpKmapMn.exe" [2004-02-04 18:39 32768] "IBM RecordNow!"="" [] "DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2004-09-22 10:53 53248] "H/PC Connection Agent"="C:\Programme\ActiveSync\Wcescomm.exe" [2006-11-13 14:50 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 11:17 110592] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 11:17 512000] "TPKMAPHELPER"="C:\Programme\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 18:39 897024] "TpShocks"="TpShocks.exe" [2005-04-05 15:14 106496 C:\WINDOWS\system32\TpShocks.exe] "ControlCenter"="C:\Programme\IBM fingerprint software\ctlcntr.exe" [2005-04-13 09:00 287333] "TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 12:43 94208] "TP4EX"="tp4ex.exe" [2004-11-12 01:07 40960 C:\WINDOWS\system32\TP4EX.exe] "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 02:11 217088] "SoundMAXPnP"="C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "SoundMAX"="C:\Programme\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27 860160] "ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-10 21:05 344064] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-02 01:05 127035] "IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [2005-04-27 09:53 90112] "QCTRAY"="C:\Programme\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2005-03-18 03:07 745472] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 01:01 139264] "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 01:01 208896] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-27 13:04 262401] "Biomenu"="C:\Programme\Protector Suite QL\menusw.exe" [2006-02-01 13:55 1632256] "CloneCDTray"="C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344] "ZoneAlarm Client"="C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02 919280] "SAFEHOME HotKeys"="C:\Programme\Steganos Safe Home\SteganosHotKeyService.exe" [2006-12-05 13:15 25088] "SAFEHOME Agent"="C:\Programme\Steganos Safe Home\SteganosAgent.exe" [2006-12-05 13:15 26112] "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2006-08-21 19:29 180269] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] fusstub.dll 2006-02-01 13:56 39936 C:\WINDOWS\system32\fusstub.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] QConGina.dll 2005-03-18 03:07 262144 C:\WINDOWS\system32\QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] tphklock.dll 2004-08-12 20:11 24576 C:\WINDOWS\system32\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-03-12 13:49 153136 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 08:00 33648 C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages] --------- 2004-08-06 02:10 442368 C:\Programme\IBM\Messages By IBM\ibmmessages.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Automatic Backup 1.0.1] --a------ 2002-10-15 10:32 3014656 C:\Programme\Iomega\Iomega Automatic Backup\ibackup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-12-11 13:10 267048 C:\Programme\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock] C:\Programme\LClock\LClock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---hs---- 2004-10-13 18:24 1694208 C:\Programme\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-09 18:53 153136 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 11:56 286720 C:\Programme\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2007-03-30 13:34 25263144 C:\Programme\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-12-15 03:23 75520 C:\Programme\Java\jre1.5.0_11\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2006-08-21 19:29 180269 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --------- 2003-08-19 01:01 110592 C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] --a------ 2006-03-30 16:45 313472 C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb] C:\Programme\ViOrb\ViOrb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar] C:\Programme\Vista Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart] C:\Programme\ViStart\ViStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\iTunes\\iTunes.exe"= "C:\\Programme\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\Programme\ActiveSync\rapimgr.exe"= C:\Programme\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Programme\ActiveSync\wcescomm.exe"= C:\Programme\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Programme\ActiveSync\WCESMgr.exe"= C:\Programme\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Programme\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "13364:UDP"= 13364:UDP:Print Server Utility "13107:UDP"= 13107:UDP:Print Server Utility "69:UDP"= 69:UDP:Print Server Utility R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2008-04-27 13:04] R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-01-14 12:20] R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2004-12-02 16:14] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-03-18 03:07] R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-04-27 13:04] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2005-03-18 03:07] R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 12:59] R1 SLEE_14_DRIVER;Steganos Live Encryption Engine 14 [Driver];C:\WINDOWS\system32\drivers\Sleen14.sys [2006-11-08 15:19] R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2005-04-14 01:01] R2 FdRedir;FdRedir;C:\Programme\Gemeinsame Dateien\Protector Suite QL\Drivers\FdRedir.sys [2006-02-01 13:58] R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Programme\Gemeinsame Dateien\Protector Suite QL\Drivers\filedisk.sys [2006-02-01 13:58] R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2005-04-27 10:27] R2 SmiHlp;SMI helper driver;C:\Programme\IBM fingerprint software\smihlp.sys [2005-04-13 08:58] R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-02-01 13:51] R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2004-12-02 15:54] R3 TPM11;NSC Integrated Trusted Platform Module 1.1;C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-04-21 16:44] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [] S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2005-03-18 03:07] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18184e0e-443e-11db-8ceb-000e9bdc8a52}] \Shell\AutoRun\command - J:\loader.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e6ba4a7-33ba-11dc-8d41-005056c00008}] \Shell\AutoRun\command - G:\starter.exe . Inhalt des "geplante Tasks" Ordners "2008-04-18 12:16:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programme\Apple Software Update\SoftwareUpdate.exe "2008-04-29 06:13:13 C:\WINDOWS\Tasks\PMTask.job" - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-29 08:11:49 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2] "ImagePath"="\"\"" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\tphklock.dll PROCESS: C:\WINDOWS\Explorer.exe -> C:\Programme\TortoiseSVN\iconv\_tbl_simple.so -> C:\Programme\TortoiseSVN\iconv\windows-1252.so -> C:\Programme\TortoiseSVN\iconv\utf-8.so . ------------------------ Other Running Processes ------------------------ . C:\Programme\Gemeinsame Dateien\Virtual Token\vtserver.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\ati2evxx.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\QCONSVC.EXE C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSvc.exe C:\WINDOWS\system32\searchindexer.exe C:\WINDOWS\system32\ati2evxx.exe C:\Programme\Windows Media Player\wmpnetwk.exe C:\Programme\TortoiseSVN\bin\TSVNCache.exe C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\PROGRA~1\ThinkPad\CONNEC~1\QCTRAY.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\searchprotocolhost.exe C:\PROGRA~1\ACTIVE~1\rapimgr.exe C:\WINDOWS\system32\searchfilterhost.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-04-29 8:21:47 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-29 06:21:38 19 Verzeichnis(se), 3,369,062,400 Bytes frei 23 Verzeichnis(se), 3,451,723,776 Bytes frei 269