Hallo, danke für die schnelle Antwort.
Das ist jetzt der Report von Malwarebytes:Malwarebytes Anti-Malware (Test) 1.65.1.1000
Malwarebytes : Free anti-malware download
Datenbank Version: v2012.11.11.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Mausi :: MAUSI-PC [Administrator]
Schutz: Aktiviert
11.11.2012 13:05:20
mbam-log-2012-11-11 (13-05-20).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 286869
Laufzeit: 53 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 3
HKCR\CLSID\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
Das ist jetzt der Report OTL:OTL Logfile: Code:
OTL logfile created on: 11.11.2012 14:27:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mausi\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,96 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,96% Memory free
3,92 Gb Paging File | 2,53 Gb Available in Paging File | 64,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134,36 Gb Total Space | 93,54 Gb Free Space | 69,62% Space Free | Partition Type: NTFS
Computer Name: MAUSI-PC | User Name: Mausi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Mausi\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarsrv.exe (Babylon Ltd.)
PRC - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe (Eastman Kodak Company)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Babylon\Babylon-Pro\TC\BabylonTC.exe (Ginger Software)
PRC - C:\Programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
========== Modules (No Company Name) ==========
MOD - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.3.8\escortShld.dll ()
MOD - C:\Programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Kodak AiO Network Discovery Service) -- C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (O2FLASH) -- C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\MAGIX\Common\Database\bin\fbserver.exe (The Firebird Project)
========== Driver Services (SafeList) ==========
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (O2MDGRDR) -- C:\Windows\System32\drivers\o2mdg.sys (O2Micro )
DRV - (O2SDGRDR) -- C:\Windows\System32\drivers\o2sdg.sys (O2Micro )
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 49 6F 6D 90 89 CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def&affID=10588&tl=gbn321508&tt=4512_5
IE - HKCU\..\SearchScopes\{1EEDA97A-92E2-464B-BDE0-EEB25B887076}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de
IE - HKCU\..\SearchScopes\{A4AF560C-0D61-44D1-A929-F9E2AB3AFCC6}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{B416BF4D-ABC1-486D-8211-186AE06664B5}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{CC62371D-009F-4DF1-A7BA-3B27203D9AA5}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
[2012.08.18 15:40:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mausi\AppData\Roaming\mozilla\Extensions
[2012.08.18 15:40:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mausi\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.11.11 14:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A7AEC41-4B61-41F8-87B2-F4C2DF092BB7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A800D522-748B-4B71-9F43-FA4EC8C6541D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7b7f845e-92df-11e1-8df1-0026b9978fd1}\Shell - "" = AutoRun
O33 - MountPoints2\{7b7f845e-92df-11e1-8df1-0026b9978fd1}\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.11.11 14:12:35 | 000,000,000 | ---D | C] -- C:\Users\Mausi\AppData\Local\Babylon
[2012.11.11 14:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
[2012.11.11 14:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012.11.11 14:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.11.11 14:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2012.11.11 14:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.11.11 14:11:18 | 000,000,000 | ---D | C] -- C:\Users\Mausi\AppData\Roaming\Babylon
[2012.11.11 13:02:32 | 000,000,000 | ---D | C] -- C:\Users\Mausi\AppData\Roaming\Malwarebytes
[2012.11.11 13:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.11 13:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.11 13:02:15 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.11 13:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.18 22:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck
[2012.10.18 22:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons
[2012.10.18 22:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1 Mail & Media GmbH
[2012.10.18 22:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck
[2012.10.18 22:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb
[1 C:\Users\Mausi\AppData\Roaming\*.tmp files -> C:\Users\Mausi\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.11.11 14:12:09 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk
[2012.11.11 14:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.11 14:00:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.11 13:02:16 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.11 12:00:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.11 11:45:27 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.11 11:45:27 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.11 11:42:36 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.11 11:42:36 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.11 11:42:36 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.11 11:42:36 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.11 11:37:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.11 11:37:43 | 1579,913,216 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.08 11:52:03 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.10.18 22:13:43 | 000,002,216 | ---- | M] () -- C:\Users\Mausi\Desktop\Amazon.lnk
[2012.10.18 22:13:43 | 000,002,214 | ---- | M] () -- C:\Users\Mausi\Desktop\WEB.DE.lnk
[2012.10.18 22:13:43 | 000,002,208 | ---- | M] () -- C:\Users\Mausi\Desktop\eBay.lnk
[2012.10.12 18:11:59 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.12 18:11:59 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Users\Mausi\AppData\Roaming\*.tmp files -> C:\Users\Mausi\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.11.11 14:12:09 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk
[2012.11.11 13:02:16 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.08 11:22:48 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.10.18 22:13:43 | 000,002,216 | ---- | C] () -- C:\Users\Mausi\Desktop\Amazon.lnk
[2012.10.18 22:13:43 | 000,002,214 | ---- | C] () -- C:\Users\Mausi\Desktop\WEB.DE.lnk
[2012.10.18 22:13:43 | 000,002,208 | ---- | C] () -- C:\Users\Mausi\Desktop\eBay.lnk
[2012.07.24 09:09:22 | 000,231,195 | ---- | C] () -- C:\Users\Mausi\AppData\Local\census.cache
[2012.07.24 09:09:08 | 000,106,401 | ---- | C] () -- C:\Users\Mausi\AppData\Local\ars.cache
[2012.07.24 09:00:22 | 000,000,036 | ---- | C] () -- C:\Users\Mausi\AppData\Local\housecall.guid.cache
[2012.07.23 15:47:47 | 000,000,034 | ---- | C] () -- C:\Users\Mausi\AppData\Roaming\blckdom.res
[2011.11.17 20:30:57 | 000,000,000 | ---- | C] () -- C:\Users\Mausi\AppData\Local\{71946F6B-2927-49B5-B0C1-77BA838476FE}
[2011.07.09 12:03:20 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011.07.05 20:09:22 | 000,000,000 | ---- | C] () -- C:\Windows\homeDVD-Fotos5_dlx.INI
[2011.07.05 19:58:22 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2011.07.05 19:48:40 | 000,002,856 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.06.10 05:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.02.11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.10.18 22:13:43 | 000,000,000 | ---D | M] -- C:\Users\Mausi\AppData\Roaming\1&1 Mail & Media GmbH
[2012.11.11 14:38:42 | 000,000,000 | ---D | M] -- C:\Users\Mausi\AppData\Roaming\Babylon
[2012.08.18 12:34:46 | 000,000,000 | ---D | M] -- C:\Users\Mausi\AppData\Roaming\becker
[2010.12.05 18:16:59 | 000,000,000 | ---D | M] -- C:\Users\Mausi\AppData\Roaming\CheckPoint
[2012.05.17 10:19:25 | 000,000,000 | ---D | M] -- C:\Users\Mausi\AppData\Roaming\elsterformular
[2012.07.10 16:13:47 | 000,000,000 | ---D | M] -- C:\Users\Mausi\AppData\Roaming\kock
[2011.07.05 20:16:35 | 000,000,000 | ---D | M] -- C:\Users\Mausi\AppData\Roaming\MAGIX
[2012.08.18 15:39:54 | 000,000,000 | ---D | M] -- C:\Users\Mausi\AppData\Roaming\Philips-Songbird
[2010.01.10 21:58:54 | 000,000,000 | ---D | M] -- C:\Users\Mausi\AppData\Roaming\SecretsOfOlympus
[2012.04.18 21:01:55 | 000,000,000 | ---D | M] -- C:\Users\Mausi\AppData\Roaming\temp
[2012.07.16 21:00:30 | 000,000,000 | ---D | M] -- C:\Users\Mausi\AppData\Roaming\TuneUp Software
[2012.07.10 19:07:05 | 000,000,000 | ---D | M] -- C:\Users\Mausi\AppData\Roaming\UAs
[2012.07.11 20:52:25 | 000,000,000 | ---D | M] -- C:\Users\Mausi\AppData\Roaming\Utils
[2012.07.10 19:07:54 | 000,000,000 | ---D | M] -- C:\Users\Mausi\AppData\Roaming\xmldm
========== Purity Check ==========
< End of report > --- --- ---
Ich hoffe, ich habe alles richtig gemacht. Ansonsten bitte kurze Info, dann versuch ich es nocheinmal. Mir ist leider erst, als OTL bereits am laufen war, aufgefallen, dass ich nicht das Häkchen bei "Scane alle Benutzer" gesetzt habe. Jetzt natürlich die Frage, war das ein großer Fehler? Der Laptop wird nur von meiner Frau und mir genutzt, wir haben hier jetzt keine "seperaten Eingänge mit Paßwort" oder sowas...
Gut, dann möchte ich mich jetzt schon einmal ganz ganz herzlich für die Hilfe und die damit verbundene Mühe bedanken !!!
Viele Grüße... |