Diese Webseite kann nicht angezeigt werden / Desktop gesperrt

ener90 · 28.07.2012, 20:05

Hallo habe das Problem seit gestern. Habe mir ein Video im Internet angeguckt und schwups ging nichts mehr. Habe immer einen weißen Bildschirm mit der Fehlermeldung "Diese Webseite kann nicht angezeigt werden" und kann auf nichts zugreifen. Der Task-Manager stürzt auch immer wieder ab.
Habe allerdings Zugriff auf den abgesicherten Modus mit Netzwerktreibern.
Habe die drei Programme, die ihr vorgeschlagen habt, schon durchlaufen lassen. (OTL, Gmer, und Defogger)

Hier der Text von Gmer:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-28 20:41:09
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9320320AS rev.0303
Running: q3jpor2d.exe; Driver: C:\Users\Nadine\AppData\Local\Temp\kxlirkoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                           tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                           AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                         tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \FileSystem\fastfat \Fat                                                                         AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc0f66b1                      
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001bdc0f66b1 (not active ControlSet)  

---- Files - GMER 1.0.15 ----

File            C:\ADSM_PData_0150                                                                               0 bytes
File            C:\ADSM_PData_0150\DB                                                                            0 bytes
File            C:\ADSM_PData_0150\DB\SI.db                                                                      624 bytes
File            C:\ADSM_PData_0150\DB\UL.db                                                                      16 bytes
File            C:\ADSM_PData_0150\DB\VL.db                                                                      16 bytes
File            C:\ADSM_PData_0150\DB\_avt                                                                       512 bytes
File            C:\ADSM_PData_0150\DragWait.exe                                                                  253952 bytes executable
File            C:\ADSM_PData_0150\_avt                                                                          512 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86                                      0 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys                            29752 bytes executable
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt                                 512 bytes

---- EOF - GMER 1.0.15 ----

Hier die beiden von OTL:

Code:

ATTFilter

OTL logfile created on: 28.07.2012 19:47:29 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Nadine\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 82,20% Memory free
6,19 Gb Paging File | 5,88 Gb Available in Paging File | 94,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 96,94 Gb Free Space | 65,04% Space Free | Partition Type: NTFS
Drive D: | 137,33 Gb Total Space | 52,55 Gb Free Space | 38,27% Space Free | Partition Type: NTFS
 
Computer Name: NADINE-LAPTOP | User Name: Nadine | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.28 19:41:08 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.02.12 21:50:40 | 000,688,128 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.27 07:32:59 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.06.29 15:19:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.25 15:07:34 | 000,184,848 | ---- | M] (Nitro PDF Software) [Auto | Stopped] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.05.08 16:06:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 16:06:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.24 18:33:03 | 002,326,920 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.09.12 18:09:44 | 000,660,936 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008.03.18 06:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTSTOR.SYS -- (RTSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.08 16:06:32 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 16:06:32 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.10.19 17:56:50 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.24 18:33:04 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011.07.24 18:32:59 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm251.sys -- (tdrpman251)
DRV - [2011.07.24 18:32:57 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011.07.24 18:32:48 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.06.10 18:35:54 | 003,839,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.06.03 08:41:52 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008.05.29 19:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV - [2008.05.13 08:35:24 | 001,772,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008.03.21 06:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.08.03 06:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.06.20 05:12:18 | 000,047,616 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2006.12.14 09:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=00f760dc-579e-43b1-ae17-bcb0c69137be&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=FR&userid=00f760dc-579e-43b1-ae17-bcb0c69137be&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=FR&userid=00f760dc-579e-43b1-ae17-bcb0c69137be&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=FR&userid=00f760dc-579e-43b1-ae17-bcb0c69137be&affid=111583&searchtype=hp&babsrc=lnkry_nt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=FR&userid=00f760dc-579e-43b1-ae17-bcb0c69137be&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=FR&userid=00f760dc-579e-43b1-ae17-bcb0c69137be&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=FR&userid=00f760dc-579e-43b1-ae17-bcb0c69137be&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100467&mntrId=0083f68400000000000000224379dc00
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1.12 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.8&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.6
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {38542454-dfb6-44f5-b052-d4e071a3d073}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857572&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.25 20:50:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.29 15:19:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.25 20:25:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.29 15:19:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.25 20:25:56 | 000,000,000 | ---D | M]
 
[2011.07.24 20:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Extensions
[2012.07.25 22:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\fv0tvdcp.default\extensions
[2011.07.25 19:01:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\fv0tvdcp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.25 22:20:49 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\fv0tvdcp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.17 17:27:51 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\fv0tvdcp.default\extensions\ffxtlbr@babylon.com
[2012.04.25 20:45:58 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\fv0tvdcp.default\extensions\software@loadtubes.com
[2012.07.02 16:12:12 | 000,000,853 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\11-suche.xml
[2010.12.02 09:07:28 | 000,000,919 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\conduit.xml
[2012.07.02 16:12:11 | 000,002,209 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\englische-ergebnisse.xml
[2012.07.02 16:12:11 | 000,010,506 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\gmx-suche.xml
[2012.07.15 16:53:18 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-1.xml
[2010.04.04 18:09:35 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-10.xml
[2010.06.24 15:14:03 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-11.xml
[2010.06.29 18:14:00 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-12.xml
[2010.07.28 19:12:05 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-13.xml
[2010.09.09 21:07:43 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-14.xml
[2010.09.18 10:44:07 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-15.xml
[2010.10.24 17:00:48 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-16.xml
[2010.10.31 15:09:00 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-17.xml
[2010.12.11 18:22:12 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-18.xml
[2010.12.29 14:02:35 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-19.xml
[2009.04.29 06:17:11 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-2.xml
[2011.03.05 13:35:26 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-20.xml
[2011.03.24 18:01:29 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-21.xml
[2011.04.27 21:36:40 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-22.xml
[2011.05.01 21:49:30 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-23.xml
[2011.07.25 19:10:05 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-24.xml
[2011.08.21 23:24:24 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-25.xml
[2011.09.01 18:17:31 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-26.xml
[2011.09.07 22:56:11 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-27.xml
[2011.10.04 21:15:47 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-28.xml
[2011.11.14 18:06:30 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-29.xml
[2009.06.13 12:05:23 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-3.xml
[2012.01.12 21:15:49 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-30.xml
[2012.02.05 19:40:27 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-31.xml
[2012.02.14 15:25:52 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-32.xml
[2012.02.22 19:32:01 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-33.xml
[2012.03.21 19:11:17 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-34.xml
[2012.05.09 21:30:27 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-35.xml
[2012.06.29 15:19:23 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-36.xml
[2012.07.15 17:46:01 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-37.xml
[2009.07.25 10:23:05 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-4.xml
[2009.08.05 15:41:59 | 000,000,656 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-5.xml
[2009.09.11 21:43:34 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-6.xml
[2009.10.29 20:55:18 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-7.xml
[2010.03.14 12:34:34 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-8.xml
[2010.03.27 13:50:25 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin-9.xml
[2012.07.24 14:48:30 | 000,000,168 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin.gif
[2012.07.24 14:48:30 | 000,000,618 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin.src
[2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\icqplugin.xml
[2012.07.02 16:12:12 | 000,002,368 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\lastminute.xml
[2011.05.04 21:59:00 | 000,003,915 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\SweetIM Search.xml
[2012.07.25 17:21:53 | 000,002,474 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\Web Search.xml
[2012.07.02 16:12:11 | 000,005,489 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\webde-suche.xml
[2012.07.22 15:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.07.22 15:08:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.12 17:27:04 | 000,211,765 | ---- | M] () (No name found) -- C:\USERS\NADINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FV0TVDCP.DEFAULT\EXTENSIONS\{89506680-E3F4-484C-A2C0-ED711D481EDA}.XPI
[2012.07.02 16:12:00 | 000,575,217 | ---- | M] () (No name found) -- C:\USERS\NADINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FV0TVDCP.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2012.06.29 15:19:02 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.27 20:51:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.15 16:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.06.29 15:18:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.21 22:39:31 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.29 15:18:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.29 15:18:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.29 15:18:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.29 15:18:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.29 15:18:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (ICQ Sparberater) - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Nadine\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [dcllyoreexqiymw] C:\ProgramData\dcllyore.exe ()
O4 - Startup: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk = C:\Users\Nadine\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4573FF26-4D74-4C58-B69B-5140A1CC1B1D}: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7E24C71-D0A3-4E1E-9BF1-B64422C5E1EA}: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.28 19:46:36 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe
[2012.07.27 19:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ypfpgfzmewjhjiv
[2012.07.22 15:06:53 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Skype
[2012.07.22 15:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.22 15:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.07.22 15:06:27 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.07.22 15:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.07.15 17:50:58 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Nitro PDF
[2012.07.15 17:50:36 | 000,027,152 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll
[2012.07.15 17:50:36 | 000,018,448 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll
[2012.07.15 17:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2012.07.15 17:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2012.07.15 17:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2012.07.15 17:48:15 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Downloaded Installations
[2012.07.15 17:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.07.15 17:31:27 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\pdfforge
[2012.07.15 17:31:12 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.07.15 17:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.07.15 17:31:06 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\OpenCandy
[2012.07.15 16:50:47 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Desktop\Bewerbung
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.28 19:43:16 | 000,302,592 | ---- | M] () -- C:\Users\Nadine\Desktop\q3jpor2d.exe
[2012.07.28 19:43:16 | 000,001,356 | ---- | M] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat
[2012.07.28 19:41:08 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe
[2012.07.28 19:40:06 | 000,000,000 | ---- | M] () -- C:\Users\Nadine\defogger_reenable
[2012.07.28 19:39:04 | 000,050,477 | ---- | M] () -- C:\Users\Nadine\Desktop\Defogger.exe
[2012.07.28 19:25:15 | 000,673,774 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.28 19:25:15 | 000,634,464 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.28 19:25:15 | 000,145,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.28 19:25:15 | 000,119,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.28 19:20:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.28 19:17:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.28 19:17:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.28 18:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.28 18:24:22 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.07.28 11:32:07 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.27 19:04:59 | 000,000,051 | ---- | M] () -- C:\ProgramData\bhbkzkxrwjoiejd
[2012.07.27 19:04:44 | 000,061,440 | ---- | M] () -- C:\ProgramData\dcllyore.exe
[2012.07.27 07:55:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.26 23:27:58 | 000,013,312 | ---- | M] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.26 00:23:58 | 000,000,843 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FILSHtray.lnk
[2012.07.25 18:03:55 | 000,002,631 | ---- | M] () -- C:\Users\Nadine\Desktop\Microsoft Office Word 2007.lnk
[2012.07.16 20:14:08 | 000,372,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.05 13:02:30 | 000,081,920 | ---- | M] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
 
========== Files Created - No Company Name ==========
 
[2012.07.28 19:46:36 | 000,302,592 | ---- | C] () -- C:\Users\Nadine\Desktop\q3jpor2d.exe
[2012.07.28 19:46:36 | 000,050,477 | ---- | C] () -- C:\Users\Nadine\Desktop\Defogger.exe
[2012.07.28 19:40:06 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\defogger_reenable
[2012.07.27 19:04:59 | 000,061,440 | ---- | C] () -- C:\ProgramData\dcllyore.exe
[2012.07.27 19:04:46 | 000,000,051 | ---- | C] () -- C:\ProgramData\bhbkzkxrwjoiejd
[2012.07.26 00:23:58 | 000,000,843 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FILSHtray.lnk
[2012.07.22 15:06:37 | 000,002,379 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.15 17:50:29 | 000,001,872 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk
[2012.02.07 18:37:34 | 000,001,356 | ---- | C] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat
[2011.10.14 16:48:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.08.10 14:30:41 | 000,013,312 | ---- | C] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.25 19:47:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.07.25 19:47:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.07.25 02:36:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2011.07.25 02:30:37 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2011.07.25 02:30:26 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2011.07.25 00:07:05 | 000,081,920 | ---- | C] () -- C:\Windows\PGMONITOR.EXE
[2011.07.25 00:06:52 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2011.07.25 00:06:52 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2011.07.25 00:06:51 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.07.25 00:06:50 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2011.07.25 00:05:19 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2011.07.25 00:03:01 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2011.07.25 00:02:19 | 001,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2011.07.25 00:02:19 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2011.07.25 00:02:19 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2011.07.25 00:02:19 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011.07.24 23:34:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.24 23:12:37 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.07.24 20:55:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
 
========== LOP Check ==========
 
[2011.08.21 22:38:08 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Babylon
[2011.08.28 17:14:44 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Canneverbe Limited
[2011.08.21 22:43:17 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\CBS Interactive
[2012.07.15 17:48:15 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Downloaded Installations
[2012.04.15 14:47:33 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\ICQ
[2012.04.25 20:45:58 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\loadtbs
[2012.07.15 17:52:39 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Nitro PDF
[2012.07.15 17:31:06 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\OpenCandy
[2012.07.15 17:31:27 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\pdfforge
[2011.10.14 17:04:52 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\TeamViewer
[2011.08.21 22:48:58 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\WindSolutions
[2012.07.27 07:55:04 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 28.07.2012 19:47:29 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Nadine\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 82,20% Memory free
6,19 Gb Paging File | 5,88 Gb Available in Paging File | 94,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 96,94 Gb Free Space | 65,04% Space Free | Partition Type: NTFS
Drive D: | 137,33 Gb Total Space | 52,55 Gb Free Space | 38,27% Space Free | Partition Type: NTFS
 
Computer Name: NADINE-LAPTOP | User Name: Nadine | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F3F860-126B-4C59-A6C5-4491D611B997}" = rport=138 | protocol=17 | dir=out | app=system | 
"{04B8E5E8-6DF9-4F79-8FAE-81F0C5ACD357}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0526FBFC-1C5D-4A83-A368-B89EC636BAC9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1C7606C1-31F2-4BEC-B1DF-DBA680B4B714}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1D927C82-69AF-441A-8BC3-840206231A35}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{22DF1930-50EE-4557-B8CD-21CBF90A96AA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{334FF619-C475-41F8-9571-F90F7BF4D376}" = rport=445 | protocol=6 | dir=out | app=system | 
"{33BB60FE-8840-4E4B-8870-6DAC0A603B09}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{3E5399F5-79ED-4959-B925-8407CC22A0E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{542D32F9-6E57-436B-9054-22A175208D2D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{639BDB0C-C6AE-493A-82B5-49B4887D2714}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6E2FA2DF-CA83-47EC-B66A-DE1EDC547A2F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7056F636-BF65-4CEB-8AE4-461BCCD2480C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{71D7D0BF-55EB-40C5-93AC-A85DA5EFB37A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{75778374-4FD3-42D4-AD1D-3FF6BC3DEC71}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{800A6E0B-535C-4EBF-BB0E-8BEDDC628270}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9BC82F5D-9E5F-4D53-B9D4-D46136B6BE7C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B408D360-CC99-4C77-AD04-1AC548D686BD}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B5D8C32F-5D33-4CD9-9F5B-34A0E9D4362E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B9F2E412-B514-43A6-942E-C66B2C8D07C3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{C77B314A-6BC2-4720-9FDB-7B74EAC8649C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D17EB796-4A88-48AA-ADD7-791499A0F2B2}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{D50809A1-1C0B-4018-941F-9CE828FE6644}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DAB26B18-E289-46F6-B06F-9FF70B9F1221}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DC68FE0F-A3DE-4059-A6C7-B15DEC967528}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F1DBD7F3-CB25-4859-ABA1-A70E08C1D7C1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F33534E0-6576-404B-B695-E5EF97E2BF1D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2134D3F0-035D-436B-BF17-442D6B11FEBF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{434D5ACF-5A11-46D5-ACA8-E1BDA60A91F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{43ED1EC7-A265-4CDE-95A3-D63D56AA14E2}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{491629DE-7BCD-471E-8668-7B8085BD08B4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6E671B7D-2877-49D2-B5CA-B8E5619D2DA3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{74DBDC77-4545-4634-B432-791246025037}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{806D51DD-93FF-4FDC-95F4-37EE3BA45812}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{903BD706-9EFF-41A4-92B2-9AECC22CEC05}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{912EB071-C6E9-42FE-B1BF-6E6E2130ED6D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{92FC1D97-204D-4DD3-8635-1A42993ABEE1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{99F83690-A8F0-42C0-90A3-E2C4F5A52227}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9BAFFB8D-F4CD-4EBF-ADA5-D1CF9D48A6E0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A6CE7143-8120-4834-BD73-3C9A5B1C7862}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AE0875CF-83C1-4030-8EF1-32112719D256}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{C36608ED-5C2B-4F9B-8CCF-903E0C3DE62B}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{CFE98295-25BE-4A29-B4AB-369AD878AAD0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{096EB4FC-E110-8426-4295-CE869349527C}" = Catalyst Control Center Localization Turkish
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C7D5C27-49E4-3273-5B83-EE608FFD7FA8}" = Catalyst Control Center Localization Swedish
"{0D37C7F0-2C9B-692C-4657-3A1BDD9F67C8}" = CCC Help French
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{11D9CBD3-17FF-1456-47DA-0817FD09816B}" = CCC Help Spanish
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18C8C1F6-A36A-A42E-1FB2-D9B3ECF538AD}" = CCC Help Finnish
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{221F76A9-68F0-4658-B296-A87CAED6A726}" = Nitro Reader 2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28F332E8-7A90-512B-E222-67013949139E}" = ccc-utility
"{29A1D086-A174-485A-1577-ED3E98CEB391}" = Catalyst Control Center Localization Polish
"{29DCE677-70BB-A83C-F7B3-D2E5C31748B9}" = CCC Help Russian
"{2A1598E3-4CB4-545A-A824-F7921E31167E}" = Catalyst Control Center Localization Greek
"{32EC3CBE-4A4A-2BB7-2BB6-F5A49902A6EE}" = Skins
"{336DA7E1-35FC-67C7-2A6A-1E048D661B35}" = Catalyst Control Center Localization Dutch
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3BDAD4E1-5A70-E9BF-CA71-05C9DA49040B}" = CCC Help Hungarian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4583D057-A120-6B48-7BCE-FDFC86556C4C}" = Catalyst Control Center Localization Czech
"{484E9C72-90B3-0E72-69FB-02826E25EDF3}" = ATI Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C5D72D0-CDFE-3952-C813-FA2F52FB2C87}" = CCC Help Greek
"{4F5D7C1B-6CB0-F45C-F83E-A1FC98FA2C0B}" = CCC Help Italian
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{54E77B08-4375-4584-7363-ECE88A784013}" = Catalyst Control Center Localization German
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5928359F-BF46-4646-BF19-B64E55171EB5}" = FILSHtray
"{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}" = ICQ Sparberater
"{61A55572-0E51-F389-583C-55EBAA4ED575}" = CCC Help Japanese
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{66433C66-28B6-7E2B-9B77-66D10E5E055F}" = CCC Help Polish
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6AB9A96D-C554-E68F-FD7A-8991C99AA497}" = Catalyst Control Center Graphics Previews Vista
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6CF61AF4-F808-9114-E34A-72831AC7660E}" = CCC Help English
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EABC0D-94EB-E569-877E-7BC634A67F0D}" = Catalyst Control Center Localization Russian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81042C93-7A00-71BC-51E9-768A6F849DA2}" = CCC Help Czech
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{86520F07-CEA2-5681-39CA-DF844C659E16}" = CCC Help Swedish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D4BD33B-0429-A9D3-B4B8-68D956F8EE95}" = Catalyst Control Center Localization Chinese Traditional
"{8E50189D-A1B3-3929-5D2F-EC405F7C8A3D}" = CCC Help Chinese Standard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D38CCB7-DE05-A447-8651-8231BC2656BC}" = Catalyst Control Center Graphics Full New
"{9D77BA02-5C15-BA02-B338-FA9351D4140D}" = CCC Help Turkish
"{9E18CB28-70FE-F6F6-9ED9-A661FF87C1AB}" = ccc-core-static
"{A5D74142-6C1B-5CE3-0D76-A41504FBDC47}" = CCC Help Danish
"{AA7D6DB6-9D3F-4CB9-31C0-B4794E0D75D5}" = Catalyst Control Center Localization Danish
"{AB75B59E-07C8-084F-5C7F-E3567ABB4248}" = Catalyst Control Center Localization Japanese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE6370D7-4926-E5C2-705C-9B98B4600C09}" = CCC Help German
"{B1DA213E-4EE2-19F4-277E-81C0E0487076}" = CCC Help Chinese Traditional
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B85A4462-E53C-932E-42EF-2506755EC9A1}" = Catalyst Control Center Localization Thai
"{BDBA9828-200B-43A0-AB4F-82DABEE64F94}_is1" = LPS 2009v 3.0 USB
"{BE426BC1-F401-1E0A-1334-FED883491077}" = Catalyst Control Center InstallProxy
"{BEDB89F5-DF1A-D1E3-A99F-8E64C3BFB934}" = CCC Help Korean
"{BFD373DA-A54D-C040-AD6C-3A1A7FFDA880}" = Catalyst Control Center Localization Italian
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C3E314F1-A53F-D3D7-D7C2-7D0345D6C5D6}" = Catalyst Control Center Graphics Previews Common
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CBCF8E27-A027-CBBD-0F01-58DB1D0E8CF1}" = Catalyst Control Center Localization Chinese Standard
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE560B9B-2991-FE0A-3A78-E053CF94B3DC}" = Catalyst Control Center Localization Norwegian
"{CF5E038B-B6FF-A325-A448-1A02AF57340A}" = CCC Help Portuguese
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D1F23CD0-D2B0-FEA3-E015-2F50BC64B1F4}" = Catalyst Control Center Graphics Full Existing
"{D3224046-1642-9CA4-0908-86EA5F76EBDC}" = Catalyst Control Center Localization Portuguese
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D700ADD4-F389-3EE6-9B9E-2EEFF23B68A2}" = Catalyst Control Center Localization French
"{D7DACC88-5011-78D1-5AB8-8967AC37C190}" = Catalyst Control Center Localization Hungarian
"{DA96BC7A-8208-73CB-CDFB-6B07CC6033D5}" = Catalyst Control Center Localization Finnish
"{DB1384E7-B98E-7482-4FF5-401A8F852D84}" = CCC Help Thai
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E1B05228-9CC4-2702-E106-76D70B4BDDFA}" = Catalyst Control Center Core Implementation
"{E1EC5742-3B54-3E4A-3EEA-DA779ED38FE1}" = CCC Help Norwegian
"{E3A5DDF7-17BD-43F1-9EBA-BB136EEB17DC}" = Catalyst Control Center - Branding
"{E635F30D-FA08-C46B-0BB8-903A1EA04342}" = Catalyst Control Center Graphics Light
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC977620-330D-EC0B-A937-EEFF183AE912}" = CCC Help Dutch
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F596720A-C838-3830-703A-5B3906E277AB}" = Catalyst Control Center Localization Korean
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F99A4B91-B160-B60D-876E-0CF895E15E06}" = Catalyst Control Center Localization Spanish
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"DivX Setup" = DivX-Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"loadtbs-2.1" = loadtbs-2.1
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"93b54dbdbb302b0d" = Eichsfeld Gymnasium Duderstadt - VPN
"CNET TechTracker" = CNET TechTracker
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.07.2012 01:21:54 | Computer Name = Nadine-Laptop | Source = CNET TechTracker | ID = 131074
Description = Unable to complete request due to error:    Die Serververbindung konnte
 nicht hergestellt werden.
 
Error - 26.07.2012 01:21:54 | Computer Name = Nadine-Laptop | Source = CNET TechTracker | ID = 131074
Description = Unable to complete request due to error:    The server was busy and could
 not check for updates.
 
Error - 26.07.2012 01:21:55 | Computer Name = Nadine-Laptop | Source = CNET TechTracker | ID = 131074
Description = result: Scan Failed - General scan failure computer: Nadine-Laptop scanned
 on: 25.07.2012 22:19
 
Error - 26.07.2012 01:55:07 | Computer Name = Nadine-Laptop | Source = EventSystem | ID = 4621
Description = 
 
Error - 26.07.2012 10:38:41 | Computer Name = Nadine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.07.2012 10:38:48 | Computer Name = Nadine-Laptop | Source = CNET TechTracker | ID = 131074
Description = Unable to complete request due to error:    Die Serververbindung konnte
 nicht hergestellt werden.
 
Error - 26.07.2012 10:38:48 | Computer Name = Nadine-Laptop | Source = CNET TechTracker | ID = 131074
Description = Unable to complete request due to error:    The server was busy and could
 not check for updates.
 
Error - 26.07.2012 10:38:50 | Computer Name = Nadine-Laptop | Source = CNET TechTracker | ID = 131074
Description = result: Scan Failed - General scan failure computer: Nadine-Laptop scanned
 on: 25.07.2012 22:19
 
Error - 26.07.2012 11:56:05 | Computer Name = Nadine-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MsMpEng.exe, Version 4.0.1526.0, Zeitstempel
 0x4f710236, fehlerhaftes Modul offreg.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x4b70d7bd, Ausnahmecode 0xc0000005, Fehleroffset 0x68175d9a,  Prozess-ID 0x4a8, 
Anwendungsstartzeit 01cd6b3c1fa011ea.
 
Error - 26.07.2012 11:59:49 | Computer Name = Nadine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 28.07.2012 13:20:13 | Computer Name = Nadine-Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 28.07.2012 um 19:18:10 unerwartet heruntergefahren.
 
Error - 28.07.2012 13:20:51 | Computer Name = Nadine-Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 28.07.2012 13:21:00 | Computer Name = Nadine-Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 28.07.2012 13:21:00 | Computer Name = Nadine-Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 28.07.2012 13:21:09 | Computer Name = Nadine-Laptop | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 28.07.2012 13:21:19 | Computer Name = Nadine-Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 28.07.2012 13:21:27 | Computer Name = Nadine-Laptop | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 28.07.2012 13:21:27 | Computer Name = Nadine-Laptop | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 28.07.2012 13:30:36 | Computer Name = Nadine-Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 28.07.2012 13:30:36 | Computer Name = Nadine-Laptop | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.131.740.0     Aktualisierungsquelle: %%859

	Aktualisierungsphase:
 %%852     Quellpfad: Default URL     Signaturtyp: %%800     Aktualisierungstyp: %%803     Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8601.0     Fehlercode:
 0x8007043c     Fehlerbeschreibung: Der Dienst kann nicht im abgesicherten Modus gestartet
 werden. 
 
 
< End of report >

Und ich habe ein Problem die Dateien als Anhänge anzufügen. Das Fenster öffnet sich, aber ich kann nichts eingeben und auch nicht auf durchsuchen klicken.

MfG ener90, eine schönen Abend noch.

Hallo, die Themenüberschrift müsste eigentlich heißen: "Dieses Programm kann die Webseite nicht anzeigen". Entschuldigt bitte. Ich hoffe ihr könnt mir helfen.

MfG ener90

Ihr benötigt sicherlich auch noch die Angabe zu meinem Betriebssystem. Habe Windows Vista Home Premium mit 32-Bit (Ich glaube das heißt so).

cosinus · 30.07.2012, 13:18

Zitat:

Boot Mode: SafeMode with Networking |

Wenn dieser Modus funktioniert, kannst du erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

ener90 · 30.07.2012, 19:02

Schonmal danke für die ersten Hilfestellungen.

Hier der Log von Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.30.08

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Nadine :: NADINE-LAPTOP [Administrator]

Schutz: Deaktiviert

30.07.2012 19:01:37
mbam-log-2012-07-30 (19-01-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 298047
Laufzeit: 44 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dcllyoreexqiymw (Trojan.Ransom) -> Daten: C:\ProgramData\dcllyore.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\dcllyore.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Der von ESET folgt

Hier der Log-Text vom ESET-Scan:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1331f00aaebebf44b9e5782729bf9bc2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-30 08:58:32
# local_time=2012-07-30 10:58:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 22393659 22393659 0 0
# compatibility_mode=5892 16776574 100 100 32054845 181207092 0 0
# compatibility_mode=8192 67108863 100 0 1736 1736 0 0
# scanned=123144
# found=8
# cleaned=0
# scan_time=7548
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarApp.dll	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarsrv.exe	probably a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Nadine\AppData\Local\Babylon\Setup\MyBabylonTB.exe	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Nadine\AppData\Local\Temp\A29454A8-BAB0-7891-ACED-2BAABCAC1C36\MyBabylonTB.exe	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Nadine\AppData\Local\Temp\ICReinstall\cnet_CopyTransDriversInstallerv1_008_zip.exe	a variant of Win32/InstallCore.D application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Nadine\Downloads\cnet_CopyTransDriversInstallerv1_008_zip(1).exe	a variant of Win32/InstallCore.D application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Nadine\Downloads\cnet_CopyTransDriversInstallerv1_008_zip.exe	a variant of Win32/InstallCore.D application (unable to clean)	00000000000000000000000000000000	I
D:\245f3c27111cfa5164e1400d5d\SweetImSetup.exe	a variant of Win32/SweetIM.B application (unable to clean)	00000000000000000000000000000000	I

ener90 · 01.08.2012, 06:36

Die Symptome sind ersteinmal behoben. Muss ich jetzt noch etwas machen? Vielen dank, bis hierher. Das hat mir echt geholfen

cosinus · 01.08.2012, 20:31

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

ener90 · 08.08.2012, 14:47

Hallo, hatte leider erst jetzt wieder Zeit dies durchzuführen, aber hier die Logdatei:

Code:

ATTFilter

# AdwCleaner v1.800 - Logfile created 08/08/2012 at 15:44:44
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Nadine - NADINE-LAPTOP
# Running from : C:\Users\Nadine\Downloads\Antivirenprogramme\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Nadine\AppData\Local\Babylon
Folder Found : C:\Users\Nadine\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Nadine\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Nadine\AppData\Roaming\Babylon
Folder Found : C:\Users\Nadine\AppData\Roaming\loadtbs
Folder Found : C:\Users\Nadine\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Nadine\AppData\Roaming\pdfforge
Folder Found : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\Conduit
Folder Found : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\ConduitEngine
Folder Found : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\SweetIMToolbarData
Folder Found : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\extensions\ffxtlbr@babylon.com
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Program Files\BabylonToolbar
File Found : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\Conduit.xml
File Found : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\SweetIM Search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\prefs.js

Found : user_pref("CT1351351.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT1351351.AllowNonPrivacy", false);
Found : user_pref("CT1351351.CTID", "CT1351351");
Found : user_pref("CT1351351.CTPBaseServerUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT1351351.CommunityChanged", false);
Found : user_pref("CT1351351.DialogsAlignMode", "LTR");
Found : user_pref("CT1351351.EMailNotifierPollDate", "Sat Dec 05 2009 10:12:31 GMT+0100");
Found : user_pref("CT1351351.FeedLastCount128311388426518939", 631);
Found : user_pref("CT1351351.FeedLastCount4950394486774855536", 775);
Found : user_pref("CT1351351.FeedPollDate128394382574669410", "Sat Dec 05 2009 09:41:21 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate128394382574669411", "Sat Dec 05 2009 09:41:21 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate128394382574669412", "Sat Dec 05 2009 09:41:21 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate128394382574669413", "Sat Dec 05 2009 09:41:21 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate128394382574669414", "Sat Dec 05 2009 09:41:21 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate128559429569307240", "Sat Dec 05 2009 09:41:21 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate128801410134769526", "Sat Dec 05 2009 09:41:21 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate128801410271643768", "Sat Dec 05 2009 09:41:21 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate128801410648675207", "Sat Dec 05 2009 09:41:21 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate128801410803831945", "Sat Dec 05 2009 09:41:21 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate128801411020863399", "Sat Dec 05 2009 09:41:21 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate128801411145707150", "Sat Dec 05 2009 09:41:21 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate128801411258362590", "Sat Dec 05 2009 09:41:22 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate128801411369456587", "Sat Dec 05 2009 09:41:22 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate128801411490081588", "Sat Dec 05 2009 09:41:22 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate128801411659613144", "Sat Dec 05 2009 09:41:22 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate128801411801956980", "Sat Dec 05 2009 09:41:22 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate128801411974300317", "Sat Dec 05 2009 09:41:24 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394483887701331", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394483976521954", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394484036794066", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394484244699460", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394484677920908", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394485118025686", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394485190589828", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394485343949073", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394485475541913", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394485562737970", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394485737904821", "Sat Dec 05 2009 09:41:25 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394485821899979", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394485836399520", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394485850919159", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394485978433530", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394486275715087", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394486434188156", "Sat Dec 05 2009 09:41:25 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394486816226177", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394486839938108", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394487006742036", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394487009522214", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394487051305858", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394487185555116", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394487439991961", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394487528880432", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FeedPollDate4950394487797423089", "Sat Dec 05 2009 09:41:29 GMT+0100");
Found : user_pref("CT1351351.FirstTime", true);
Found : user_pref("CT1351351.FirstTimeFF3", true);
Found : user_pref("CT1351351.FixPageNotFoundErrors", true);
Found : user_pref("CT1351351.FixPageNotFoundUrl", "hxxp://SoftonicDeutsch.OurToolbar.com/notfound/?actid=EB_[...]
Found : user_pref("CT1351351.Initialize", true);
Found : user_pref("CT1351351.InitializeCommonPrefs", true);
Found : user_pref("CT1351351.InvalidateCache", false);
Found : user_pref("CT1351351.IsGrouping", false);
Found : user_pref("CT1351351.IsMulticommunity", false);
Found : user_pref("CT1351351.IsOpenThankYouPage", true);
Found : user_pref("CT1351351.IsOpenUninstallPage", true);
Found : user_pref("CT1351351.LanguagePackLastCheckTime", "Sat Dec 05 2009 09:41:24 GMT+0100");
Found : user_pref("CT1351351.LanguagePackReloadInterval", "24");
Found : user_pref("CT1351351.LastLogin", "Sat Dec 05 2009 09:41:18 GMT+0100");
Found : user_pref("CT1351351.Locale", "de-de");
Found : user_pref("CT1351351.LoginCache", "4");
Found : user_pref("CT1351351.MCDetectTooltipHeight", "83");
Found : user_pref("CT1351351.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT1351351.MCDetectTooltipWidth", "295");
Found : user_pref("CT1351351.MyGadgetsServerUrl", "hxxp://services.MyStuff.u-page.com/MyStuffService.asmx/Le[...]
Found : user_pref("CT1351351.MyGadgetsTrustedDomains", "u-page.com");
Found : user_pref("CT1351351.RadioIsPodcast", false);
Found : user_pref("CT1351351.RadioLastCheckTime", "Sat Dec 05 2009 09:41:33 GMT+0100");
Found : user_pref("CT1351351.RadioLastUpdateIPServer", "4");
Found : user_pref("CT1351351.RadioLastUpdateServer", "128929877726170000");
Found : user_pref("CT1351351.RadioMediaID", "10531746");
Found : user_pref("CT1351351.RadioMediaType", "Media Player");
Found : user_pref("CT1351351.RadioMenuSelectedID", "EBRadioMenu_CT135135110531746");
Found : user_pref("CT1351351.RadioStationName", "Antenne%20Bayern%20Top%2040");
Found : user_pref("CT1351351.RadioStationURL", "hxxp://channels.webradio.antenne.de/top-40");
Found : user_pref("CT1351351.SHRINK_TOOLBAR", 1);
Found : user_pref("CT1351351.SearchFromAddressBarIsInit", true);
Found : user_pref("CT1351351.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT135[...]
Found : user_pref("CT1351351.Server", "hxxp://users.conduit.com");
Found : user_pref("CT1351351.SettingsInvalidateCache", false);
Found : user_pref("CT1351351.SettingsLastUpdate", "1259864510");
Found : user_pref("CT1351351.ThirdPartyComponentsInterval", "72");
Found : user_pref("CT1351351.ThirdPartyComponentsLastCheck", "Wed Apr 08 2009 22:11:06 GMT+0200");
Found : user_pref("CT1351351.ThirdPartyComponentsLastUpdate", "1236615603");
Found : user_pref("CT1351351.ToolbarAlignMode", "SYSTEM");
Found : user_pref("CT1351351.ToolbarName", "Softonic Deutsch");
Found : user_pref("CT1351351.UserID", "UN20090408221111596");
Found : user_pref("CT1351351.VusualLastUpdateTime", "1259864510");
Found : user_pref("CT1351351.WeatherNetwork", "");
Found : user_pref("CT1351351.WeatherPollDate", "Sat Dec 05 2009 10:11:30 GMT+0100");
Found : user_pref("CT1351351.WeatherUnit", "C");
Found : user_pref("CT2857572..clientLogIsEnabled", false);
Found : user_pref("CT2857572..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2857572..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2857572.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2857572.CTID", "CT2857572");
Found : user_pref("CT2857572.CurrentServerDate", "30-12-2010");
Found : user_pref("CT2857572.DialogsAlignMode", "LTR");
Found : user_pref("CT2857572.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Found : user_pref("CT2857572.ExternalComponentPollDate129356796046694434", "Wed Dec 29 2010 00:00:02 GMT+010[...]
Found : user_pref("CT2857572.FirstServerDate", "29-12-2010");
Found : user_pref("CT2857572.FirstTime", true);
Found : user_pref("CT2857572.FirstTimeFF3", true);
Found : user_pref("CT2857572.FixPageNotFoundErrors", true);
Found : user_pref("CT2857572.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2857572.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2857572.HasUserGlobalKeys", true);
Found : user_pref("CT2857572.Initialize", true);
Found : user_pref("CT2857572.InitializeCommonPrefs", true);
Found : user_pref("CT2857572.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2857572.InstalledDate", "Wed Dec 29 2010 00:00:04 GMT+0100");
Found : user_pref("CT2857572.IsGrouping", false);
Found : user_pref("CT2857572.IsMulticommunity", false);
Found : user_pref("CT2857572.IsOpenThankYouPage", true);
Found : user_pref("CT2857572.IsOpenUninstallPage", true);
Found : user_pref("CT2857572.LanguagePackLastCheckTime", "Thu Dec 30 2010 14:48:00 GMT+0100");
Found : user_pref("CT2857572.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2857572.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2857572.LastLogin_3.2.5.2", "Thu Dec 30 2010 14:48:04 GMT+0100");
Found : user_pref("CT2857572.LatestVersion", "3.2.5.2");
Found : user_pref("CT2857572.Locale", "en");
Found : user_pref("CT2857572.MCDetectTooltipHeight", "83");
Found : user_pref("CT2857572.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2857572.MCDetectTooltipWidth", "295");
Found : user_pref("CT2857572.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2857572.SavedHomepage", "hxxp://www.google.de/");
Found : user_pref("CT2857572.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2857572.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Found : user_pref("CT2857572.SearchInNewTabEnabled", true);
Found : user_pref("CT2857572.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2857572.SearchInNewTabLastCheckTime", "Thu Dec 30 2010 14:47:59 GMT+0100");
Found : user_pref("CT2857572.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2857572.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2857572.ServiceMapLastCheckTime", "Thu Dec 30 2010 14:48:00 GMT+0100");
Found : user_pref("CT2857572.SettingsLastCheckTime", "Thu Dec 30 2010 14:47:59 GMT+0100");
Found : user_pref("CT2857572.SettingsLastUpdate", "1293717269");
Found : user_pref("CT2857572.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2857572.ThirdPartyComponentsLastCheck", "Wed Dec 29 2010 00:00:00 GMT+0100");
Found : user_pref("CT2857572.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2857572.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2857572.UserID", "UN44841012576033834");
Found : user_pref("CT2857572.ValidationData_Toolbar", 2);
Found : user_pref("CT2857572.WeatherNetwork", "");
Found : user_pref("CT2857572.WeatherPollDate", "Thu Dec 30 2010 14:48:00 GMT+0100");
Found : user_pref("CT2857572.WeatherUnit", "C");
Found : user_pref("CT2857572.alertChannelId", "1249594");
Found : user_pref("CT2857572.myStuffEnabled", true);
Found : user_pref("CT2857572.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2857572.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2857572.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2857572.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2857572.testingCtid", "");
Found : user_pref("CT2857572.toolbarAppMetaDataLastCheckTime", "Thu Dec 30 2010 14:48:00 GMT+0100");
Found : user_pref("CT2857572.toolbarContextMenuLastCheckTime", "Wed Dec 29 2010 00:00:04 GMT+0100");
Found : user_pref("CT2857572.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249594/1245267/DE", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2857572", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2857572/CT2857572[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Found : user_pref("CommunityToolbar.EngineOwner", "CT2857572");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{38542454-dfb6-44f5-b052-d4e071a3d073}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1.12");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.MyGadgetsIntervalMM", 1440);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2857572");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{38542454-dfb6-44f5-b052-d4e071a3d073}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1.12");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT1351351,ConduitEngine,CT2857572");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1351351,CT2857572");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu May 05 2011 16:25:47 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jul 20 2011 13:16:32 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jul 20 2011 13:16:16 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "e151ee0d-775e-4842-a69a-c6037966a1a9");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2857572");
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Jul 20 2011 13:16:54 GMT+0200");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu May 05 2011 16:25:47 GMT+0200");
Found : user_pref("ConduitEngine.FirstServerDate", "12/29/2010 01");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Wed Dec 29 2010 00:00:02 GMT+0100");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu May 05 2011 16:25:46 GMT+0200");
Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Thu Dec 30 2010 14:48:04 GMT+0100");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu May 05 2011 16:25:46 GMT+0200");
Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu May 05 2011 16:25:46 GMT+0200");
Found : user_pref("ConduitEngine.UserID", "UN63688982549619470");
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu May 05 2011 16:25:46 GMT+0200");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu May 05 2011 16:25:47 GMT+0200");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("ConduitEngine.usagesFlag", 2);
Found : user_pref("browser.search.defaultthis.engineName", "Elf 1.12 Customized Web Search");
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 8);
Found : user_pref("extensions.BabylonToolbar.cntry", "DE");
Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.firstRun", false);
Found : user_pref("extensions.BabylonToolbar.hdrMd5", "272D24576C8AE4F50B0D8F36B0ACDB2E");
Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Found : user_pref("extensions.BabylonToolbar.lastActv", "15");
Found : user_pref("extensions.BabylonToolbar.lastDP", 8);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "14.0");
Found : user_pref("extensions.BabylonToolbar.newTab", true);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Found : user_pref("extensions.BabylonToolbar.propectorlck", 82951137);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "free");
Found : user_pref("extensions.enabledAddons", "ffxtlbr@babylon.com:1.2.0,{89506680-e3f4-484c-a2c0-ed711d481e[...]
Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.mode.debug", "false");
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Found : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]
Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "ICQ Search");
Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.de/");
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_i[...]
Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Found : user_pref("sweetim.toolbar.search.history.capacity", "10");
Found : user_pref("sweetim.toolbar.simapp_id", "{A2ADCD4C-98DA-4C34-9A6E-5DFCCEF6CC5D}");
Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
Found : user_pref("sweetim.toolbar.version", "1.2.0.2");

*************************

AdwCleaner[R1].txt - [28995 octets] - [08/08/2012 15:44:44]

########## EOF - C:\AdwCleaner[R1].txt - [29124 octets] ##########

Danke für deine Hilfe bis hier!

cosinus · 09.08.2012, 12:24

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

ener90 · 09.08.2012, 16:13

Habe ich gemacht, hier die Logdatei:

Code:

ATTFilter

# AdwCleaner v1.800 - Logfile created 08/09/2012 at 17:01:24
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Nadine - NADINE-LAPTOP
# Running from : C:\Users\Nadine\Downloads\Antivirenprogramme\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Nadine\AppData\Local\Babylon
Folder Deleted : C:\Users\Nadine\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Nadine\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Nadine\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Nadine\AppData\Roaming\loadtbs
Folder Deleted : C:\Users\Nadine\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Nadine\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\Conduit
Folder Deleted : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\ConduitEngine
Folder Deleted : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\SweetIMToolbarData
Folder Deleted : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\extensions\ffxtlbr@babylon.com
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files\BabylonToolbar
File Deleted : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\searchplugins\SweetIM Search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\prefs.js

C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\fv0tvdcp.default\user.js ... Deleted !

Deleted : user_pref("CT1351351.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1351351.AllowNonPrivacy", false);
Deleted : user_pref("CT1351351.CTID", "CT1351351");
Deleted : user_pref("CT1351351.CTPBaseServerUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1351351.CommunityChanged", false);
Deleted : user_pref("CT1351351.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1351351.EMailNotifierPollDate", "Sat Dec 05 2009 10:12:31 GMT+0100");
Deleted : user_pref("CT1351351.FeedLastCount128311388426518939", 631);
Deleted : user_pref("CT1351351.FeedLastCount4950394486774855536", 775);
Deleted : user_pref("CT1351351.FeedPollDate128394382574669410", "Sat Dec 05 2009 09:41:21 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate128394382574669411", "Sat Dec 05 2009 09:41:21 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate128394382574669412", "Sat Dec 05 2009 09:41:21 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate128394382574669413", "Sat Dec 05 2009 09:41:21 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate128394382574669414", "Sat Dec 05 2009 09:41:21 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate128559429569307240", "Sat Dec 05 2009 09:41:21 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate128801410134769526", "Sat Dec 05 2009 09:41:21 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate128801410271643768", "Sat Dec 05 2009 09:41:21 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate128801410648675207", "Sat Dec 05 2009 09:41:21 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate128801410803831945", "Sat Dec 05 2009 09:41:21 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate128801411020863399", "Sat Dec 05 2009 09:41:21 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate128801411145707150", "Sat Dec 05 2009 09:41:21 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate128801411258362590", "Sat Dec 05 2009 09:41:22 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate128801411369456587", "Sat Dec 05 2009 09:41:22 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate128801411490081588", "Sat Dec 05 2009 09:41:22 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate128801411659613144", "Sat Dec 05 2009 09:41:22 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate128801411801956980", "Sat Dec 05 2009 09:41:22 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate128801411974300317", "Sat Dec 05 2009 09:41:24 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394483887701331", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394483976521954", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394484036794066", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394484244699460", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394484677920908", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394485118025686", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394485190589828", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394485343949073", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394485475541913", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394485562737970", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394485737904821", "Sat Dec 05 2009 09:41:25 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394485821899979", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394485836399520", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394485850919159", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394485978433530", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394486275715087", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394486434188156", "Sat Dec 05 2009 09:41:25 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394486816226177", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394486839938108", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394487006742036", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394487009522214", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394487051305858", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394487185555116", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394487439991961", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394487528880432", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FeedPollDate4950394487797423089", "Sat Dec 05 2009 09:41:29 GMT+0100");
Deleted : user_pref("CT1351351.FirstTime", true);
Deleted : user_pref("CT1351351.FirstTimeFF3", true);
Deleted : user_pref("CT1351351.FixPageNotFoundErrors", true);
Deleted : user_pref("CT1351351.FixPageNotFoundUrl", "hxxp://SoftonicDeutsch.OurToolbar.com/notfound/?actid=EB_[...]
Deleted : user_pref("CT1351351.Initialize", true);
Deleted : user_pref("CT1351351.InitializeCommonPrefs", true);
Deleted : user_pref("CT1351351.InvalidateCache", false);
Deleted : user_pref("CT1351351.IsGrouping", false);
Deleted : user_pref("CT1351351.IsMulticommunity", false);
Deleted : user_pref("CT1351351.IsOpenThankYouPage", true);
Deleted : user_pref("CT1351351.IsOpenUninstallPage", true);
Deleted : user_pref("CT1351351.LanguagePackLastCheckTime", "Sat Dec 05 2009 09:41:24 GMT+0100");
Deleted : user_pref("CT1351351.LanguagePackReloadInterval", "24");
Deleted : user_pref("CT1351351.LastLogin", "Sat Dec 05 2009 09:41:18 GMT+0100");
Deleted : user_pref("CT1351351.Locale", "de-de");
Deleted : user_pref("CT1351351.LoginCache", "4");
Deleted : user_pref("CT1351351.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1351351.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1351351.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1351351.MyGadgetsServerUrl", "hxxp://services.MyStuff.u-page.com/MyStuffService.asmx/Le[...]
Deleted : user_pref("CT1351351.MyGadgetsTrustedDomains", "u-page.com");
Deleted : user_pref("CT1351351.RadioIsPodcast", false);
Deleted : user_pref("CT1351351.RadioLastCheckTime", "Sat Dec 05 2009 09:41:33 GMT+0100");
Deleted : user_pref("CT1351351.RadioLastUpdateIPServer", "4");
Deleted : user_pref("CT1351351.RadioLastUpdateServer", "128929877726170000");
Deleted : user_pref("CT1351351.RadioMediaID", "10531746");
Deleted : user_pref("CT1351351.RadioMediaType", "Media Player");
Deleted : user_pref("CT1351351.RadioMenuSelectedID", "EBRadioMenu_CT135135110531746");
Deleted : user_pref("CT1351351.RadioStationName", "Antenne%20Bayern%20Top%2040");
Deleted : user_pref("CT1351351.RadioStationURL", "hxxp://channels.webradio.antenne.de/top-40");
Deleted : user_pref("CT1351351.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT1351351.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1351351.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT135[...]
Deleted : user_pref("CT1351351.Server", "hxxp://users.conduit.com");
Deleted : user_pref("CT1351351.SettingsInvalidateCache", false);
Deleted : user_pref("CT1351351.SettingsLastUpdate", "1259864510");
Deleted : user_pref("CT1351351.ThirdPartyComponentsInterval", "72");
Deleted : user_pref("CT1351351.ThirdPartyComponentsLastCheck", "Wed Apr 08 2009 22:11:06 GMT+0200");
Deleted : user_pref("CT1351351.ThirdPartyComponentsLastUpdate", "1236615603");
Deleted : user_pref("CT1351351.ToolbarAlignMode", "SYSTEM");
Deleted : user_pref("CT1351351.ToolbarName", "Softonic Deutsch");
Deleted : user_pref("CT1351351.UserID", "UN20090408221111596");
Deleted : user_pref("CT1351351.VusualLastUpdateTime", "1259864510");
Deleted : user_pref("CT1351351.WeatherNetwork", "");
Deleted : user_pref("CT1351351.WeatherPollDate", "Sat Dec 05 2009 10:11:30 GMT+0100");
Deleted : user_pref("CT1351351.WeatherUnit", "C");
Deleted : user_pref("CT2857572..clientLogIsEnabled", false);
Deleted : user_pref("CT2857572..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2857572..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2857572.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2857572.CTID", "CT2857572");
Deleted : user_pref("CT2857572.CurrentServerDate", "30-12-2010");
Deleted : user_pref("CT2857572.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2857572.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2857572.ExternalComponentPollDate129356796046694434", "Wed Dec 29 2010 00:00:02 GMT+010[...]
Deleted : user_pref("CT2857572.FirstServerDate", "29-12-2010");
Deleted : user_pref("CT2857572.FirstTime", true);
Deleted : user_pref("CT2857572.FirstTimeFF3", true);
Deleted : user_pref("CT2857572.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2857572.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2857572.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2857572.HasUserGlobalKeys", true);
Deleted : user_pref("CT2857572.Initialize", true);
Deleted : user_pref("CT2857572.InitializeCommonPrefs", true);
Deleted : user_pref("CT2857572.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2857572.InstalledDate", "Wed Dec 29 2010 00:00:04 GMT+0100");
Deleted : user_pref("CT2857572.IsGrouping", false);
Deleted : user_pref("CT2857572.IsMulticommunity", false);
Deleted : user_pref("CT2857572.IsOpenThankYouPage", true);
Deleted : user_pref("CT2857572.IsOpenUninstallPage", true);
Deleted : user_pref("CT2857572.LanguagePackLastCheckTime", "Thu Dec 30 2010 14:48:00 GMT+0100");
Deleted : user_pref("CT2857572.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2857572.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2857572.LastLogin_3.2.5.2", "Thu Dec 30 2010 14:48:04 GMT+0100");
Deleted : user_pref("CT2857572.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT2857572.Locale", "en");
Deleted : user_pref("CT2857572.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2857572.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2857572.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2857572.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2857572.SavedHomepage", "hxxp://www.google.de/");
Deleted : user_pref("CT2857572.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2857572.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Deleted : user_pref("CT2857572.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2857572.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2857572.SearchInNewTabLastCheckTime", "Thu Dec 30 2010 14:47:59 GMT+0100");
Deleted : user_pref("CT2857572.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2857572.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2857572.ServiceMapLastCheckTime", "Thu Dec 30 2010 14:48:00 GMT+0100");
Deleted : user_pref("CT2857572.SettingsLastCheckTime", "Thu Dec 30 2010 14:47:59 GMT+0100");
Deleted : user_pref("CT2857572.SettingsLastUpdate", "1293717269");
Deleted : user_pref("CT2857572.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2857572.ThirdPartyComponentsLastCheck", "Wed Dec 29 2010 00:00:00 GMT+0100");
Deleted : user_pref("CT2857572.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2857572.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2857572.UserID", "UN44841012576033834");
Deleted : user_pref("CT2857572.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2857572.WeatherNetwork", "");
Deleted : user_pref("CT2857572.WeatherPollDate", "Thu Dec 30 2010 14:48:00 GMT+0100");
Deleted : user_pref("CT2857572.WeatherUnit", "C");
Deleted : user_pref("CT2857572.alertChannelId", "1249594");
Deleted : user_pref("CT2857572.myStuffEnabled", true);
Deleted : user_pref("CT2857572.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2857572.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2857572.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2857572.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2857572.testingCtid", "");
Deleted : user_pref("CT2857572.toolbarAppMetaDataLastCheckTime", "Thu Dec 30 2010 14:48:00 GMT+0100");
Deleted : user_pref("CT2857572.toolbarContextMenuLastCheckTime", "Wed Dec 29 2010 00:00:04 GMT+0100");
Deleted : user_pref("CT2857572.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249594/1245267/DE", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2857572", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2857572/CT2857572[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2857572");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{38542454-dfb6-44f5-b052-d4e071a3d073}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1.12");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.MyGadgetsIntervalMM", 1440);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2857572");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{38542454-dfb6-44f5-b052-d4e071a3d073}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1.12");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1351351,ConduitEngine,CT2857572");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1351351,CT2857572");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu May 05 2011 16:25:47 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jul 20 2011 13:16:32 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jul 20 2011 13:16:16 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "e151ee0d-775e-4842-a69a-c6037966a1a9");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2857572");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Jul 20 2011 13:16:54 GMT+0200");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu May 05 2011 16:25:47 GMT+0200");
Deleted : user_pref("ConduitEngine.FirstServerDate", "12/29/2010 01");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Dec 29 2010 00:00:02 GMT+0100");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu May 05 2011 16:25:46 GMT+0200");
Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Thu Dec 30 2010 14:48:04 GMT+0100");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu May 05 2011 16:25:46 GMT+0200");
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu May 05 2011 16:25:46 GMT+0200");
Deleted : user_pref("ConduitEngine.UserID", "UN63688982549619470");
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu May 05 2011 16:25:46 GMT+0200");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu May 05 2011 16:25:47 GMT+0200");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 2);
Deleted : user_pref("browser.search.defaultthis.engineName", "Elf 1.12 Customized Web Search");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 9);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "DE");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "272D24576C8AE4F50B0D8F36B0ACDB2E");
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "15");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 9);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "14.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 83083848);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "free");
Deleted : user_pref("extensions.enabledAddons", "ffxtlbr@babylon.com:1.2.0,{89506680-e3f4-484c-a2c0-ed711d481e[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "ICQ Search");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.de/");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_i[...]
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{A2ADCD4C-98DA-4C34-9A6E-5DFCCEF6CC5D}");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
Deleted : user_pref("sweetim.toolbar.version", "1.2.0.2");

*************************

AdwCleaner[R1].txt - [29126 octets] - [08/08/2012 15:44:44]
AdwCleaner[S1].txt - [29812 octets] - [09/08/2012 17:01:24]

########## EOF - C:\AdwCleaner[S1].txt - [29941 octets] ##########

Muss ich eigentlich die Viren noch aus der Quarantäne von Malwarebytes löschen?

cosinus · 10.08.2012, 19:10

Zitat:

Muss ich eigentlich die Viren noch aus der Quarantäne von Malwarebytes löschen?

Was habt ihr alle immer nur mit der Quarantäne?!

Überleg doch mal was eine Quarantäne ist. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

ener90 · 13.08.2012, 20:20

Naja ich dachte halt nur, solange wie sie in der quarantäne sind, sind sie halt auf dem Rechner. Und ich war eben unsiche, dass da die wieder aktiv werden könnten weil die testversion von Malwarebytes ausläuft oder so.... Prinzipiell funktioniert alles einwandfrei, habe noch nicht bemerkt, dass was fehlt.

cosinus · 14.08.2012, 14:20

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Diese Webseite kann nicht angezeigt werden / Desktop gesperrt

Plagegeister aller Art und deren Bekämpfung: Diese Webseite kann nicht angezeigt werden / Desktop gesperrt