Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trace File: Audio Recorder for Free

Trace File: Audio Recorder for Free


Plagegeister aller Art und deren Bekämpfung: Trace File: Audio Recorder for Free

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.11.2012, 15:58   #1
Steph2012
 
Trace File: Audio Recorder for Free - Standard

Trace File: Audio Recorder for Free


Guten Tag,
vorab schon mal herzlichen Dank an dieses Forum, dass so kompetent den "unwissenden" Computeranwendern weiterhilft, danke, dass Ihr das tut. Zu meiner Frage. Wir haben einen Familien-PC, auf dem auch ein Audio Recorder for Free installiert ist. Emisoft Anti-Malware hat diesen nun als "Schädling" identifiziert:

Emsisoft Anti-Malware - Version 7.0
quarantine log

Datum Ursprung Vorgang Verhalten/Infektion
24.11.2012 13:35:26 C:\Users\Stephan\Desktop\Audio Recorder For Free.lnk In Quarantäne gestellt Trace.File.Audio Recorder For FREE (A)
24.11.2012 13:35:26 C:\Program Files\Audio Recorder For FREE\help.chm Datei nicht gefunden Trace.File.Audio Recorder For FREE (A)
24.11.2012 13:35:20 C:\Program Files\Audio Recorder For FREE In Quarantäne gestellt Trace.File.Audio Recorder For FREE (A)


Ich habe nun die Anleitung des Boards abgearbeitet:

defogger war disable:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:36 on 24/11/2012 (Stephan)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


2. OTL Txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.11.2012 14:13:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 72,61% Memory free
5,99 Gb Paging File | 5,16 Gb Available in Paging File | 86,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 167,10 Gb Free Space | 56,07% Space Free | Partition Type: NTFS
 
Computer Name: FAMILIEN-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.24 14:02:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.11.24 13:08:02 | 003,084,176 | ---- | M] (Emsisoft GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.08.08 19:03:32 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.17 13:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2012.07.17 13:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Programme\Skype\Updater\Updater.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.11.08 10:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 03:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 03:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.08.18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.02.24 14:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfimon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.02.27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.24 13:08:02 | 003,084,176 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Programme\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012.11.17 11:57:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 19:25:00 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 13:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.11.08 10:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.11.20 03:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.07.20 15:26:33 | 000,094,720 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KOBCCID.sys -- (KOBCCID)
DRV - [2012.04.30 17:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.05.19 13:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2011.05.13 02:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.05.13 02:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.05.13 02:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.05.13 02:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.05.13 02:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010.11.20 01:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 00:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.19 04:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.09.19 04:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2009.09.19 04:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2009.09.15 18:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009.08.18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.chatzum.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 04 00 7C 03 0B 00 00 00 19 2D 18 26 00 00 00 80 06 00 7C 03 00 00 00 00  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801937
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D DD C5 16 D6 6C CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CT2801937.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: {b106b661-3e1b-4015-af5c-195e909f35c6}:10.13.40.15
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.17 11:57:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.17 11:57:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.07.20 13:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.11.24 13:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\msk44cbe.default\extensions
[2012.11.24 13:28:39 | 000,000,000 | ---D | M] (NCH DE) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\msk44cbe.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2012.11.24 13:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\msk44cbe.default\extensions\staged
[2012.09.16 20:08:39 | 000,000,905 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\msk44cbe.default\searchplugins\conduit.xml
[2012.09.16 19:41:57 | 000,000,642 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\msk44cbe.default\searchplugins\search-safer.xml
[2012.11.17 11:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.17 11:57:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.11.17 11:57:34 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.23 21:21:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BA294F6-9B75-47DC-9F54-56DC528D56DC}: NameServer = 10.179.224.18,10.179.224.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F0B7216-4D9F-4C37-B896-F2E8F2F64D63}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.24 14:02:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.24 13:43:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.17 11:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.11.02 13:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.11.02 13:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.11.02 13:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.11.02 13:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind
[2012.11.02 13:31:14 | 000,000,000 | ---D | C] -- C:\Program Files\FreeMind
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.24 14:11:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.24 14:11:37 | 2411,855,872 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.24 14:02:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.24 14:01:27 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.11.24 14:00:00 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.24 13:53:31 | 000,015,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.24 13:53:31 | 000,015,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.24 13:50:41 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.24 13:50:41 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.24 13:50:41 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.24 13:50:41 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.24 13:42:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.11.24 13:42:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.11.24 13:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.17 19:02:07 | 000,385,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.02 13:31:15 | 000,001,831 | ---- | M] () -- C:\Users\***\Desktop\FreeMind.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.24 14:01:27 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.11.24 14:00:00 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.24 13:42:00 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.11.24 13:42:00 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.11.17 14:14:12 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.17 14:13:44 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.02 13:31:15 | 000,001,831 | ---- | C] () -- C:\Users\***\Desktop\FreeMind.lnk
[2012.07.21 16:25:15 | 000,000,604 | -H-- | C] () -- C:\Program Files\_F2a
[2012.07.21 11:02:43 | 000,000,604 | -H-- | C] () -- C:\Program Files\STFT Notifier
[2012.07.20 16:43:51 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll
[2012.07.20 16:21:06 | 000,000,313 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2012.07.20 14:33:06 | 000,000,244 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.07.20 14:33:06 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.07.20 14:32:11 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.07.20 14:32:11 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.07.20 14:31:11 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf09d.dat
[2012.07.20 14:31:02 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.07.20 14:31:01 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.07.20 14:31:00 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2012.07.20 14:20:28 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2012.07.20 10:56:56 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.07.19 09:12:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.08.03 16:17:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2012.09.16 19:41:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audio Recorder for Free
[2012.07.21 16:25:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avid
[2012.07.20 10:58:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2012.07.16 15:12:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.09.16 19:28:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Power Sound Editor Free
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


3.OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.11.2012 14:13:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stephan\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 72,61% Memory free
5,99 Gb Paging File | 5,16 Gb Available in Paging File | 86,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 167,10 Gb Free Space | 56,07% Space Free | Partition Type: NTFS
 
Computer Name: FAMILIEN-PC | User Name: Stephan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08733577-50CE-4043-A9C4-B882B2C05A14}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1A2D0005-92F0-418A-901C-04A6F22BC830}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1F112B6D-D3E9-42DF-A763-665694BB531E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{43781AA5-F398-42C8-8360-EFC35287B902}" = lport=139 | protocol=6 | dir=in | app=system | 
"{44642915-B7C5-482C-8E64-915B6BC57044}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{4A2DA93F-FEE9-47AF-BE66-AAC051C3441B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4F2113FE-8F17-4DEA-A6E1-F821763FE378}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{540ED62C-8207-4F10-B829-94196D7C0E00}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{55C79832-BC36-480C-9EEF-F45AE77B2D24}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5AAF1DDF-80E7-4924-9527-A2D9FFAE5CFA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{65CCF5A5-C832-45EB-91F9-A1AE07963E6D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6DFDC26D-42E0-4C0D-8B89-AAABC3F45118}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6F280439-8591-4486-AB40-77D8A222133A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{79CD0071-39E0-4865-952E-637C2252FD88}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7CB40011-E919-418A-AEFA-0BBCDCD4E8F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{97BA67C4-7772-4DDA-8282-EFB23A205987}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9D118B54-9BAD-48DD-87C8-912F06B5B02F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9F09F2D7-6CE3-4279-8063-25FDFA30C8CF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A2333112-5699-4C95-A6F0-9DEE88F25D33}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A414C1FE-E9EA-4769-A392-E3BABDFD6D14}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AFAB3EA5-75A1-4277-B731-0C5272608B44}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C31847D7-D977-4503-99D8-7CAF1E1B48E2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EBFBCBFE-7C56-4C03-AAE8-B88323CBF501}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EC62678C-B144-4EE4-87E6-29F20D8B7839}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A2EFFB-0D20-4168-8940-3DE446C8C94E}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0\ouservice\starmoneyonlineupdate.exe | 
"{0EE95138-E83B-4F9A-8752-B633B922A8AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0F9E65A4-46EA-45D5-B5FA-E5C0A1F81705}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1186D277-3FB3-45FD-87F3-7CB87935DCFE}" = protocol=6 | dir=out | app=system | 
"{1D0F8E45-74FC-45F0-B63C-4C6981A7B32C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2438E897-7C4C-4B11-80CA-DB46802A3467}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2684A385-B473-4E86-9B0A-304C7F1F52C7}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{3B8D3CB9-9E48-4DFD-9EB3-28F2F7866196}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{49999C88-07D1-45FD-9EE8-EA55FD48B571}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5500D46F-58A7-4A8B-98B0-6CF1392CD209}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0\app\starmoney.exe | 
"{64BB32DE-847C-492E-8787-40601D396E22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{680E1F3D-E67F-41C4-8BC5-497DFFF9B007}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{74798B00-8CAC-480F-9AAF-716B06257DB2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{77F242F7-5EC7-4934-AAC8-3F43D42F3AF7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9246678E-6DB1-47F1-A719-9F6099503646}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{97411C42-601A-4791-8DDC-58963EB3287B}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08n\faxrx.exe | 
"{977DB048-2103-4BE7-BD0D-4E7EB372BFE4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9BC61645-22E6-4E49-8550-2481BCFE832E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A641BCD8-7B28-454A-84C2-2C25FBC65296}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AC0662A5-AAC0-4FE4-ADD8-F547258ABAE0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BF57C8D0-03BD-46AF-8EED-882C6DD34E92}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CE588FB7-C2CB-4E55-99A5-CA442F8CDEA6}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0\ouservice\starmoneyonlineupdate.exe | 
"{DBDF49CE-65E3-458B-BFD7-122BFBADAF3F}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08n\faxrx.exe | 
"{E84F0EA8-ED5E-4AB0-8D60-9E4A66892750}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0\app\starmoney.exe | 
"{F88304F6-68DF-4B07-AE3E-56A118B49C9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{184BF682-537C-4CAE-8789-6696508A4032}" = Brother MFL-Pro Suite MFC-5895CW
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3ECA0079-088F-4E69-B66A-65D5E687B092}" = KOBIL Chipkartenterminal Treiber V2.212.02271 Build: 20120227.1
"{3F205F2E-D86D-47F1-A75F-C10164D0731F}" = NetObjects Fusion 10.0
"{43EF7CA8-0439-4677-BE6B-749B4562BBB6}" = KOBIL drivers x64x86 installation
"{44998978-7DDB-4AD0-BDF5-D226FBC029FE}" = Sibelius 7 OpenType Fonts
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{700A38BD-1EFA-4F55-B02B-9D14FF6E66C3}" = StarMoney 7.0 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{89A9B9EE-839E-4820-9450-2912C82F46AF}" = Avid License Control
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90C67C7D-E918-402C-9856-7B13999E1786}" = StarMoney
"{92633C0F-C9BE-41E3-B439-0B508F859DB5}" = StarMoney
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"0d849438-e498-4416-ace4-fa9880d0efaa_is1" = Sibelius 7 First 7.1.2.46
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 2012 CBE_is1" = Ashampoo Burning Studio 2012 CBE v.11.0.4
"ASIO4ALL" = ASIO4ALL
"Audio Recorder for Free_is1" = Audio Recorder for Free v12.9.8
"Audio Recorder Pro_is1" = Audio Recorder Pro 3.70
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"FTP Commander Pro" = FTP Commander Pro
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Power Sound Editor Free" = Power Sound Editor Free
"Sibelius 6 First_is1" = Sibelius 6 First
"Switch" = Switch Audiodatei-Konverter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WAV to MP3" = WAV to MP3
"WavePad" = WavePad Audiobearbeitungs-Software
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.11.2012 08:42:18 | Computer Name = Familien-PC | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 24.11.2012 08:42:19 | Computer Name = Familien-PC | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 24.11.2012 08:42:19 | Computer Name = Familien-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 24.11.2012 08:42:19 | Computer Name = Familien-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 24.11.2012 08:42:19 | Computer Name = Familien-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 24.11.2012 08:42:20 | Computer Name = Familien-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 24.11.2012 08:42:20 | Computer Name = Familien-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 24.11.2012 08:42:20 | Computer Name = Familien-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 24.11.2012 08:42:20 | Computer Name = Familien-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 24.11.2012 08:46:16 | Computer Name = Familien-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/11/24 13:46:16.036]: [00001940]: GetDeviceIpAddress:
 GetAddressByName [BRWCCAF78471093] Error  
 
[ Media Center Events ]
Error - 07.09.2012 02:53:36 | Computer Name = Familien-PC | Source = MCUpdate | ID = 0
Description = 08:53:35 - Fehler beim Herstellen der Internetverbindung.  08:53:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.09.2012 02:53:47 | Computer Name = Familien-PC | Source = MCUpdate | ID = 0
Description = 08:53:41 - Fehler beim Herstellen der Internetverbindung.  08:53:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.09.2012 03:54:01 | Computer Name = Familien-PC | Source = MCUpdate | ID = 0
Description = 09:54:01 - Fehler beim Herstellen der Internetverbindung.  09:54:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.09.2012 03:54:11 | Computer Name = Familien-PC | Source = MCUpdate | ID = 0
Description = 09:54:06 - Fehler beim Herstellen der Internetverbindung.  09:54:06 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.09.2012 04:54:15 | Computer Name = Familien-PC | Source = MCUpdate | ID = 0
Description = 10:54:15 - Fehler beim Herstellen der Internetverbindung.  10:54:15 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.09.2012 04:54:21 | Computer Name = Familien-PC | Source = MCUpdate | ID = 0
Description = 10:54:20 - Fehler beim Herstellen der Internetverbindung.  10:54:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.09.2012 05:54:26 | Computer Name = Familien-PC | Source = MCUpdate | ID = 0
Description = 11:54:26 - Fehler beim Herstellen der Internetverbindung.  11:54:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.09.2012 05:54:32 | Computer Name = Familien-PC | Source = MCUpdate | ID = 0
Description = 11:54:31 - Fehler beim Herstellen der Internetverbindung.  11:54:31 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.09.2012 06:54:37 | Computer Name = Familien-PC | Source = MCUpdate | ID = 0
Description = 12:54:37 - Fehler beim Herstellen der Internetverbindung.  12:54:37 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.09.2012 06:54:43 | Computer Name = Familien-PC | Source = MCUpdate | ID = 0
Description = 12:54:42 - Fehler beim Herstellen der Internetverbindung.  12:54:42 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 24.11.2012 06:08:00 | Computer Name = Familien-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 24.11.2012 08:41:25 | Computer Name = Familien-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 24.11.2012 08:41:25 | Computer Name = Familien-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 24.11.2012 08:42:20 | Computer Name = Familien-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 24.11.2012 08:42:20 | Computer Name = Familien-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 24.11.2012 08:46:06 | Computer Name = Familien-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 24.11.2012 08:46:06 | Computer Name = Familien-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 24.11.2012 09:11:48 | Computer Name = Familien-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?11.?2012 um 14:10:56 unerwartet heruntergefahren.
 
Error - 24.11.2012 09:11:45 | Computer Name = Familien-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 24.11.2012 09:11:45 | Computer Name = Familien-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
--- --- ---



4. Gmer:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-24 15:20:41
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: okhg8y45.exe; Driver: C:\Users\Stephan\AppData\Local\Temp\pxdcakod.sys


---- System - GMER 1.0.15 ----

SSDT            908A8B2E                                                                ZwCreateSection
SSDT            908A8B38                                                                ZwRequestWaitReplyPort
SSDT            908A8B33                                                                ZwSetContextThread
SSDT            908A8B3D                                                                ZwSetSecurityObject
SSDT            908A8B42                                                                ZwSystemDebugControl
SSDT            908A8ACF                                                                ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                82C54A49 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                  82C8E4D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                     82C9562C 4 Bytes  [2E, 8B, 8A, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                     82C95988 4 Bytes  [38, 8B, 8A, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                     82C959CC 4 Bytes  [33, 8B, 8A, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                     82C95A48 4 Bytes  [3D, 8B, 8A, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                     82C95A9C 4 Bytes  JMP 8A8B4282 
.text           ...                                                                     
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                section is writeable [0x91422000, 0x2D5378, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004b                                       halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File            C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS000B6.log  1048576 bytes
File            C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS000B7.log  1048576 bytes
File            C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS000B8.log  1048576 bytes

---- EOF - GMER 1.0.15 ----
--- --- ---



Soweit, ich hoffe, dass ich alles richtig gemacht habe und bitte ggfs um Korrekturanleitung. Vielen Dank für Eure Hilfe Stephan

Entschuldigt - habe das erst gard kapiert, dass ich die kopierten Files in code-Tags hätte umwandeln müssen. Mit Bitte um Nachsicht - Danke

Alt 27.11.2012, 08:44   #2
Psychotic
/// Malwareteam
 
Trace File: Audio Recorder for Free - Standard

Trace File: Audio Recorder for Free




Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.



Diese Meldung besagt nicht, dass es sich bei dem Programm um einen Schädling handelt. Prüfe dein System dennoch einmal mit einem Online Scanner:






ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________
Alt 27.11.2012, 14:57   #3
Steph2012
 
Trace File: Audio Recorder for Free - Standard

Trace File: Audio Recorder for Free


Hallo Marius,
vielen Dank für Deine Hinweise, ich habe mirs genau durchgelesen und wir haben uns jetzt doch entschlossen den Rechner zur Sicherheit neu zu installieren. Vielen Dank für Deine Hilfe und freundliche Grüße Stephan
Thread kann geschlossen werden - Danke
__________________
Alt 28.11.2012, 15:20   #4
Psychotic
/// Malwareteam
 
Trace File: Audio Recorder for Free - Standard

Trace File: Audio Recorder for Free


Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Antwort

Themen zu Trace File: Audio Recorder for Free
7-zip, antivir, autorun, avira, bho, converter, desktop, error, fehler, firefox, flash player, google, helper, home, install.exe, kompetent, logfile, mozilla, mp3, plug-in, registry, rundll, scan, schädling, security, software, starmoney, svchost.exe, windows


« externe Kontrolle auf meinen Laptop? | Nach Win7-Benutzer Anmeldung, kurz Desktop. dann weißer Bildschirm mit Cursor »


Ähnliche Themen: Trace File: Audio Recorder for Free


  1. Adware.Trace in C:\end
    Plagegeister aller Art und deren Bekämpfung - 22.11.2015 (7)
  2. TR/Crypt.XPACK.Gen2 in 'C:\Program Files (x86)\DVDVideoSoft\Free Studio\Free Disc Burner\FreeDiscBurner.exe' gefunden
    Log-Analyse und Auswertung - 25.02.2013 (11)
  3. AVG Free Antivirus vs. Avira AntiVir Personal - FREE Antivirus
    Antiviren-, Firewall- und andere Schutzprogramme - 17.05.2012 (23)
  4. Problem mit Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 11.02.2011 (4)
  5. Audio CD !
    Alles rund um Windows - 10.09.2010 (4)
  6. Internet geblockt - Bifrose.Trace/Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 18.08.2010 (13)
  7. Malware.Trace: cglogs.dat, UuU.uUu, XxX.xXx
    Plagegeister aller Art und deren Bekämpfung - 21.07.2010 (2)
  8. Malware.Trace XxX.xXx
    Plagegeister aller Art und deren Bekämpfung - 24.06.2010 (4)
  9. PC meldet sich sofort wieder ab,Trace.File.Bancos!A2 in x:\i386\system32\network.exe
    Log-Analyse und Auswertung - 27.02.2010 (0)
  10. "NO32 Recorder" und Ad-Watch Live!
    Plagegeister aller Art und deren Bekämpfung - 01.05.2009 (2)
  11. Trace.File Zeno.Search/Trace:C:/windows/System32/msnav32.ax
    Mülltonne - 17.08.2008 (1)
  12. problem mit Trace.File:ZenoSearch
    Mülltonne - 16.08.2008 (0)
  13. Mein DVD-Recorder spinnt, Hilfe!
    Netzwerk und Hardware - 03.08.2008 (5)
  14. Tip Trace
    Plagegeister aller Art und deren Bekämpfung - 11.04.2008 (7)
  15. Trace.Registry.Autumn Waterfalls Screen Saver und Trace.Registry.Heavenly Hibiscus
    Plagegeister aller Art und deren Bekämpfung - 29.01.2008 (7)
  16. Trace.Directory.PigSearch
    Plagegeister aller Art und deren Bekämpfung - 02.02.2007 (10)
  17. Trace.File.BalloonPopWordGame gefunden von a2
    Plagegeister aller Art und deren Bekämpfung - 30.03.2006 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trace File: Audio Recorder for Free - Guten Tag, vorab schon mal herzlichen Dank an dieses Forum, dass so kompetent den "unwissenden" Computeranwendern weiterhilft, danke, dass Ihr das tut. Zu meiner Frage. Wir haben einen Familien-PC, auf - Trace File: Audio Recorder for Free...
Archiv
Du betrachtest: Trace File: Audio Recorder for Free auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55