|
Log-Analyse und Auswertung: Windows 8 32 Bit Werbeeinblendungen - Webcake 3.00 lässt sich nicht deinstallierenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
31.07.2013, 18:02 | #1 |
| Windows 8 32 Bit Werbeeinblendungen - Webcake 3.00 lässt sich nicht deinstallieren Hallo, Ich hoffe auf Hilfe bei der Reinigung des Computers meiner Lebensgefährtin. Bei Systemsteuerung/Programme finde ich Webcake 3.00 welches ich nicht deinstallieren kann, im Firefox habe ich bei den Erweiterungen Webcake 1.00 deaktiviert und anschliessend deinstalliert. Wie werde ich das wieder los? Illegale Software ist meines Wissens nach nicht installiert. Avast hat keine Schädlinge gefunden. Gmer hat sich mit Fehlermeldung abgeschaltet (Programm muss geschlossen werden oder so). Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:40 on 31/07/2013 (Ute) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-07-2013 04 Ran by Ute at 2013-07-31 18:42:38 Running from C:\Users\Ute\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 Plugin (Version: 11.8.800.94) ALF-BanCo 5 (Version: 5.1.1) avast! Free Antivirus (Version: 8.0.1489.0) LG United Mobile Drivers (Version: 3.7.1.0) Light Image Resizer 4.4.2.0 (Version: 4.4.2.0) Microsoft Office Professional Edition 2003 (Version: 11.0.6361.0) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft-Maus- und Tastatur-Center (Version: 2.0.162.0) Mozilla Firefox 22.0 (x86 de) (Version: 22.0) Mozilla Maintenance Service (Version: 22.0) Nokia Connectivity Cable Driver (Version: 7.1.32.69) True Image 2013 (Version: 16.0.6514) VLC media player 2.0.7 (Version: 2.0.7) WebCake 3.00 (Version: 3.00) WISO Steuer-Sparbuch 2013 (Version: 20.00.8137) Zuma Deluxe RA ==================== Restore Points ========================= 15-07-2013 14:05:54 Windows Update 20-07-2013 10:17:45 Windows Update 28-07-2013 18:45:53 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2012-07-26 06:17 - 2012-07-26 06:17 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0E78FEE0-C387-4530-AC36-4D46887FBFD5} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem Task: {0FB9F3EA-4F42-41A0-B8CE-06CDEF09B849} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation) Task: {14D3378C-86DB-4132-A7B1-D5A34EDFBA75} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup Task: {159DA30B-9B91-4267-A71F-5B7ACC15230D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime Task: {174644D4-4E5F-4B13-893F-DC718163E165} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation) Task: {19551B46-1846-491F-A1A4-BCA3134787E6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft) Task: {1E84DCB8-8C84-4436-A108-209A65086823} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {21EBABC3-315E-4262-91EA-833D48E9208B} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update Task: {2A688389-CC03-4F91-9975-542496BDD416} - System32\Tasks\WPD\SqmUpload_S-1-5-21-533882140-3980523968-1356160843-1009 => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {307D6D3E-9D87-4CFD-B668-C60E8C86B0E3} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required Task: {311C4CC9-7320-42AB-B437-C1D02EEB6587} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh Task: {342D8E10-501F-4B38-A4C0-F2DE193B46E9} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler Task: {363B18FF-B363-4665-B1C4-DD7823139C45} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation) Task: {3799C698-B9E2-4D51-86FC-B9B20E8DEF91} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask Task: {3979CF68-CD08-46D3-A340-CB769AE09013} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy Task: {3B292858-FAAA-4B61-9C76-6902AEB7607B} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance Task: {3EC42D4C-09B0-49D9-A6A8-F2E1A94C0A74} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage Task: {410F6B6D-C90E-4E32-9E54-37BFE652A2E0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall Task: {4294B8A6-13BD-4733-8559-C8D558B6F597} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical Task: {44E19131-88E9-4238-9DCD-22306E438BB1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM Task: {4D60BEE0-DD97-4F97-81EF-21AA512A94C6} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\WINDOWS\system32\sc.exe [2012-07-26] (Microsoft Corporation) Task: {4F2DA3E8-0B43-47C0-8811-45ECA435391F} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask Task: {545C008C-4471-44F8-AD15-96CB8BB2BB0C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {55847ED3-706E-4F96-BBE7-7B073A732A9F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation) Task: {56F59500-C4D1-4720-859F-13B4998AA792} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {5B88CA1D-EEEA-4BAC-9E36-D94BA7D5CC37} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance Task: {6495D7D8-52C0-4309-9097-247A7B9574CC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance Task: {6576F359-3031-4AED-9F3B-7CEC7B5E3344} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation) Task: {67FF304D-1A11-4CB0-909A-A92DCFD95294} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator Task: {68070BBC-F2DE-4476-95C6-C2ED1ECE3D0F} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask Task: {74748E76-21FC-465C-ABE1-5E465834A900} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents Task: {753C8596-7415-46D3-AF5E-9EEC299E7D90} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode) Task: {7555AC23-54AA-43D7-A351-A3E8CEB1D39B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall Task: {7EBC5A66-ABD2-4B81-872F-BC7CA4AD5D55} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon Task: {8E694376-21AC-46FA-8E80-C453341417E4} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery Task: {9610F60F-4A8C-4AE8-A2BF-CB244B87FB8B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect Task: {973628F1-FAD0-487A-B3EC-A318007483E8} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Task: {99768757-32DC-4E02-BE1E-2FE4783695EE} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {9C3ADA14-4FAF-445F-B971-A69F60A7C497} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation) Task: {9D175E12-DB50-4682-9F62-F923B154AA57} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic Task: {A014EC55-F9EB-479D-9F4C-ACBE30C9E949} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync Task: {A4C021D8-600F-4B78-8B38-5BC2A0D16F42} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15] (Adobe Systems Incorporated) Task: {AFE9EACD-AC61-4642-A077-BB06D1147FC5} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask Task: {B7D8E6C0-721C-4992-AFF4-69E3131601A4} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-533882140-3980523968-1356160843-1009 Task: {BB4910D3-79D9-461E-AC1B-915B8E8672A3} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific Task: {BC858B0C-7D0F-436F-B08B-50D51DF74306} - System32\Tasks\Microsoft\Windows\WS\Badge Update Task: {C465A656-3917-43C0-B40A-4EBBE8708BB9} - System32\Tasks\Microsoft\Windows\WS\WSTask Task: {C66B8D31-A32F-4AF7-800E-475B2C2BE27D} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance Task: {C7B00221-71A0-4FB5-84F5-F1A8A2CA1B2A} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses Task: {D1CDD09C-5F29-4A7F-8FB4-897B439CC9A9} - System32\Tasks\Microsoft\Windows\IME\SQM data sender Task: {D30771CE-378B-4A36-97AA-BDFBFB9231C6} - System32\Tasks\WPD\SqmUpload_S-1-5-21-533882140-3980523968-1356160843-1003 => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {D93D7A9D-9769-4A49-A449-F83215E9CD63} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {DABC8F5F-C2D0-4E21-A6C1-CE0F7CB9BAE0} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation) Task: {E3F2C42C-4547-49CD-A14F-FDDA37794A75} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork Task: {E3FC5136-FFFE-42DA-BB1D-6C62CAEB4585} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks Task: {E60C98D3-B41B-482A-AC61-DD19EDF2841D} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan Task: {EF9592CE-7796-47A6-9CD5-8630640D45BB} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {F273F7E8-98FA-47D0-BFE3-8B71C8C3E9A8} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan Task: {F413C755-E3DC-4075-BB1E-AC60C1CA9AEA} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation) Task: {F69E710E-D481-4685-9A82-C1B0C2369EB5} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance Task: {F6E06073-27B2-48BB-8FA1-AAA8B50066D0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Faulty Device Manager Devices ============= Name: USB-Massenspeichergerät Description: USB-Massenspeichergerät Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Kompatibles USB-Speichergerät Service: USBSTOR Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47) Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available. ==================== Event log errors: ========================= Application errors: ================== Error: (07/30/2013 03:50:15 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (07/30/2013 03:49:12 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (07/29/2013 07:12:02 AM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (07/29/2013 02:47:22 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: schedul2.exe, Version: 8.0.0.8204, Zeitstempel: 0x511df901 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00edf870 ID des fehlerhaften Prozesses: 0x78c Startzeit der fehlerhaften Anwendung: 0xschedul2.exe0 Pfad der fehlerhaften Anwendung: schedul2.exe1 Pfad des fehlerhaften Moduls: schedul2.exe2 Berichtskennung: schedul2.exe3 Vollständiger Name des fehlerhaften Pakets: schedul2.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: schedul2.exe5 Error: (07/28/2013 08:45:00 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (07/25/2013 11:36:25 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: schedul2.exe, Version: 8.0.0.8204, Zeitstempel: 0x511df901 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00fff494 ID des fehlerhaften Prozesses: 0x740 Startzeit der fehlerhaften Anwendung: 0xschedul2.exe0 Pfad der fehlerhaften Anwendung: schedul2.exe1 Pfad des fehlerhaften Moduls: schedul2.exe2 Berichtskennung: schedul2.exe3 Vollständiger Name des fehlerhaften Pakets: schedul2.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: schedul2.exe5 Error: (07/25/2013 04:44:41 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (07/25/2013 04:42:50 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (07/24/2013 05:05:18 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (07/24/2013 04:55:53 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. System errors: ============= Error: (07/29/2013 07:12:02 AM) (Source: Service Control Manager) (User: ) Description: Dienst "Acronis Scheduler2 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/28/2013 10:57:22 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT) Description: Die Energieverwaltungsfeatures für den Leistungsmodus sind für den logischen Hyper-V-Prozessor "1" aufgrund eines Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (07/28/2013 10:57:22 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT) Description: Die Energieverwaltungsfeatures für den Leistungsmodus sind für den logischen Hyper-V-Prozessor "0" aufgrund eines Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (07/28/2013 10:57:20 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0xc000014d0 Error: (07/28/2013 10:05:31 PM) (Source: disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR5 gefunden. Error: (07/28/2013 08:48:07 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0x8000002a171\??\Volume{053e184c-b1b1-11df-a0e2-806d6172696f}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D9CA51F6-27B1-4E47-B73C-94077FCD947D} Error: (07/26/2013 04:09:29 AM) (Source: Service Control Manager) (User: ) Description: Dienst "Acronis Scheduler2 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/25/2013 07:49:26 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT) Description: Die Energieverwaltungsfeatures für den Leistungsmodus sind für den logischen Hyper-V-Prozessor "1" aufgrund eines Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (07/25/2013 07:49:26 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT) Description: Die Energieverwaltungsfeatures für den Leistungsmodus sind für den logischen Hyper-V-Prozessor "0" aufgrund eines Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (07/25/2013 07:49:22 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0xc000014d0 Microsoft Office Sessions: ========================= Error: (07/30/2013 03:50:15 PM) (Source: SideBySide)(User: ) Description: C:\Windows\System32\SmartUI2.ocxC:\Windows\System32\SmartUI2.ocx21 Error: (07/30/2013 03:49:12 PM) (Source: SideBySide)(User: ) Description: C:\Windows\System32\SmartUI2.ocxC:\Windows\System32\SmartUI2.ocx21 Error: (07/29/2013 07:12:02 AM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 Error: (07/29/2013 02:47:22 AM) (Source: Application Error)(User: ) Description: schedul2.exe8.0.0.8204511df901unknown0.0.0.000000000c000000500edf87078c01ce8bf113bb8737C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeunknown6d947cb9-f7e8-11e2-afc8-003005c2f279 Error: (07/28/2013 08:45:00 PM) (Source: SideBySide)(User: ) Description: C:\Windows\System32\SmartUI2.ocxC:\Windows\System32\SmartUI2.ocx21 Error: (07/25/2013 11:36:25 PM) (Source: Application Error)(User: ) Description: schedul2.exe8.0.0.8204511df901unknown0.0.0.000000000c000000500fff49474001ce895f5f6a4ed8C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeunknown41452aa1-f572-11e2-afc7-003005c2f279 Error: (07/25/2013 04:44:41 AM) (Source: SideBySide)(User: ) Description: C:\Windows\System32\SmartUI2.ocxC:\Windows\System32\SmartUI2.ocx21 Error: (07/25/2013 04:42:50 AM) (Source: SideBySide)(User: ) Description: C:\Windows\System32\SmartUI2.ocxC:\Windows\System32\SmartUI2.ocx21 Error: (07/24/2013 05:05:18 AM) (Source: SideBySide)(User: ) Description: C:\Windows\System32\SmartUI2.ocxC:\Windows\System32\SmartUI2.ocx21 Error: (07/24/2013 04:55:53 AM) (Source: SideBySide)(User: ) Description: C:\Windows\System32\SmartUI2.ocxC:\Windows\System32\SmartUI2.ocx21 ==================== Memory info =========================== Percentage of memory in use: 40% Total physical RAM: 3061.98 MB Available physical RAM: 1817.22 MB Total Pagefile: 3573.98 MB Available Pagefile: 2232.27 MB Total Virtual: 2047.88 MB Available Virtual: 1849.98 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:465.76 GB) (Free:408.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Windows) (Fixed) (Total:74.53 GB) (Free:27.12 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: B7B0BCB6) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 75 GB) (Disk ID: C88B8331) Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 04 Ran by Ute (administrator) on 31-07-2013 18:41:57 Running from C:\Users\Ute\Desktop Microsoft Windows 8 Pro (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (WebCake LLC) C:\Program Files\WebCake\WebCakeDesktop.Updater.exe (Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Alf - AG) C:\Program Files\ALFBanCo5\AlfReminder5.exe () C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093232 2012-11-02] (Microsoft Corporation) HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668720 2012-11-02] (Microsoft Corporation) HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-28] (Acronis) HKLM\...\Run: [AcronisTibMounterMonitor] - C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis) HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [413464 2013-02-15] (Acronis) MountPoints2: {00e966d8-95af-11e2-afb3-003005c2f279} - "G:\LGAutoRun.exe" MountPoints2: {eb2aaab3-65aa-11e2-af9b-806e6f6e6963} - "E:\AutoRun.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ALF-BanCo 5 Reminder.lnk ShortcutTarget: ALF-BanCo 5 Reminder.lnk -> C:\Program Files\ALFBanCo5\AlfReminder5.exe (Alf - AG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ BHO: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files\WebCake\WebCakeIEClient.dll (WebCake LLC) BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: msdaipp - No CLSID Value - Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default FF user.js: detected! => C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\user.js FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Extension: ObviousIdea Addon - C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\Extensions\toolbarbutton@obviousidea.us FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF ========================== Services (Whitelisted) ================= S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [831360 2013-02-15] (Acronis) R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3816440 2013-05-16] (Acronis) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7094592 2013-03-20] (Acronis) R2 WebCake Desktop Updater; C:\Users\Ute\AppData\Roaming\WebCake\WebCakeDesktop.exe [47896 2013-06-21] (WebCake LLC) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13344 2013-01-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2012-03-07] (Google Inc) S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag.sys [23040 2012-03-06] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem.sys [27776 2012-03-06] (LG Electronics Inc.) S3 andnetndis; C:\Windows\system32\DRIVERS\lgandnetndis.sys [73728 2012-03-06] (LG Electronics Inc.) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-27] () R3 netr28u; C:\Windows\system32\DRIVERS\netr28u.sys [1386528 2012-06-02] (Ralink Technology Corp.) S3 nmwcdnsu; C:\Windows\system32\drivers\nmwcdnsu.sys [137472 2011-08-17] (Nokia) S3 nmwcdnsuc; C:\Windows\system32\drivers\nmwcdnsuc.sys [8576 2011-08-17] (Nokia) S3 tdrpman; C:\Windows\system32\DRIVERS\tdrpman.sys [888640 2013-05-16] (Acronis International GmbH) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [736192 2013-05-16] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [130488 2013-05-16] (Acronis) R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-31 18:41 - 2013-07-31 18:41 - 00000000 ____D C:\FRST 2013-07-31 18:40 - 2013-07-31 18:40 - 00000468 _____ C:\Users\Ute\Desktop\defogger_disable.log 2013-07-31 18:40 - 2013-07-31 18:40 - 00000000 _____ C:\Users\Ute\defogger_reenable 2013-07-31 18:38 - 2013-07-31 18:38 - 01222064 _____ (Farbar) C:\Users\Ute\Desktop\FRST.exe 2013-07-31 18:34 - 2013-07-31 18:34 - 00050477 _____ C:\Users\Ute\Desktop\Defogger.exe 2013-07-25 19:59 - 2013-07-25 20:00 - 00000000 ____D C:\Users\Ute\AppData\Roaming\ObviousIdea 2013-07-25 19:48 - 2013-07-28 22:50 - 00000000 ____D C:\Users\Ute\AppData\Roaming\WebCake 2013-07-25 19:48 - 2013-07-25 19:48 - 00000000 ____D C:\Program Files\WebCake 2013-07-25 19:47 - 2013-07-25 19:47 - 00001161 _____ C:\Users\Ute\Desktop\Light Image Resizer 4.lnk 2013-07-25 19:47 - 2013-07-25 19:47 - 00000000 ____D C:\Program Files\ObviousIdea 2013-07-25 19:46 - 2013-07-25 19:46 - 07419840 _____ (ObviousIdea ) C:\Users\Ute\Downloads\light_image_resizer4_setup-avangate_1488.exe 2013-07-17 15:46 - 2013-07-17 15:46 - 00422160 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-07-17 05:26 - 2013-06-17 00:33 - 00816896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2013-07-17 05:26 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2013-07-17 05:26 - 2013-06-01 11:50 - 01800960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2013-07-17 05:26 - 2013-06-01 11:41 - 05573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2013-07-17 05:26 - 2013-06-01 11:41 - 00281344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2013-07-17 05:26 - 2013-06-01 11:25 - 00550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2013-07-17 05:26 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2013-07-17 05:26 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2013-07-17 05:26 - 2013-05-20 02:08 - 00386642 _____ C:\WINDOWS\system32\ApnDatabase.xml 2013-07-17 05:25 - 2013-06-01 12:09 - 00158976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2013-07-17 05:25 - 2013-06-01 12:09 - 00104704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2013-07-17 05:25 - 2013-06-01 11:42 - 00268032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2013-07-17 05:25 - 2013-06-01 11:42 - 00180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS 2013-07-17 05:25 - 2013-06-01 11:26 - 00581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe 2013-07-17 05:25 - 2013-06-01 11:26 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe 2013-07-17 05:25 - 2013-06-01 11:25 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2013-07-17 05:25 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll 2013-07-17 05:25 - 2013-06-01 11:25 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll 2013-07-17 05:25 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2013-07-17 05:25 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2013-07-17 05:25 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll 2013-07-17 05:25 - 2013-06-01 11:23 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2013-07-17 05:25 - 2013-06-01 11:23 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll 2013-07-17 05:25 - 2013-06-01 04:29 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys 2013-07-17 05:25 - 2013-05-25 00:08 - 01166232 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2013-07-17 05:25 - 2013-05-25 00:08 - 01063960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2013-07-17 05:25 - 2013-05-25 00:08 - 01035512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2013-07-17 05:25 - 2013-05-25 00:08 - 00939448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2013-07-11 00:34 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-07-11 00:34 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2013-07-11 00:34 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-07-11 00:34 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-07-11 00:34 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2013-07-11 00:34 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2013-07-11 00:34 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-07-11 00:34 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-07-11 00:34 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-07-11 00:34 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2013-07-11 00:34 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL 2013-07-11 00:33 - 2013-05-31 01:09 - 03389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2013-07-11 00:33 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2013-07-08 16:33 - 2013-07-08 16:33 - 00004848 _____ C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Päpste veröffentlichen gemeinsame Enzyklika _ tagesschau.lnk 2013-07-03 15:35 - 2013-07-03 15:36 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-07-31 18:41 - 2013-07-31 18:41 - 00000000 ____D C:\FRST 2013-07-31 18:40 - 2013-07-31 18:40 - 00000468 _____ C:\Users\Ute\Desktop\defogger_disable.log 2013-07-31 18:40 - 2013-07-31 18:40 - 00000000 _____ C:\Users\Ute\defogger_reenable 2013-07-31 18:40 - 2013-01-24 00:24 - 00000000 ____D C:\Users\Ute 2013-07-31 18:38 - 2013-07-31 18:38 - 01222064 _____ (Farbar) C:\Users\Ute\Desktop\FRST.exe 2013-07-31 18:34 - 2013-07-31 18:34 - 00050477 _____ C:\Users\Ute\Desktop\Defogger.exe 2013-07-31 18:25 - 2013-01-26 21:00 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-07-31 18:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru 2013-07-31 17:42 - 2013-01-24 00:31 - 01260938 _____ C:\WINDOWS\WindowsUpdate.log 2013-07-31 03:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2013-07-29 21:46 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent 2013-07-29 07:14 - 2011-03-13 00:49 - 00000000 ____D C:\Users\Ute\Documents\Mein Steuer-Sparbuch Heute 2013-07-29 02:17 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-07-28 22:56 - 2012-07-26 06:17 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2013-07-28 22:50 - 2013-07-25 19:48 - 00000000 ____D C:\Users\Ute\AppData\Roaming\WebCake 2013-07-25 22:46 - 2013-01-25 03:32 - 00000000 ____D C:\Users\Ute\AppData\Roaming\ALFBanCo5 2013-07-25 22:46 - 2013-01-25 03:31 - 00000000 ____D C:\ProgramData\AlfBanCo5 2013-07-25 20:00 - 2013-07-25 19:59 - 00000000 ____D C:\Users\Ute\AppData\Roaming\ObviousIdea 2013-07-25 19:48 - 2013-07-25 19:48 - 00000000 ____D C:\Program Files\WebCake 2013-07-25 19:47 - 2013-07-25 19:47 - 00001161 _____ C:\Users\Ute\Desktop\Light Image Resizer 4.lnk 2013-07-25 19:47 - 2013-07-25 19:47 - 00000000 ____D C:\Program Files\ObviousIdea 2013-07-25 19:46 - 2013-07-25 19:46 - 07419840 _____ (ObviousIdea ) C:\Users\Ute\Downloads\light_image_resizer4_setup-avangate_1488.exe 2013-07-22 15:00 - 2013-01-24 00:33 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-07-17 15:46 - 2013-07-17 15:46 - 00422160 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-07-15 15:28 - 2013-06-21 20:41 - 00000000 ____D C:\Users\Ute\AppData\Local\Adobe 2013-07-12 06:33 - 2012-07-26 10:45 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-11 03:16 - 2013-01-25 03:47 - 75699896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-07-09 16:32 - 2010-10-17 17:41 - 00000000 ____D C:\Users\Ute\Documents\Markus 2013-07-08 16:33 - 2013-07-08 16:33 - 00004848 _____ C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Päpste veröffentlichen gemeinsame Enzyklika _ tagesschau.lnk 2013-07-07 16:39 - 2010-10-17 19:11 - 00000000 ____D C:\Users\Ute\Documents\Urlaub 2013-07-04 20:12 - 2010-10-17 10:37 - 00000000 ____D C:\Users\Ute\Documents\eMail 2013-07-04 11:33 - 2013-01-26 05:02 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-07-03 15:36 - 2013-07-03 15:35 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-31 03:00 ==================== End Of Log ============================ |
31.07.2013, 18:08 | #2 |
/// Malware-holic | Windows 8 32 Bit Werbeeinblendungen - Webcake 3.00 lässt sich nicht deinstallieren Hi,
__________________meherere Arbeitsschritte sind durchzuführen, 3 Logs zu posten, diese bitte gleichzeitig. WebCake deinstaliere dies über rewo, falls eine normale Deinstalation nicht funktioniert: Revo Uninstaller - Download - Filepony starte neu. 2. Downloade Dir bitte AdwCleaner auf deinen Desktop.
neustart. 3. http://filepony.de/download-hitmanpro_32/ b Hitmanpro laden, doppelklicken, Scan klicken. Nichts löschen, Log speichern und posten, bzw als XML exportieren, packen und anhängen
__________________ |
31.07.2013, 18:55 | #3 |
| Windows 8 32 Bit Werbeeinblendungen - Webcake 3.00 lässt sich nicht deinstallieren Hallo Markus,
__________________Habe ich soweit nun durchgeführt. Code:
ATTFilter # AdwCleaner v2.306 - Datei am 31/07/2013 um 19:37:52 erstellt # Aktualisiert am 19/07/2013 von Xplode # Betriebssystem : Windows 8 Pro (32 bits) # Benutzer : Ute - UTE-PC5 # Bootmodus : Normal # Ausgeführt unter : C:\Users\Ute\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : WebCake Desktop Updater ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\ProgramData\Tarma Installer Ordner Gelöscht : C:\Users\Ute\AppData\Roaming\WebCake ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Schlüssel Gelöscht : HKLM\Software\Tarma Installer ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v22.0 (de) Datei : C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\prefs.js C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\user.js ... Gelöscht ! [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [1405 octets] - [31/07/2013 19:37:52] ########## EOF - C:\AdwCleaner[S1].txt - [1465 octets] ########## Code:
ATTFilter HitmanPro 3.7.6.201 www.hitmanpro.com Computer name . . . . : UTE-PC5 Windows . . . . . . . : 6.2.0.9200.X86/2 User name . . . . . . : UTE-PC5\Ute UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2013-07-31 19:44:11 Scan mode . . . . . . : Normal Scan duration . . . . : 3m 44s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 13 Traces . . . . . . . : 1021 Objects scanned . . . : 947.671 Files scanned . . . . : 20.258 Remnants scanned . . : 376.594 files / 550.819 keys Malware _____________________________________________________________________ C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00KF923G\WebCakesetup[1].exe Size . . . . . . . : 1.212.288 bytes Age . . . . . . . : 6.0 days (2013-07-25 19:48:08) Entropy . . . . . : 8.0 SHA-256 . . . . . : 02E10E9B754D5C283066180E5D651335A1706841362C6F7721A6C50CFD73B7A2 Product . . . . . : WebCake Publisher . . . . : WebCake LLC Description . . . : Installer Version . . . . . : 2013.6.20.1708 Copyright . . . . : Copyright (c) 2013 WebCake LLC. All rights reserved. RSA Key Size . . . : 2048 Source URL . . . . : hxxp://dl-cdn.getwebcake.com/install/v8/WebCakesetup.exe Authenticode . . . : Valid > Ikarus . . . . . . : AdWare.Yontoo!IK Fuzzy . . . . . . : 103.0 Forensic Cluster -3.0s C:\Users\Ute\AppData\Local\Temp\132-08C0.exe -2.5s C:\Users\Ute\AppData\Local\Temp\132-08C0.log -2.5s C:\Users\Ute\AppData\Local\Temp\132-08C0.log -2.5s C:\Users\Ute\AppData\Local\Temp\132-08C0.log -0.7s C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5AGFMJU\a[1].txt 0.0s C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00KF923G\WebCakesetup[1].exe 4.3s C:\Users\Ute\AppData\Local\Temp\wc-0EDC.exe 5.3s C:\Users\Ute\AppData\Local\Temp\wc-0EDC.log 5.3s C:\Users\Ute\AppData\Local\Temp\wc-0EDC.log 5.6s C:\Users\Ute\AppData\Local\Temp\810E91B5\ 5.6s C:\Users\Ute\AppData\Local\Temp\810E91B5\_Setup.dll 5.6s C:\Users\Ute\AppData\Local\Temp\810E91B5\_Setup.dll 6.1s C:\Users\Ute\AppData\Local\Temp\810E91B5\Setup.ico 6.1s C:\Users\Ute\AppData\Local\Temp\810E91B5\_Setupx.dll 8.6s C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QVYI4SHG\Meh[1].json 8.6s C:\Users\Ute\AppData\Local\Temp\810E91B5\m.eh 9.2s C:\Users\Ute\AppData\Local\Temp\plugtmp-4\ 9.9s C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K2DJGNMQ\a[1].txt 9.9s C:\Users\Ute\AppData\Local\Temp\810E91B5\Check.txt 9.9s C:\Windows\Prefetch\132-08C0.EXE-36113990.pf 10.2s C:\$Recycle.Bin\S-1-5-21-533882140-3980523968-1356160843-1009\$REL3BZQ\ 10.2s C:\$Recycle.Bin\S-1-5-21-533882140-3980523968-1356160843-1009\$REL3BZQ\Setup.exe 10.3s C:\$Recycle.Bin\S-1-5-21-533882140-3980523968-1356160843-1009\$REL3BZQ\_Setup.dll 10.3s C:\$Recycle.Bin\S-1-5-21-533882140-3980523968-1356160843-1009\$REL3BZQ\Setup.ico 10.4s C:\$Recycle.Bin\S-1-5-21-533882140-3980523968-1356160843-1009\$REL3BZQ\_Setupx.dll 10.4s C:\$Recycle.Bin\S-1-5-21-533882140-3980523968-1356160843-1009\$REL3BZQ\Cache\ 10.5s C:\Users\Ute\AppData\Local\Temp\810E91B5\x86\ 10.5s C:\Users\Ute\AppData\Local\Temp\810E91B5\x86\regsvr32.exe 10.5s C:\Users\Ute\AppData\Local\Temp\810E91B5\x64\ 10.5s C:\Users\Ute\AppData\Local\Temp\810E91B5\x64\regsvr32.exe 10.5s C:\Users\Ute\AppData\Local\Temp\810E91B5\x64\regsvr32.exe 10.5s C:\Users\Ute\AppData\Local\Temp\810E91B5\WebCakeFFClient.xpi 10.5s C:\Users\Ute\AppData\Local\Temp\810E91B5\WebCakeFFClient.xpi 10.6s C:\Users\Ute\AppData\Local\Temp\810E91B5\7za.exe 11.0s C:\$Recycle.Bin\S-1-5-21-533882140-3980523968-1356160843-1009\$RVN09IO.exe 11.3s C:\Users\Ute\AppData\Local\Temp\810E91B5\WebCakeIEClient.dll 11.3s C:\Users\Ute\AppData\Local\Temp\810E91B5\WebCakeIEClient.dll 11.3s C:\Users\Ute\AppData\Local\Temp\810E91B5\WebCakeIEClient.dll 11.3s C:\Users\Ute\AppData\Local\Temp\810E91B5\WebCakeIEClient.dll 11.8s C:\Users\Ute\AppData\Local\Temp\810E91B5\webcake.xml 11.9s C:\$Recycle.Bin\S-1-5-21-533882140-3980523968-1356160843-1009\$RMEZT7U.dll 11.9s C:\$Recycle.Bin\S-1-5-21-533882140-3980523968-1356160843-1009\$RMEZT7U.dll 12.3s C:\Windows\Prefetch\RESIZE.EXE-BEFFDFA0.pf 12.3s C:\Windows\Prefetch\RESIZE.EXE-BEFFDFA0.pf 12.4s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\localstore-1.rdf 12.6s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\ 12.8s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome.manifest 12.8s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\install.rdf 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\content\ 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\content\obviousideaaddon.js 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\ 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\content\obviousideaaddon.xul 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\content\poweraddon.js 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\ 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\icon16.png 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\icon32.png 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item1.png 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item10.png 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item11.png 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item12.png 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item2.png 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item3.png 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item4.png 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item5.png 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item6.png 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item6.png 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item7.png 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item8.png 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item9.png 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\overlay.css 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\defaults\ 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\defaults\preferences\ 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\defaults\preferences\obviousideaaddon.js 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\defaults\preferences\obviousideaaddon.js 13.5s C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5AGFMJU\a[1].js 13.5s C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5AGFMJU\a[1].js 16.0s C:\Users\Ute\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_538D903C0A81D46E90DBA469E6311D92 16.0s C:\Users\Ute\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_538D903C0A81D46E90DBA469E6311D92 16.0s C:\Users\Ute\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_538D903C0A81D46E90DBA469E6311D92 19.6s C:\Users\Ute\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000033.db Cookies _____________________________________________________________________ C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.360yield.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.ad-srv.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.adc-serv.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.adnet.de C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.adserver01.de C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.dyntracker.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.dyntracker.de C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.movad.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.sevenads.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.yieldmanager.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.zanox.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ads.adk2.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ads.audience2media.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ads.creative-serving.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ads.p161.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ads.pubmatic.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ads.traveladshop.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ads.undertone.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:adserver1.mokono.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:adtech.de C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:adtechus.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:advertising.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:adviva.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:aka-cdn-ns.adtech.de C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:aok.122.2o7.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:apmebf.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:atdmt.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:autoscout24.112.2o7.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:bs.serving-sys.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:burstnet.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:casalemedia.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:content.yieldmanager.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:de.sitestat.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:doubleclick.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:eas.apm.emediate.eu C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:eas4.emediate.eu C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:fastclick.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:fl01.ct2.comclick.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:gmeurope.112.2o7.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:in.getclicky.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:invitemedia.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:kqv.112.2o7.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:media6degrees.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:mediaplex.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:oms.122.2o7.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:paypal.112.2o7.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:pool-eu-ie.creative-serving.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:questionmarket.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:revsci.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ru4.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:serving-sys.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:smartadserver.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:specificclick.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:stat.dealtime.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:statcounter.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:stats.paypal.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:statse.webtrendslive.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:track.adform.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:track.effiliation.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:track.webtrekk.de C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:tradedoubler.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:tribalfusion.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:warnerbros.112.2o7.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:webetico2.solution.weborama.fr C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:weborama.fr C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:weboramaitdata.solution.weborama.fr C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:weboramaitdatas2.solution.weborama.fr C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ww251.smartadserver.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:www.etracker.de C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:www.googleadservices.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:www4.smartadserver.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:xiti.com |
31.07.2013, 18:57 | #4 |
/// Malware-holic | Windows 8 32 Bit Werbeeinblendungen - Webcake 3.00 lässt sich nicht deinstallieren Hi, Browser schließen, Hitmanpro Funde löschen lassen. Neustarten. neuen Farbar scan bitte, Log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
31.07.2013, 19:23 | #5 |
| Windows 8 32 Bit Werbeeinblendungen - Webcake 3.00 lässt sich nicht deinstallieren Hallo, Code:
ATTFilter HitmanPro 3.7.6.201 www.hitmanpro.com Computer name . . . . : UTE-PC5 Windows . . . . . . . : 6.2.0.9200.X86/2 User name . . . . . . : UTE-PC5\Ute UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2013-07-31 19:44:11 Scan mode . . . . . . : Normal Scan duration . . . . : 3m 44s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 13 Traces . . . . . . . : 1021 Objects scanned . . . : 947.671 Files scanned . . . . : 20.258 Remnants scanned . . : 376.594 files / 550.819 keys Malware _____________________________________________________________________ C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00KF923G\WebCakesetup[1].exe Size . . . . . . . : 1.212.288 bytes Age . . . . . . . : 6.0 days (2013-07-25 19:48:08) Entropy . . . . . : 8.0 SHA-256 . . . . . : 02E10E9B754D5C283066180E5D651335A1706841362C6F7721A6C50CFD73B7A2 Product . . . . . : WebCake Publisher . . . . : WebCake LLC Description . . . : Installer Version . . . . . : 2013.6.20.1708 Copyright . . . . : Copyright (c) 2013 WebCake LLC. All rights reserved. RSA Key Size . . . : 2048 Source URL . . . . : hxxp://dl-cdn.getwebcake.com/install/v8/WebCakesetup.exe Authenticode . . . : Valid > Ikarus . . . . . . : AdWare.Yontoo!IK Fuzzy . . . . . . : 103.0 Forensic Cluster -3.0s C:\Users\Ute\AppData\Local\Temp\132-08C0.exe -2.5s C:\Users\Ute\AppData\Local\Temp\132-08C0.log -2.5s C:\Users\Ute\AppData\Local\Temp\132-08C0.log -2.5s C:\Users\Ute\AppData\Local\Temp\132-08C0.log -0.7s C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5AGFMJU\a[1].txt 0.0s C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00KF923G\WebCakesetup[1].exe 4.3s C:\Users\Ute\AppData\Local\Temp\wc-0EDC.exe 5.3s C:\Users\Ute\AppData\Local\Temp\wc-0EDC.log 5.3s C:\Users\Ute\AppData\Local\Temp\wc-0EDC.log 5.6s C:\Users\Ute\AppData\Local\Temp\810E91B5\ 5.6s C:\Users\Ute\AppData\Local\Temp\810E91B5\_Setup.dll 5.6s C:\Users\Ute\AppData\Local\Temp\810E91B5\_Setup.dll 6.1s C:\Users\Ute\AppData\Local\Temp\810E91B5\Setup.ico 6.1s C:\Users\Ute\AppData\Local\Temp\810E91B5\_Setupx.dll 8.6s C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QVYI4SHG\Meh[1].json 8.6s C:\Users\Ute\AppData\Local\Temp\810E91B5\m.eh 9.2s C:\Users\Ute\AppData\Local\Temp\plugtmp-4\ 9.9s C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K2DJGNMQ\a[1].txt 9.9s C:\Users\Ute\AppData\Local\Temp\810E91B5\Check.txt 9.9s C:\Windows\Prefetch\132-08C0.EXE-36113990.pf 10.2s C:\$Recycle.Bin\S-1-5-21-533882140-3980523968-1356160843-1009\$REL3BZQ\ 10.2s C:\$Recycle.Bin\S-1-5-21-533882140-3980523968-1356160843-1009\$REL3BZQ\Setup.exe 10.3s C:\$Recycle.Bin\S-1-5-21-533882140-3980523968-1356160843-1009\$REL3BZQ\_Setup.dll 10.3s C:\$Recycle.Bin\S-1-5-21-533882140-3980523968-1356160843-1009\$REL3BZQ\Setup.ico 10.4s C:\$Recycle.Bin\S-1-5-21-533882140-3980523968-1356160843-1009\$REL3BZQ\_Setupx.dll 10.4s C:\$Recycle.Bin\S-1-5-21-533882140-3980523968-1356160843-1009\$REL3BZQ\Cache\ 10.5s C:\Users\Ute\AppData\Local\Temp\810E91B5\x86\ 10.5s C:\Users\Ute\AppData\Local\Temp\810E91B5\x86\regsvr32.exe 10.5s C:\Users\Ute\AppData\Local\Temp\810E91B5\x64\ 10.5s C:\Users\Ute\AppData\Local\Temp\810E91B5\x64\regsvr32.exe 10.5s C:\Users\Ute\AppData\Local\Temp\810E91B5\x64\regsvr32.exe 10.5s C:\Users\Ute\AppData\Local\Temp\810E91B5\WebCakeFFClient.xpi 10.5s C:\Users\Ute\AppData\Local\Temp\810E91B5\WebCakeFFClient.xpi 10.6s C:\Users\Ute\AppData\Local\Temp\810E91B5\7za.exe 11.0s C:\$Recycle.Bin\S-1-5-21-533882140-3980523968-1356160843-1009\$RVN09IO.exe 11.3s C:\Users\Ute\AppData\Local\Temp\810E91B5\WebCakeIEClient.dll 11.3s C:\Users\Ute\AppData\Local\Temp\810E91B5\WebCakeIEClient.dll 11.3s C:\Users\Ute\AppData\Local\Temp\810E91B5\WebCakeIEClient.dll 11.3s C:\Users\Ute\AppData\Local\Temp\810E91B5\WebCakeIEClient.dll 11.8s C:\Users\Ute\AppData\Local\Temp\810E91B5\webcake.xml 11.9s C:\$Recycle.Bin\S-1-5-21-533882140-3980523968-1356160843-1009\$RMEZT7U.dll 11.9s C:\$Recycle.Bin\S-1-5-21-533882140-3980523968-1356160843-1009\$RMEZT7U.dll 12.3s C:\Windows\Prefetch\RESIZE.EXE-BEFFDFA0.pf 12.3s C:\Windows\Prefetch\RESIZE.EXE-BEFFDFA0.pf 12.4s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\localstore-1.rdf 12.6s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\ 12.8s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome.manifest 12.8s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\install.rdf 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\content\ 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\content\obviousideaaddon.js 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\ 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\content\obviousideaaddon.xul 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\content\poweraddon.js 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\ 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\icon16.png 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\icon32.png 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item1.png 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item10.png 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item11.png 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item12.png 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item2.png 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item3.png 12.9s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item4.png 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item5.png 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item6.png 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item6.png 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item7.png 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item8.png 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\item9.png 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\chrome\skin\overlay.css 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\defaults\ 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\defaults\preferences\ 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\defaults\preferences\obviousideaaddon.js 13.0s C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\extensions\toolbarbutton@obviousidea.us\defaults\preferences\obviousideaaddon.js 13.5s C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5AGFMJU\a[1].js 13.5s C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5AGFMJU\a[1].js 16.0s C:\Users\Ute\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_538D903C0A81D46E90DBA469E6311D92 16.0s C:\Users\Ute\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_538D903C0A81D46E90DBA469E6311D92 16.0s C:\Users\Ute\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_538D903C0A81D46E90DBA469E6311D92 19.6s C:\Users\Ute\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000033.db Cookies _____________________________________________________________________ C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.360yield.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.ad-srv.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.adc-serv.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.adnet.de C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.adserver01.de C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.dyntracker.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.dyntracker.de C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.movad.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.sevenads.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.yieldmanager.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ad.zanox.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ads.adk2.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ads.audience2media.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ads.creative-serving.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ads.p161.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ads.pubmatic.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ads.traveladshop.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ads.undertone.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:adserver1.mokono.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:adtech.de C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:adtechus.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:advertising.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:adviva.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:aka-cdn-ns.adtech.de C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:aok.122.2o7.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:apmebf.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:atdmt.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:autoscout24.112.2o7.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:bs.serving-sys.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:burstnet.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:casalemedia.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:content.yieldmanager.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:de.sitestat.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:doubleclick.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:eas.apm.emediate.eu C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:eas4.emediate.eu C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:fastclick.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:fl01.ct2.comclick.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:gmeurope.112.2o7.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:in.getclicky.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:invitemedia.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:kqv.112.2o7.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:media6degrees.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:mediaplex.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:oms.122.2o7.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:paypal.112.2o7.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:pool-eu-ie.creative-serving.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:questionmarket.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:revsci.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ru4.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:serving-sys.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:smartadserver.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:specificclick.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:stat.dealtime.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:statcounter.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:stats.paypal.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:statse.webtrendslive.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:track.adform.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:track.effiliation.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:track.webtrekk.de C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:tradedoubler.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:tribalfusion.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:warnerbros.112.2o7.net C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:webetico2.solution.weborama.fr C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:weborama.fr C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:weboramaitdata.solution.weborama.fr C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:weboramaitdatas2.solution.weborama.fr C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:ww251.smartadserver.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:www.etracker.de C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:www.googleadservices.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:www4.smartadserver.com C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\15gsmenk.default\cookies.sqlite:xiti.com |
Themen zu Windows 8 32 Bit Werbeeinblendungen - Webcake 3.00 lässt sich nicht deinstallieren |
.dll, 32 bit, administrator, antivirus, chkdsk, defender, detected, diagnostics, dll, explorer, farbar, farbar recovery scan tool, fehlermeldung, firefox, flash player, harddisk, homepage, launch, registry, richtlinie, rundll, scan, schädlinge, security, services.exe, software, srtasks.exe, svchost.exe, system volume information, werbeeinblendungen, windows, windows 8 pro, winlogon.exe |