| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Infisziert mit Javaws.exe*32Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.07.2016, 08:46
| #1 |
| |  Infisziert mit Javaws.exe*32 Hallo! Seit vermutlich vorgestern, als der Computer sich nicht einfach mehr hochfahren ließ, bin ich mit dem Trojaner javaws.exe*32 infisziert. Dieser öffnete gestern über 8000 kleine Prozesse mit dem selben Namen die natürlich meinen PC lahmlegten. Ich ließ Malwarebytes Anti-Rootkit drüberlaufen, und die gefundenen Daten entfernen. Danach musste er einen Neustart machen, und dann lief der PC wieder extrem langsam. Das Problem dürfte also nach wie vor bestehen. Zur Zeit läuft noch Spybot, und vorsichtshalber habe ich das Internet deaktiviert. Da ich erst heute Abend nach Hause komme, würde ich jetzt gern schon wissen was für Scans ich machen soll, damit ich euch die erforderlichen Informationen liefern kann. Generell kann ich mal sagen, dass ich Win 7 Home habe, sowie den Avast Virenscanner. Soll ich diesen immer abschalten wenn ich diverse Scans mache? Sorry, das ich momentan noch nicht mehr liefern kann, aber ich informiere mich lieber jetzt schon mal was ihr braucht, damit ich das alles noch heute Abend und morgen Vormittag erledigen kann. Sowas muss natürlich kurz vorm Uralub passieren...  |
|
29.07.2016, 09:27
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Infisziert mit Javaws.exe*32Zitat:
Zitat:
 Hellsehen können wir hier auch nicht. Ohne Logs kann dir niemand sagen was es mit den Funden auf sich hatte.
__________________ |
|
29.07.2016, 09:39
| #3 |
| | Infisziert mit Javaws.exe*32 Das weiß ich ja, aber was für Logs braucht ihr noch? Ich bin jetzt ihn der Arbeit und kann daher die Logs noch nicht posten. Ich wollte, sobald ich nach Hause komme, all die erforderlichen Scans machen und euch dann all die Logs posten. Damit ihr alles habt was ihr braucht.
__________________Nun, ich habe gelesen, dass dies ein Trojaner ist, auch hier im Forum. Sorry. Ich kenn mich da natürlich nicht so aus, aber was immer es auch ist, es taucht im Taskmanager tausende Male als javaws.exe*32 auf. |
|
29.07.2016, 09:56
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infisziert mit Javaws.exe*32 Poste erstmal alle Logs von MBAR mit Funden
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.07.2016, 14:49
| #5 |
| | Infisziert mit Javaws.exe*32 Ok, werde ich dann sobald ich kann machen. Danke erst mal. Malwarebytes Log von gestern, hab dann das gefundene in Quarantäne gesteckt. Hatte bei beiden Scans immer Avast laufen... Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 29.07.2016 Suchlaufzeit: 06:01 Protokolldatei: malwarebytesLog.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.07.29.02 Rootkit-Datenbank: v2016.05.27.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Nici Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 356338 Abgelaufene Zeit: 23 Min., 37 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 12 PUP.Optional.SearchProtect.AppFlsh, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [cbfba980504af24425672d693ac808f8], PUP.Optional.Astromenda, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, In Quarantäne, [65616cbddfbb9a9c27dbc5d3a85b51af], PUP.Optional.Astromenda, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WSE_Astromenda, Löschen bei Neustart, [12b47faa83172115b84e5741e02317e9], PUP.Optional.InstallCore, HKLM\SOFTWARE\WOW6432NODE\InstallCore, In Quarantäne, [fbcb6dbcd8c2be78a4bf891e60a3cc34], PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, In Quarantäne, [66601f0a6f2b79bd8a78b8e00cf73bc5], PUP.Optional.InstallCore, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE_Astromenda, In Quarantäne, [9a2c9693d7c3979fb5af9e0906fd09f7], PUP.Optional.Astromenda, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\astromenda, In Quarantäne, [7b4bf138bdddd75f1ae2eaad7e8556aa], PUP.Optional.InstallCore, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\InstallCore, In Quarantäne, [7c4ab277316946f0a5bdd4d33ec5c23e], PUP.Optional.Astromenda, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\WSE_Astromenda, In Quarantäne, [daecad7cd7c395a104fde5b3fc07a858], PUP.Optional.Astromenda, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, In Quarantäne, [299d37f2d6c440f6738a9304b74c47b9], PUP.Optional.Trovi, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}, In Quarantäne, [dfe781a8bbdf34028afb9c1d4ab908f8], PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WSE_Astromenda, In Quarantäne, [279f4ddc3466082e766e4464cd35e41c], Registrierungswerte: 8 PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, In Quarantäne, [982e6fba3e5cf2447a89524647bcc937] PUP.Optional.Astromenda, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_35_ff&cd=2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEtByC0FzyyB0DtDtDyBtN0D0Tzu0SzyyBtAtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzztByE0FzztD0BtGtCtC0F0DtG0AyCtA0CtGtAtDtByBtGyEyD0CyDzztCzyzytBtD0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0DtBtDtCyB0FtGzy0CyEyEtGyEyDzytCtGzy0AyCyEtGyEtDtB0EyE0DtAtDtAyC0FyC2Q&cr=2048917834&ir=, In Quarantäne, [26a0ee3ba7f3e05603fb2b6c7b8842be] PUP.Optional.Astromenda, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|TopResultURLFallback, hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_35_ff&cd=2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEtByC0FzyyB0DtDtDyBtN0D0Tzu0SzyyBtAtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzztByE0FzztD0BtGtCtC0F0DtG0AyCtA0CtGtAtDtByBtGyEyD0CyDzztCzyzytBtD0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0DtBtDtCyB0FtGzy0CyEyEtGyEyDzytCtGzy0AyCyEtGyEtDtB0EyE0DtAtDtAyC0FyC2Q&cr=2048917834&ir=, In Quarantäne, [cdf9b4758b0f1125fd01eaad758ed32d] PUP.Optional.Astromenda, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|FaviconPath, C:\Program Files (x86)\WSE_Astromenda\\FavIcon.ico, In Quarantäne, [6f57b5745347cf677f7f0d8a22e1d32d] PUP.Optional.Astromenda, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Astromenda, In Quarantäne, [d4f2eb3e19815fd7a5593562a55e718f] PUP.Optional.Astromenda, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Astromenda, In Quarantäne, [8442a089d8c2cd69f509a4f35da69b65] PUP.Optional.Trovi, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|URL, hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP13C10E43-FE92-433B-B624-66CB60225E3A&q={searchTerms}&SSPV=, In Quarantäne, [dfe781a8bbdf34028afb9c1d4ab908f8] PUP.Optional.Conduit, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|SuggestionsURL_JSON, hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, In Quarantäne, [5076bf6a4357290d32a7019b7e85837d] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 8 PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda, In Quarantäne, [279f4ddc3466082e766e4464cd35e41c], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\bh, In Quarantäne, [279f4ddc3466082e766e4464cd35e41c], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS, In Quarantäne, [279f4ddc3466082e766e4464cd35e41c], PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\Astromenda, In Quarantäne, [d5f1d257930705318ae45657fb0703fd], PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\Astromenda\BRS, In Quarantäne, [d5f1d257930705318ae45657fb0703fd], PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\WSE_Astromenda, In Quarantäne, [5d698f9afc9e67cf80ef04a9c63c46ba], PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\WSE_Astromenda\UpdateProc, In Quarantäne, [5d698f9afc9e67cf80ef04a9c63c46ba], PUP.Optional.Astromenda, C:\Users\Nici\AppData\Local\Astromenda, In Quarantäne, [675f919846543df9a5d0ffae4ab8e020], Dateien: 21 PUP.Optional.Downloader, C:\Users\Nici\Eigene Musik\FileZilla - CHIP-Installer.exe, In Quarantäne, [dde9bf6a762450e6847d68af45bb22de], PUP.Optional.Conduit, C:\Users\Nici\Downloads\zaSetupWeb_102_078_000.exe, In Quarantäne, [5f673feae3b70a2c5ae21a9b17eab64a], PUP.Optional.DsiLoad, C:\Users\Nici\AppData\Local\dsisetup15034442.exe, In Quarantäne, [e4e24fda1d7d52e453bfa268c63b7a86], PUP.Optional.DsiLoad, C:\Users\Nici\AppData\Local\dsisetup19427272.exe, In Quarantäne, [7a4c1d0c41595cda1bf78783c33e51af], PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\Mozilla\Firefox\Profiles\2qifn27a.default\searchplugins\Astromenda.xml, In Quarantäne, [5e684ddc5743ba7cbbef6c796b97926e], PUP.Optional.Astromenda, C:\Windows\System32\Tasks\WSE_Astromenda, In Quarantäne, [982e6dbc75252d094aaf395ede25c739], PUP.Optional.Astromenda, C:\Windows\Tasks\WSE_Astromenda.job, In Quarantäne, [55714fda87131d19eb0f22759172ae52], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\FavIcon.ico, In Quarantäne, [279f4ddc3466082e766e4464cd35e41c], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\Sqlite3.dll, In Quarantäne, [279f4ddc3466082e766e4464cd35e41c], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\uninst.dat, In Quarantäne, [279f4ddc3466082e766e4464cd35e41c], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\uninstall.exe, In Quarantäne, [279f4ddc3466082e766e4464cd35e41c], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\Sqlite3.dll, In Quarantäne, [279f4ddc3466082e766e4464cd35e41c], PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\Astromenda\BRS\stats, In Quarantäne, [d5f1d257930705318ae45657fb0703fd], PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\WSE_Astromenda\UpdateProc\config.dat, In Quarantäne, [5d698f9afc9e67cf80ef04a9c63c46ba], PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\WSE_Astromenda\UpdateProc\info.dat, In Quarantäne, [5d698f9afc9e67cf80ef04a9c63c46ba], PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\WSE_Astromenda\UpdateProc\STTL.DAT, In Quarantäne, [5d698f9afc9e67cf80ef04a9c63c46ba], PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\WSE_Astromenda\UpdateProc\TTL.DAT, In Quarantäne, [5d698f9afc9e67cf80ef04a9c63c46ba], PUP.Optional.Astromenda, C:\Users\Nici\AppData\Local\Astromenda\astcnfg.dat, In Quarantäne, [675f919846543df9a5d0ffae4ab8e020], PUP.Optional.Astromenda, C:\Users\Nici\AppData\Local\Astromenda\data, In Quarantäne, [675f919846543df9a5d0ffae4ab8e020], PUP.Optional.Astromenda, C:\Users\Nici\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Schlecht: ("session":{"restore_on_startup":4,"startup_urls":["hxxp://astromenda.com/?f=7&a=ast_frg01_14_35_ff&cd=2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEtByC0FzyyB0DtDtDyBtN0D0Tzu0SzyyBtAtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzztByE0FzztD0BtGtCtC0F0DtG0AyCtA0CtGtAtDtByBtGyEyD0CyDzztCzyzytBtD0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0DtBtDtCyB0FtGzy0CyEyEtGyEyDzytCtGzy0AyCyEtGyEtDtB0EyE0DtAtDtAyC0FyC2Q&cr=2048917834&ir="]},"sync":{}}), Ersetzt,[eadc31f83f5b52e458e269355ca88080] PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\Mozilla\Firefox\Profiles\2qifn27a.default\prefs.js, Gut: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Schlecht: (user_pref("browser.startup.homepage", "hxxp://astromenda.com), Ersetzt,[695d72b79406e353fc2f8c1327ddf010] Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Und SpyBots Log von heute: Code:
ATTFilter Search results from Spybot - Search & Destroy
29.07.2016 15:42:56
Scan took 01:21:42.
114 items found.
DownloadSponsor: [SBI $CC437C6B] Settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\OCS\lastPID
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DownloadSponsor: [SBI $980DE8E4] Settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\OCS\PID
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\c.paypal.com\PayPalLSO.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=97
Properties.md5=E43EFCD081F0728540CCD7C6AFB0B439
Properties.filedate=1465647983
Properties.filedatetext=2016-06-11 12:26:22
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\entitlement.auth.adobe.com\authorization_access.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=61
Properties.md5=9E312161293F076A548E956986AC759E
Properties.filedate=1464022892
Properties.filedatetext=2016-05-23 17:01:31
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\entitlement.auth.adobe.com\social_data.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=48
Properties.md5=63E9DAD470D48185301EDB97B6C6AC64
Properties.filedate=1464022808
Properties.filedatetext=2016-05-23 17:00:07
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\images-na.ssl-images-amazon.com\mercury.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=69
Properties.md5=F74208F486570404E684F06FF0E758D5
Properties.filedate=1462205644
Properties.filedatetext=2016-05-02 16:14:03
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\prs3.midasplayer.com\kingdom-profile.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=65
Properties.md5=7D3A350F8793DF4B7DB70BDBE8035513
Properties.filedate=1462563112
Properties.filedatetext=2016-05-06 19:31:52
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\s.yimg.com\com.conviva.livePass.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=239
Properties.md5=32D6656686F1F9822664D67089DB01DE
Properties.filedate=1462474940
Properties.filedatetext=2016-05-05 19:02:20
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\s.ytimg.com\soundData.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=40
Properties.md5=31762F6F466719F9AF8E0656DCB64022
Properties.filedate=1466195270
Properties.filedatetext=2016-06-17 20:27:50
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\www.player.filmtrailer.com\analytics.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=419
Properties.md5=A770027FFF21041A88B8DFB4547BA9B2
Properties.filedate=1463526091
Properties.filedatetext=2016-05-17 23:01:30
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\www.tripadvisor.at\TA.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=62
Properties.md5=79376BCB45AFBB298862D9999CBF24CD
Properties.filedate=1464189893
Properties.filedatetext=2016-05-25 15:24:52
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\d3op16id4dloxg.cloudfront.net\dedupe.swf\glbl.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=70
Properties.md5=C0C2EB542CA3E7360E1692F2A4CCA08B
Properties.filedate=1463833442
Properties.filedatetext=2016-05-21 12:24:01
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\proxy-nl.hide.me\go.php\emp.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=125
Properties.md5=1AF2A7F33B4E41A8392BB6234A91DDCE
Properties.filedate=1463948312
Properties.filedatetext=2016-05-22 20:18:31
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\skype.com\#ui\preferences.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=234
Properties.md5=CD6EE4D9131742A3A2ED84F04A4B304F
Properties.filedate=1469732451
Properties.filedatetext=2016-07-28 19:00:51
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\soda1.midasplayer.com\Client.swf\grid_hint_database.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=100
Properties.md5=EB0B7C952D2035B461AEE71F9DDF7B7E
Properties.filedate=1465594591
Properties.filedatetext=2016-06-10 21:36:31
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\soda1.midasplayer.com\Client.swf\interstitial_timeout.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=60
Properties.md5=C4F09226A908101B6B03199E80CFBC3B
Properties.filedate=1465587670
Properties.filedatetext=2016-06-10 19:41:09
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\soda1.midasplayer.com\Client.swf\juego-starlevel.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=46
Properties.md5=316879C3F47F447DD0A5999D293FA129
Properties.filedate=1465589136
Properties.filedatetext=2016-06-10 20:05:35
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\soda1.midasplayer.com\Client.swf\messages.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=43
Properties.md5=3CEBA06F77F7CA5C5A21B840113362A6
Properties.filedate=1465587667
Properties.filedatetext=2016-06-10 19:41:07
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\wm1.midasplayer.com\WordMashSaga.swf\juego-starlevel.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=46
Properties.md5=316879C3F47F447DD0A5999D293FA129
Properties.filedate=1461958758
Properties.filedatetext=2016-04-29 19:39:18
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\prs3.midasplayer.com\swf\PetRescue.swf\LocalStorageUserData.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=131
Properties.md5=9D9F604DEAB409522CBA2977471F50AA
Properties.filedate=1468153512
Properties.filedatetext=2016-07-10 12:25:12
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\prs3.midasplayer.com\swf\PetRescue.swf\pr_hard_level_last_episode.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=95
Properties.md5=CE09A7BEA147BEC4B4D8C647E78F864D
Properties.filedate=1467670133
Properties.filedatetext=2016-07-04 22:08:53
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\prs3.midasplayer.com\swf\PetRescue.swf\pr_hard_level_last_level.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=93
Properties.md5=882824BC3248F405266A36A548C18150
Properties.filedate=1467670133
Properties.filedatetext=2016-07-04 22:08:53
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\prs3.midasplayer.com\swf\PetRescue.swf\pr_hard_level_number_of_fails.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=98
Properties.md5=635CDECE84ED295EDE68744CAA52AC0B
Properties.filedate=1467670133
Properties.filedatetext=2016-07-04 22:08:53
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\prs3.midasplayer.com\swf\PetRescue.swf\pr_mobile_install_offer.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=108
Properties.md5=A45DCACE0E235B3E695C870AD48C315D
Properties.filedate=1469483228
Properties.filedatetext=2016-07-25 21:47:07
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\prs3.midasplayer.com\swf\PetRescue.swf\pr_tutorial.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=156
Properties.md5=49135BD961EB337C61FF9283FA2F2151
Properties.filedate=1467669577
Properties.filedatetext=2016-07-04 21:59:37
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\prs3.midasplayer.com\swf\PetRescue.swf\storyLives.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=44
Properties.md5=6B62639080B21F0A42D8FD39A09D8BC3
Properties.filedate=1461525759
Properties.filedatetext=2016-04-24 19:22:39
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\prs3.midasplayer.com\swf\PetRescue.swf\WEATHER_WELCOME_DIALOG_SHOWN.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=103
Properties.md5=5D497C6D96D2CF1E9DC1B675D70D01A8
Properties.filedate=1465215013
Properties.filedatetext=2016-06-06 12:10:13
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\www.bbc.co.uk\emp\10player.swf\emp.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=125
Properties.md5=6054C627C03699592B5E2BFE4DAFAE28
Properties.filedate=1463946466
Properties.filedatetext=2016-05-22 19:47:45
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\www.filmon.com\#com.junkbyte\Console\UserData.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=105
Properties.md5=9A2B16BB37D5F91AF25A08399047A526
Properties.filedate=1466799448
Properties.filedatetext=2016-06-24 20:17:27
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\www.marketagent.com\MA_WebResources\sharedObject.swf\ma_ugc.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=89
Properties.md5=DCABDC6CA24E25F722D3D05D81364EBA
Properties.filedate=1462997665
Properties.filedatetext=2016-05-11 20:14:25
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Internet Explorer (Benutzer): Nici) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
CoreMetrics: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
FastClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
FastClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WebTrends live: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WebTrends live: [SBI $4E2AF2AC] Tracking cookie (Thunderbird: Nici (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Thunderbird: Nici (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Internet Explorer\TypedURLs
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1003\Software\Microsoft\Internet Explorer\TypedURLs
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Microsoft Management Console\Recent File List
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1003\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Ulead Gif Animator 5.05: [SBI $1E35409D] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Ulead Systems\Ulead GIF Animator\5.05\Recent File List
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Ulead Gif Animator 5.05: [SBI $5E698A90] Last open video folder (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Ulead Systems\Ulead GIF Animator\5.05\UI Settings\OpenVDir
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Ulead Gif Animator 5.05: [SBI $5BF40CE3] Last save as gif folder (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Ulead Systems\Ulead GIF Animator\5.05\UI Settings\Save GIF File Dir
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Ulead Gif Animator 5.05: [SBI $9CCDCA12] Last save folder (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Ulead Systems\Ulead GIF Animator\5.05\UI Settings\SaveDir
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Ulead VideoStudio 5.0: [SBI $7F6F8CD8] Recent audio folder list (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Ulead Systems\VIO\Recent Dir
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $7E93AD81] Open with list - .CSS extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\WinRAR\ArcHistory
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WinRAR: [SBI $A59A1C0A] Recent exe file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\WinRAR\DialogEditHistory\ArcName
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\WinRAR\General\LastFolder
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\WinRAR\DialogEditHistory\ExtrPath
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Cookie: [SBI $49804B54] Browser: Cookie (37) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Cache: [SBI $49804B54] Browser: Cache (1290) (Browser: Cache, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Verlauf: [SBI $49804B54] Browser: History (188) (Browser: History, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Cookie: [SBI $49804B54] Browser: Cookie (3215) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Cookie: [SBI $49804B54] Browser: Cookie (167) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Verlauf: [SBI $49804B54] Browser: History (9579) (Browser: History, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
--- Spybot - Search & Destroy version: 2.6.44.134 DLL (build: 20160321) ---
2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2016-03-21 SDCleaner.exe (2.6.44.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2016-03-21 SDImmunize.exe (2.6.44.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2016-03-21 SDScan.exe (2.6.44.181)
2014-06-24 SDScript.exe (2.4.40.54)
2016-03-21 SDSettings.exe (2.6.44.141)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2016-05-02 spybotsd2-install-iefreezefix.exe (2.4.40.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2015-03-25 spybotsd2-translation-hrx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)
2016-07-29 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2016-03-21 DelZip192.dll (1.9.2.132)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2015-03-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2016-03-21 SDScanLibrary.dll (2.6.44.134)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2015-04-22 Includes\Adware-000.sbi (*)
2015-08-05 Includes\Adware-001.sbi (*)
2016-07-27 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2015-07-29 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2016-07-06 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2015-12-23 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2016-05-27 Includes\Keyloggers-000.sbi (*)
2016-07-27 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2016-06-14 Includes\Malware-002.sbi (*)
2015-11-19 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2016-07-06 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2016-07-27 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2015-12-02 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2016-07-27 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-31 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2016-07-19 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2016-02-03 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
|
|
29.07.2016, 15:02
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infisziert mit Javaws.exe*32 das war ein scan mit MBAM, nicht MBAR Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ --> Infisziert mit Javaws.exe*32 |
|
29.07.2016, 15:11
| #7 |
| | Infisziert mit Javaws.exe*32 Danke. Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016 durchgeführt von Nici (Administrator) auf NICI-PC (29-07-2016 16:05:17) Gestartet von C:\Users\Nici\Desktop Geladene Profile: Nici & Nicole (Verfügbare Profile: Nici & Nicole) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe () C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\...\Run: [BRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe /tray HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\...\MountPoints2: {a8af6083-a037-11e5-bd2f-3085a9426f97} - G:\HiSuiteDownLoader.exe HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\...\MountPoints2: {d9243ee4-86e8-11e5-89f5-3085a9426f97} - G:\HiSuiteDownLoader.exe HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-04] (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nici\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nici\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nici\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nici\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nici\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nici\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nici\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 Tcpip\..\Interfaces\{741C61E0-A7D4-47B9-B95B-96025815B97B}: [DhcpNameServer] 10.0.0.138 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://at.search.yahoo.com/?fr=hp-avast&type=avastbcl HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://at.search.yahoo.com/?fr=hp-avast&type=avastbcl SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-2512360697-3570823552-3435949131-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2512360697-3570823552-3435949131-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2512360697-3570823552-3435949131-1000 -> {3E4A038E-EDDE-43FA-95F4-061A2ED93943} URL = hxxps://at.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-2512360697-3570823552-3435949131-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-21] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-21] (AVAST Software) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20] (Oracle Corporation) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei Toolbar: HKLM - Kein Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Keine Datei DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Nici\AppData\Roaming\Mozilla\Firefox\Profiles\kbqnark5.default-1450547907328 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-15] () FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-15] () FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-20] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Nici\AppData\Roaming\Mozilla\Firefox\Profiles\kbqnark5.default-1450547907328\searchplugins\youtube.xml [2016-01-03] FF Extension: WOT - C:\Users\Nici\AppData\Roaming\Mozilla\Firefox\Profiles\kbqnark5.default-1450547907328\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-20] FF Extension: All-in-One Sidebar - C:\Users\Nici\AppData\Roaming\Mozilla\Firefox\Profiles\kbqnark5.default-1450547907328\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2016-01-04] FF Extension: Browsizer - C:\Users\Nici\AppData\Roaming\Mozilla\Firefox\Profiles\kbqnark5.default-1450547907328\extensions\browsizer@nuko.org.xpi [2016-04-29] FF Extension: 1-Click YouTube Video Downloader - C:\Users\Nici\AppData\Roaming\Mozilla\Firefox\Profiles\kbqnark5.default-1450547907328\extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-05-09] FF Extension: Youtube MP3 Podcaster - C:\Users\Nici\AppData\Roaming\Mozilla\Firefox\Profiles\kbqnark5.default-1450547907328\extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2016-07-07] FF Extension: United States English Spellchecker - C:\Users\Nici\AppData\Roaming\Mozilla\Firefox\Profiles\kbqnark5.default-1450547907328\Extensions\en-US@dictionaries.addons.mozilla.org [2016-03-18] FF Extension: uBlock Origin - C:\Users\Nici\AppData\Roaming\Mozilla\Firefox\Profiles\kbqnark5.default-1450547907328\Extensions\uBlock0@raymondhill.net.xpi [2016-06-23] FF Extension: Adblock Plus - C:\Users\Nici\AppData\Roaming\Mozilla\Firefox\Profiles\kbqnark5.default-1450547907328\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-27] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-27] FF HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Nici\AppData\Roaming\Mozilla\Firefox\Profiles\doclmrzi.default-1379265117638\extensions\cliqz@cliqz.com => nicht gefunden StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_frg01_14_35_ff&cd=2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEtByC0FzyyB0DtDtDyBtN0D0Tzu0SzyyBtAtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzztByE0FzztD0BtGtCtC0F0DtG0AyCtA0CtGtAtDtByBtGyEyD0CyDzztCzyzytBtD0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0DtBtDtCyB0FtGzy0CyEyEtGyEyDzytCtGzy0AyCyEtGyEtDtB0EyE0DtAtDtAyC0FyC2Q&cr=2048917834&ir= CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/" CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR DefaultSuggestURL: Default -> hxxps://de.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\Nici\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Nici\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-08] CHR Extension: (Google Drive) - C:\Users\Nici\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-08] CHR Extension: (YouTube) - C:\Users\Nici\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-08] CHR Extension: (Google-Suche) - C:\Users\Nici\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-08] CHR Extension: (Avast SafePrice) - C:\Users\Nici\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-05-22] CHR Extension: (Google Docs Offline) - C:\Users\Nici\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-27] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Nici\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-27] CHR Extension: (Yahoo Web) - C:\Users\Nici\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2015-12-08] CHR Extension: (Google Mail) - C:\Users\Nici\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-08] CHR Extension: (Chrome Media Router) - C:\Users\Nici\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-07-27] CHR HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-21] CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-04] (AVAST Software) R2 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [138544 2015-05-20] () R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG) R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [192304 2015-05-20] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [Datei ist nicht signiert] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [34416 2016-03-24] (AnvSoft Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-04] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-04] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-04] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-04] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-04] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-04] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-04] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-04] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-04] (AVAST Software) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-07-28] () U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2015-05-07] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-29] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15680 2006-10-31] () R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) S3 cpuz130; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X] S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X] S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-07-29 16:05 - 2016-07-29 16:05 - 00022631 _____ C:\Users\Nici\Desktop\FRST.txt 2016-07-29 16:05 - 2016-07-29 16:05 - 00000000 ____D C:\FRST 2016-07-29 16:04 - 2016-07-29 16:04 - 02394112 _____ (Farbar) C:\Users\Nici\Desktop\FRST64.exe 2016-07-29 15:44 - 2016-07-29 15:44 - 00010524 _____ C:\Users\Nici\Desktop\malwarebytesLog.txt 2016-07-29 15:42 - 2016-07-29 15:42 - 00042261 _____ C:\Users\Nici\Desktop\SpyBot_Scan Results.160729-1542.txt 2016-07-29 06:27 - 2016-07-29 06:27 - 00009897 _____ C:\Users\Nici\Desktop\malwarebytesergebnis.txt 2016-07-29 06:26 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe 2016-07-29 06:16 - 2016-07-29 06:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2016-07-29 06:16 - 2016-07-29 06:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-07-29 06:16 - 2016-07-29 06:16 - 00001401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2016-07-29 06:16 - 2016-07-29 06:16 - 00001389 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2016-07-29 06:16 - 2016-07-29 06:16 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2016-07-29 06:16 - 2016-07-29 06:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2016-07-29 06:16 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2016-07-28 23:16 - 2016-07-28 23:16 - 00000000 _____ C:\autoexec.bat 2016-07-28 23:12 - 2016-07-28 23:12 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2016-07-28 23:07 - 2016-07-29 15:55 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-07-28 23:04 - 2016-07-28 23:04 - 00001112 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-07-28 23:04 - 2016-07-28 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-07-28 23:01 - 2016-07-28 23:03 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-07-28 23:01 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-07-28 23:01 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-07-28 23:01 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-07-27 22:08 - 2016-07-28 23:07 - 00000000 ____D C:\Users\Nici\Desktop\Fröhliche Weihnachten 2016-07-27 20:15 - 2016-07-27 20:15 - 00003910 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1450465139 2016-07-27 20:15 - 2016-07-27 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2016-07-27 20:12 - 2016-05-04 19:12 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-07-21 19:39 - 2016-07-21 19:39 - 00091992 _____ C:\Users\Nici\Desktop\Movies.ods 2016-07-19 21:59 - 2016-07-27 22:20 - 00000000 ____D C:\Windows\EOONotify 2016-07-19 19:53 - 2016-07-19 20:29 - 109524793 _____ (Games ) C:\Users\Nici\Desktop\FabulousAngelaSweetRevenge.exe 2016-07-18 16:53 - 2016-06-11 08:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-07-18 16:53 - 2016-06-11 06:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-07-18 16:53 - 2016-06-10 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-07-18 16:53 - 2016-06-10 23:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-07-18 16:53 - 2016-06-10 23:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-07-18 16:53 - 2016-06-10 23:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-07-18 16:53 - 2016-06-10 23:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-07-18 16:53 - 2016-06-10 23:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-07-18 16:53 - 2016-06-10 23:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-07-18 16:53 - 2016-06-10 23:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-07-18 16:53 - 2016-06-10 23:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-07-18 16:53 - 2016-06-10 23:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-07-18 16:53 - 2016-06-10 23:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-07-18 16:53 - 2016-06-10 23:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-07-18 16:53 - 2016-06-10 23:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-07-18 16:53 - 2016-06-10 23:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-07-18 16:53 - 2016-06-10 23:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-07-18 16:53 - 2016-06-10 23:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-07-18 16:53 - 2016-06-10 22:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-07-18 16:53 - 2016-06-10 22:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-07-18 16:53 - 2016-06-10 22:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-07-18 16:53 - 2016-06-10 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-07-18 16:53 - 2016-06-10 22:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-07-18 16:53 - 2016-06-10 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-07-18 16:53 - 2016-06-10 22:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-07-18 16:53 - 2016-06-10 22:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-07-18 16:53 - 2016-06-10 22:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-07-18 16:53 - 2016-06-10 22:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-07-18 16:53 - 2016-06-10 22:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-07-18 16:53 - 2016-06-10 22:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-07-18 16:53 - 2016-06-10 22:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-07-18 16:53 - 2016-06-10 22:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-07-18 16:53 - 2016-06-10 21:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-07-18 16:53 - 2016-06-10 21:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-07-18 16:53 - 2016-06-10 21:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-07-18 16:53 - 2016-06-10 21:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-07-18 16:53 - 2016-06-10 21:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-07-18 16:53 - 2016-06-10 20:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-07-18 16:53 - 2016-06-10 20:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-07-18 16:53 - 2016-06-10 20:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-07-18 16:53 - 2016-06-10 20:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-07-18 16:53 - 2016-06-10 20:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-07-18 16:53 - 2016-06-10 20:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-07-18 16:53 - 2016-06-10 20:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-07-18 16:53 - 2016-06-10 20:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-07-18 16:53 - 2016-06-10 20:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-07-18 16:53 - 2016-06-10 20:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-07-18 16:53 - 2016-06-10 20:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-07-18 16:53 - 2016-06-10 20:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-07-18 16:53 - 2016-06-10 20:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-07-18 16:53 - 2016-06-10 20:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-07-18 16:53 - 2016-06-10 20:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-07-18 16:53 - 2016-06-10 20:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-07-18 16:53 - 2016-06-10 20:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-07-18 16:53 - 2016-06-10 20:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-07-18 16:53 - 2016-06-10 20:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-07-18 16:53 - 2016-06-10 20:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-07-18 16:53 - 2016-06-10 20:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-07-18 16:53 - 2016-06-10 20:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-07-18 16:53 - 2016-06-10 20:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-07-18 16:53 - 2016-06-10 20:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-07-18 16:53 - 2016-06-10 20:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-07-18 16:53 - 2016-06-10 19:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-07-18 16:53 - 2016-06-10 19:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-07-18 16:53 - 2016-06-10 19:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-07-18 16:53 - 2016-06-10 19:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-07-18 16:52 - 2016-06-26 02:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-07-18 16:52 - 2016-06-26 02:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-07-18 16:52 - 2016-06-26 02:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2016-07-18 16:52 - 2016-06-26 02:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2016-07-18 16:52 - 2016-06-26 02:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll 2016-07-18 16:52 - 2016-06-26 02:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll 2016-07-18 16:52 - 2016-06-26 02:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll 2016-07-18 16:52 - 2016-06-25 21:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2016-07-18 16:52 - 2016-06-25 21:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll 2016-07-18 16:52 - 2016-06-25 21:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe 2016-07-18 16:52 - 2016-06-25 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe 2016-07-18 16:52 - 2016-06-25 21:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe 2016-07-18 16:52 - 2016-06-22 15:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2016-07-18 16:52 - 2016-06-17 20:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-07-18 16:52 - 2016-06-17 20:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-07-18 16:52 - 2016-06-17 20:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-07-18 16:52 - 2016-06-17 20:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-07-18 16:52 - 2016-06-17 20:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-07-18 16:52 - 2016-06-17 20:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-07-18 16:52 - 2016-06-14 17:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-07-18 11:31 - 2012-05-10 22:01 - 01503744 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libeay32.dll 2016-07-18 11:31 - 2012-05-10 22:01 - 00308736 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\ssleay32.dll 2016-07-17 14:36 - 2016-07-17 14:36 - 00000000 ____D C:\Users\Nici\Documents\Any Video Converter Ultimate 2016-07-17 14:32 - 2016-03-24 12:07 - 00034416 _____ (AnvSoft Inc.) C:\Windows\system32\Drivers\anvsnddrv.sys 2016-07-08 19:09 - 2016-07-08 19:14 - 62744353 ____R C:\Users\Nici\Desktop\Jan Hooks as Bette Davis on SNL (1989).wmv 2016-07-08 19:09 - 2016-07-08 19:14 - 62644417 ____R C:\Users\Nici\Desktop\Jan Hooks as Garbo on SNL (1989).wmv 2016-07-01 21:45 - 2016-07-02 10:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-07-29 16:02 - 2014-06-27 19:28 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-29 15:46 - 2009-07-14 06:45 - 00021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-29 15:46 - 2009-07-14 06:45 - 00021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-29 15:37 - 2015-08-11 19:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-07-29 13:21 - 2014-04-12 14:45 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-07-29 06:32 - 2015-06-17 21:27 - 00000000 ____D C:\Users\Nici\AppData\Local\HTC MediaHub 2016-07-29 06:31 - 2014-06-27 19:28 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-29 06:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-07-29 06:28 - 2013-10-28 20:00 - 00000000 ___RD C:\Users\Nici\Eigene Musik 2016-07-29 06:26 - 2015-12-03 19:59 - 00000000 ____D C:\Program Files\Common Files\AV 2016-07-29 03:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2016-07-29 00:56 - 2014-06-27 19:28 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-29 00:56 - 2014-06-27 19:28 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-28 23:14 - 2014-02-09 21:43 - 00000000 ____D C:\Users\Nici 2016-07-28 23:05 - 2014-02-12 19:13 - 00000000 ____D C:\Users\Nici\AppData\Roaming\Malwarebytes 2016-07-28 23:01 - 2014-02-12 19:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-07-28 22:07 - 2014-02-12 20:25 - 00000000 ____D C:\Users\Nici\AppData\Roaming\Skype 2016-07-27 22:20 - 2015-04-05 00:07 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-07-27 22:20 - 2015-04-05 00:06 - 00000000 ___SD C:\Windows\system32\GWX 2016-07-27 21:10 - 2014-05-25 21:04 - 03740672 ___SH C:\Users\Nici\Desktop\Thumbs.db 2016-07-27 21:05 - 2016-04-05 19:55 - 00000000 ____D C:\Users\Nicole 2016-07-27 21:05 - 2015-12-03 19:59 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2016-07-27 21:05 - 2015-05-03 22:19 - 00000000 ____D C:\ProgramData\Oracle 2016-07-27 21:05 - 2015-05-03 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-07-27 21:05 - 2015-05-03 22:19 - 00000000 ____D C:\Program Files (x86)\Java 2016-07-27 21:05 - 2011-04-12 09:54 - 00000000 ___RD C:\Users\Public\Recorded TV 2016-07-27 21:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2016-07-27 20:28 - 2011-04-12 09:43 - 00699092 _____ C:\Windows\system32\perfh007.dat 2016-07-27 20:28 - 2011-04-12 09:43 - 00149232 _____ C:\Windows\system32\perfc007.dat 2016-07-27 20:28 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-27 20:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-07-27 20:23 - 2014-08-31 17:23 - 00000347 _____ C:\Users\Nici\AppData\Roaming\WB.CFG 2016-07-27 20:20 - 2015-12-11 19:52 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-07-27 20:20 - 2014-02-12 20:25 - 00000000 ____D C:\ProgramData\Skype 2016-07-25 22:21 - 2014-02-24 22:45 - 00184832 ___SH C:\Users\Nici\Thumbs.db 2016-07-25 18:26 - 2012-09-04 18:18 - 00788480 _____ C:\Users\Nici\Desktop\Filmliste.xls 2016-07-22 22:35 - 2015-09-02 20:12 - 00000000 ____D C:\Users\Nici\.oracle_jre_usage 2016-07-19 21:54 - 2014-02-12 13:44 - 00000000 ____D C:\Users\Nici\AppData\Roaming\uTorrent 2016-07-19 20:37 - 2014-02-10 19:35 - 00000000 ____D C:\Users\Nici\AppData\Roaming\MediaMonkey 2016-07-19 19:58 - 2014-09-19 21:48 - 00000000 ____D C:\Users\Nici\AppData\Roaming\vlc 2016-07-19 19:47 - 2009-07-14 06:45 - 00543136 _____ C:\Windows\system32\FNTCACHE.DAT 2016-07-19 19:44 - 2015-04-17 20:43 - 00000000 ____D C:\Windows\system32\appraiser 2016-07-19 19:44 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal 2016-07-18 22:49 - 2014-02-10 19:04 - 00000000 ____D C:\Windows\system32\MRT 2016-07-18 22:43 - 2014-02-10 19:04 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-07-18 11:29 - 2012-06-12 14:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-07-17 15:04 - 2014-02-13 18:51 - 00000000 ____D C:\ProgramData\TEMP 2016-07-17 14:43 - 2014-04-18 21:41 - 00000000 ____D C:\Program Files (x86)\AnvSoft 2016-07-17 14:37 - 2014-04-18 21:41 - 00000000 ____D C:\Users\Nici\AppData\Roaming\AnvSoft 2016-07-17 13:53 - 2016-05-22 20:05 - 00000946 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-07-15 22:37 - 2016-05-22 20:05 - 00003936 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2016-07-15 22:37 - 2015-08-11 19:14 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-07-15 22:37 - 2014-02-10 21:37 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-07-15 22:37 - 2014-02-10 21:37 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-07-15 20:37 - 2014-02-10 21:37 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-07-15 20:37 - 2014-02-10 21:37 - 00000000 ____D C:\Windows\system32\Macromed 2016-07-15 20:15 - 2014-12-26 11:47 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-07-15 20:14 - 2015-11-02 23:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-07-04 14:51 - 2014-02-10 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey 2016-07-04 14:51 - 2014-02-10 19:35 - 00000000 ____D C:\Program Files (x86)\MediaMonkey 2016-07-03 14:26 - 2016-04-14 19:06 - 00000000 ____D C:\Users\Nici\AppData\Roaming\Tox 2016-07-03 10:22 - 2015-02-07 14:41 - 00000000 ____D C:\Users\Nici\AppData\Roaming\MiniLyrics 2016-07-03 10:22 - 2015-02-07 14:41 - 00000000 ____D C:\Lyrics 2016-07-03 10:09 - 2014-02-09 23:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-07-03 10:09 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-08-07 20:11 - 2015-10-16 14:59 - 0191488 _____ (Igor Pavlov) C:\Program Files (x86)\7zxa.dll 2014-08-07 20:11 - 2016-02-04 01:38 - 0069120 _____ () C:\Program Files (x86)\Ace32Loader.exe 2014-02-10 19:33 - 2016-02-04 18:57 - 0219648 _____ () C:\Program Files (x86)\Default.SFX 2014-02-10 19:33 - 2016-02-04 18:57 - 0277968 _____ () C:\Program Files (x86)\Default64.SFX 2014-02-10 19:33 - 2016-02-04 18:57 - 0001333 _____ () C:\Program Files (x86)\Descript.ion 2014-02-10 19:33 - 2016-02-04 18:57 - 0015805 _____ () C:\Program Files (x86)\License.txt 2014-02-10 19:33 - 2016-02-08 13:39 - 0004016 _____ () C:\Program Files (x86)\Order.htm 2014-02-10 19:33 - 2016-02-04 01:38 - 0539136 _____ (Alexander Roshal) C:\Program Files (x86)\Rar.exe 2014-02-10 19:33 - 2016-02-04 18:57 - 0040716 _____ () C:\Program Files (x86)\rar.lng 2014-02-10 19:33 - 2016-02-04 18:57 - 0132502 _____ () C:\Program Files (x86)\Rar.txt 2014-02-10 19:33 - 2016-02-04 01:38 - 0338936 _____ (Alexander Roshal) C:\Program Files (x86)\RarExt.dll 2014-02-10 19:33 - 2016-02-04 18:57 - 0003646 _____ () C:\Program Files (x86)\rarext.lng 2014-02-10 19:33 - 2016-02-04 01:38 - 0284160 _____ (Alexander Roshal) C:\Program Files (x86)\RarExt32.dll 2014-02-10 19:33 - 2016-02-04 18:57 - 0001400 _____ () C:\Program Files (x86)\RarFiles.lst 2014-02-10 19:33 - 2014-02-10 19:33 - 0000020 _____ () C:\Program Files (x86)\rarnew.dat 2014-02-10 19:33 - 2016-02-04 18:57 - 0001777 _____ () C:\Program Files (x86)\ReadMe.txt 2014-08-07 20:11 - 2005-08-26 01:50 - 0077312 _____ () C:\Program Files (x86)\UNACEV2.DLL 2014-02-10 19:33 - 2016-02-16 13:30 - 0195064 _____ (Alexander Roshal) C:\Program Files (x86)\Uninstall.exe 2014-02-10 19:33 - 2016-02-16 13:20 - 0008584 _____ () C:\Program Files (x86)\uninstall.lng 2014-02-10 19:33 - 2016-02-04 01:39 - 0000443 _____ () C:\Program Files (x86)\Uninstall.lst 2014-02-10 19:33 - 2016-02-04 01:38 - 0344064 _____ (Alexander Roshal) C:\Program Files (x86)\UnRAR.exe 2014-02-10 19:33 - 2016-02-04 18:57 - 0071137 _____ () C:\Program Files (x86)\WhatsNew.txt 2014-02-10 19:33 - 2016-02-04 18:57 - 0244492 _____ (Alexander Roshal) C:\Program Files (x86)\WinCon.SFX 2014-02-10 19:33 - 2016-02-04 18:57 - 0286476 _____ (Alexander Roshal) C:\Program Files (x86)\WinCon64.SFX 2014-02-10 19:33 - 2016-02-04 18:57 - 0370141 _____ () C:\Program Files (x86)\WinRAR.chm 2014-02-10 19:33 - 2016-02-16 13:30 - 1539584 _____ (Alexander Roshal) C:\Program Files (x86)\WinRAR.exe 2014-02-10 19:33 - 2016-02-09 16:49 - 0107034 _____ () C:\Program Files (x86)\winrar.lng 2014-02-10 19:33 - 2016-02-04 18:57 - 0164352 _____ () C:\Program Files (x86)\Zip.SFX 2014-02-10 19:33 - 2016-02-04 18:57 - 0200144 _____ () C:\Program Files (x86)\Zip64.SFX 2014-02-10 19:33 - 2014-02-10 19:33 - 0000022 _____ () C:\Program Files (x86)\zipnew.dat 2014-08-02 10:12 - 2014-08-02 10:12 - 0099384 _____ () C:\Users\Nici\AppData\Roaming\inst.exe 2014-08-02 10:12 - 2014-08-02 10:12 - 0007859 _____ () C:\Users\Nici\AppData\Roaming\pcouffin.cat 2014-08-02 10:12 - 2014-08-02 10:12 - 0001167 _____ () C:\Users\Nici\AppData\Roaming\pcouffin.inf 2014-08-02 10:13 - 2014-08-02 10:13 - 0000034 _____ () C:\Users\Nici\AppData\Roaming\pcouffin.log 2014-08-02 10:12 - 2014-08-02 10:12 - 0082816 _____ (VSO Software) C:\Users\Nici\AppData\Roaming\pcouffin.sys 2014-08-31 17:23 - 2016-07-27 20:23 - 0000347 _____ () C:\Users\Nici\AppData\Roaming\WB.CFG 2014-07-14 20:44 - 2016-04-25 16:13 - 0001456 _____ () C:\Users\Nici\AppData\Local\Adobe Für Web speichern 11.0 Prefs 2014-12-02 21:23 - 2014-12-18 21:23 - 0000010 _____ () C:\Users\Nici\AppData\Local\DSI.DAT 2014-02-09 21:45 - 2014-02-09 21:45 - 0017408 _____ () C:\Users\Nici\AppData\Local\WebpageIcons.db ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-07-29 02:47 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-07-2016
durchgeführt von Nici (2016-07-29 16:06:06)
Gestartet von C:\Users\Nici\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-02-09 19:43:38)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2512360697-3570823552-3435949131-500 - Administrator - Disabled)
Gast (S-1-5-21-2512360697-3570823552-3435949131-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2512360697-3570823552-3435949131-1002 - Limited - Enabled)
Nici (S-1-5-21-2512360697-3570823552-3435949131-1000 - Administrator - Enabled) => C:\Users\Nici
Nicole (S-1-5-21-2512360697-3570823552-3435949131-1003 - Administrator - Enabled) => C:\Users\Nicole
Sicherheitskonto (S-1-5-21-2512360697-3570823552-3435949131-1004 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
µTorrent (HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
AVS Screen Capture version 2.0.1 (HKLM-x32\...\AVS Screen Capture_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Recorder 2.4 (HKLM-x32\...\AVS Video Recorder_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious Emilys Hopes and Fears 1.00 (HKLM-x32\...\Delicious Emilys Hopes and Fears 1.00) (Version: 1.00 - Games)
dm FOTO Paradies + CEWE FOTOBUCH (HKLM-x32\...\dm FOTO Paradies + CEWE FOTOBUCH) (Version: 6.1.3 - CEWE Stiftung u Co. KGaA)
Dropbox (HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\...\Dropbox) (Version: 2.8.0 - Dropbox, Inc.)
DVDFab 6.2.1.8 (31/12/2009) (HKLM-x32\...\DVDFab 6_is1) (Version: - Fengtao Software Inc.)
Free DVD Video Burner version 2.4 (HKLM-x32\...\Free DVD Video Burner_is1) (Version: - DVDVideoSoft Limited.)
Free Video to DVD Converter version 1.6 (HKLM-x32\...\Free Video to DVD Converter_is1) (Version: - DVDVideoSoft Limited.)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 41.003.55.00.06 - Huawei Technologies Co.,Ltd)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.46.0 - HTC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Machete 3.8 (HKLM-x32\...\{3BE24392-35A7-4A84-AA82-EF53EFCA2AF8}) (Version: 3.8.22 - MacheteSoft)
Mah Jong Quest III Balance of Life 3.5 (HKLM-x32\...\Mah Jong Quest III Balance of Life 3.5) (Version: - )
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
MiniLyrics (HKLM-x32\...\MiniLyrics) (Version: 7.6.44 - Crintsoft)
Mozilla Firefox 27.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0 (x86 de)) (Version: 27.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.1.0 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 de)) (Version: 45.2.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
qTox (HKLM-x32\...\qTox) (Version: 1.0 - The qTox Project)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6215 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.23.2.4686 - Enigma Software Group, LLC)
Trivial Pursuit (HKLM-x32\...\Trivial Pursuit) (Version: - )
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.00 - NCH Software)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.17 - NCH Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wireshark 2.0.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2512360697-3570823552-3435949131-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nici\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2512360697-3570823552-3435949131-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nici\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2512360697-3570823552-3435949131-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nici\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2512360697-3570823552-3435949131-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nici\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2512360697-3570823552-3435949131-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nici\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0D622FFA-73B5-400E-88EA-0166904F5B81} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {0F576545-09FD-4106-805E-E1443A22E42B} - System32\Tasks\{E75818F1-9666-413B-9516-5599661CAE87} => pcalua.exe -a "C:\Program Files (x86)\Games\Puzzle Detective\ReflexiveArcade\unins000.exe"
Task: {26B32698-2E4A-4C3F-AFE3-A76AEC71ED89} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-04] (AVAST Software)
Task: {2EB6F649-440F-48D6-9528-6091AE392973} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {67326CAB-4C60-483F-844A-FAA6FE3BF4E0} - System32\Tasks\{F6655A61-9162-461B-A0F6-B546547840A3} => pcalua.exe -a E:\Spiele\BonniesBookstoreSetup.exe -d E:\Spiele
Task: {6DF597EC-8235-4357-B3CD-5552A6C88AF5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {940CB9D6-B22C-4E3A-AAE1-516F1B0B3FD2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {9C2E9BF7-AE4D-4B61-BEBA-AB2E30422055} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {9E29CBCC-CC77-4577-8662-1A0446B578B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {A3426233-E2BB-4CFF-B30B-031899D11A94} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-15] (Adobe Systems Incorporated)
Task: {A60782A2-20A8-4819-9B41-F7CD4683485E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-15] (Adobe Systems Incorporated)
Task: {D2C4022B-B709-4B40-9C2A-937B1BB26E5B} - System32\Tasks\Microsoft\Windows\Setup\EOONotify => C:\Windows\EOONotify\EOONotify.exe [2016-07-08] (Microsoft Corporation)
Task: {DBADB964-55F0-4046-BC0F-6CD05E94A28F} - System32\Tasks\SafeZone scheduled Autoupdate 1450465139 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {DC848217-1B85-4018-A6CB-E966CCFE849D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {FD229CD7-8EC7-4E3A-81FA-7CB60ECF75DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\Nici\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-01-05 23:16 - 2015-05-20 12:46 - 00138544 _____ () C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
2016-01-05 23:16 - 2015-05-20 12:46 - 00192304 _____ () C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-04-13 15:44 - 2015-04-13 15:44 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2016-05-04 19:11 - 2016-05-04 19:11 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-04 19:11 - 2016-05-04 19:11 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-28 18:49 - 2016-07-28 18:49 - 03002368 _____ () C:\Program Files\AVAST Software\Avast\defs\16072801\algo.dll
2016-05-04 19:11 - 2016-05-04 19:11 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-05-04 19:11 - 2016-05-04 19:11 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-07-29 15:44 - 2016-07-29 15:44 - 03002880 _____ () C:\Program Files\AVAST Software\Avast\defs\16072900\algo.dll
2015-04-13 15:43 - 2015-04-13 15:43 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2015-04-13 15:43 - 2015-04-13 15:43 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2015-04-13 15:44 - 2015-04-13 15:44 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2015-04-13 15:44 - 2015-04-13 15:44 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2015-04-13 15:44 - 2015-04-13 15:44 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2015-04-13 15:45 - 2015-04-13 15:45 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2015-04-13 15:47 - 2015-04-13 15:47 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2016-07-29 06:16 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-07-29 06:16 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-07-29 06:16 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-07-29 06:16 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-07-29 06:16 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-12-17 19:56 - 2015-12-17 19:56 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-07-29 06:16 - 2014-04-25 14:11 - 02972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll
2016-04-28 19:32 - 2016-04-28 19:32 - 00008704 _____ () C:\Users\Nici\AppData\Roaming\Thunderbird\Profiles\7n0alw1o.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:56AD65A1 [252]
AlternateDataStreams: C:\ProgramData\TEMP:EEFA1B22 [134]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nici\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2512360697-3570823552-3435949131-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{B686185B-D47E-4B81-8AE9-0A9515A0AA6A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2718D4AE-6E15-4467-B1D9-E19C093019F9}] => (Allow) LPort=2869
FirewallRules: [{DB17FC7B-E314-46FC-9997-3335899667A2}] => (Allow) LPort=1900
FirewallRules: [{A395BC41-40E9-458B-93AF-72C4C662CBC6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7E7CB60D-D59A-45B0-AEFB-D92E98AC53C5}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{AE7E3C99-A4B6-49D2-BA0D-30F725123FBE}] => (Allow) C:\Users\Nici\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{91261DFF-5ACB-4960-83EA-84F586DCE96F}] => (Allow) C:\Users\Nici\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{79C538A2-9142-4437-A96D-D370770758DA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{D804A35B-FBBA-49FE-A2D4-425CECF79749}C:\program files (x86)\hasbro interactive\trivial pursuit\tp.exe] => (Allow) C:\program files (x86)\hasbro interactive\trivial pursuit\tp.exe
FirewallRules: [UDP Query User{3A28472A-9449-46EF-95A7-A69F36255CC4}C:\program files (x86)\hasbro interactive\trivial pursuit\tp.exe] => (Allow) C:\program files (x86)\hasbro interactive\trivial pursuit\tp.exe
FirewallRules: [{87616559-4A29-48B4-9DD0-9A97F626D860}] => (Allow) C:\Users\Nici\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4626ACB6-159E-48AB-8736-47AD8E2A56E1}] => (Allow) C:\Users\Nici\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{89DD0169-7B5D-4370-B114-61DABE716CCC}] => (Allow) C:\Users\Nici\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{88544F0C-5033-4EC6-96C2-5A1A13654A1F}] => (Allow) C:\Users\Nici\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{99451D9F-1F52-492B-9E05-FA15E9F25C36}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D71CB04B-08C2-4941-98A7-75D20717A100}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{0B13D5B6-A82E-466A-A33A-C012EBEFF906}] => (Allow) C:\Program Files (x86)\webcam 7\webcam7.exe
FirewallRules: [{C6C8BBC0-1A94-40A0-9713-1102DABF4311}] => (Allow) C:\Program Files (x86)\webcam 7\webcam7.exe
FirewallRules: [{63A5B4BD-9EB7-41A7-8A95-97F2C2081C10}] => (Allow) C:\Program Files (x86)\webcam 7\webcam7.Service.exe
FirewallRules: [{79BDF7A3-6AEC-439B-976F-183F5D014E5F}] => (Allow) C:\Program Files (x86)\webcam 7\webcam7.Service.exe
FirewallRules: [TCP Query User{D79AAF56-0D9D-48C6-993F-E2F6F44ACC10}C:\users\nici\desktop\utox_windows_x86-64\utox.exe] => (Allow) C:\users\nici\desktop\utox_windows_x86-64\utox.exe
FirewallRules: [UDP Query User{02677DA7-EF5F-4DE7-A85E-B023D4B4DB1D}C:\users\nici\desktop\utox_windows_x86-64\utox.exe] => (Allow) C:\users\nici\desktop\utox_windows_x86-64\utox.exe
FirewallRules: [TCP Query User{0FD431AC-952C-4D6F-BA34-0052B3916E0C}C:\program files\qtox\bin\qtox.exe] => (Allow) C:\program files\qtox\bin\qtox.exe
FirewallRules: [UDP Query User{E0BACC7C-3BA9-4471-ACEC-D8801C61942E}C:\program files\qtox\bin\qtox.exe] => (Allow) C:\program files\qtox\bin\qtox.exe
FirewallRules: [{CAEE4F85-0872-46B0-9D6E-29F29BE7BA81}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [{6EC7CAD7-30C8-4360-90D7-0F18408F0CC4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EFCF2F29-61FA-4EA5-9B02-CD77E17714A5}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe
FirewallRules: [{06339475-FC63-4EB9-9AF1-75C7240289F0}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Wiederherstellungspunkte =========================
27-07-2016 20:41:20 Windows Update
27-07-2016 22:19:18 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (07/29/2016 06:32:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/28/2016 11:00:03 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Removed Java 8 Update 91; Fehler = 0x81000101).
Error: (07/28/2016 10:25:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm thunderbird.exe, Version 45.2.0.6025 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 970
Startzeit: 01d1e8f0ef4b3f2e
Endzeit: 2683
Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Berichts-ID: 499d3cee-5501-11e6-b3e3-3085a9426f97
Error: (07/28/2016 06:51:43 PM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows (1216) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk konnte nicht geschrieben werden. Fehler -1032.
Error: (07/28/2016 06:51:43 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (1216) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (07/28/2016 06:49:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/28/2016 07:18:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/27/2016 08:18:32 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT-AUTORITÄT)
Description: Fehler beim Starten einer Windows Installer-Transaktion: ASU_MSI_TRAN. Fehler 1603 beim Starten der Transaktion.
Error: (07/27/2016 08:09:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/25/2016 06:15:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Systemfehler:
=============
Error: (07/29/2016 06:32:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053 = Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (07/29/2016 06:32:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (07/29/2016 05:19:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.
Error: (07/29/2016 05:18:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.
Error: (07/29/2016 05:15:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.
Error: (07/29/2016 02:09:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.
Error: (07/28/2016 06:55:18 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (07/28/2016 06:55:14 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (07/28/2016 06:54:54 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (07/28/2016 06:54:50 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
CodeIntegrity:
===================================
Date: 2014-02-13 16:13:03.788
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_c014624816718091\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-13 16:13:03.601
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_c014624816718091\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-13 16:13:03.492
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_c014624816718091\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-13 16:13:03.273
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-13 16:13:03.149
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-13 16:13:03.024
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-13 16:00:05.020
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-13 16:00:04.879
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-13 16:00:04.770
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-13 16:00:04.614
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appid.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Speicherinformationen ===========================
Prozessor: AMD FX(tm)-4100 Quad-Core Processor
Prozentuale Nutzung des RAM: 33%
Installierter physikalischer RAM: 7918.12 MB
Verfügbarer physikalischer RAM: 5227.82 MB
Summe virtueller Speicher: 18892.69 MB
Verfügbarer virtueller Speicher: 14735.7 MB
==================== Laufwerke ================================
Drive c: (System) (Fixed) (Total:921.75 GB) (Free:485.6 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (Harddrive) (Fixed) (Total:1863.01 GB) (Free:21.51 GB) NTFS
Drive e: () (Fixed) (Total:149.04 GB) (Free:20.65 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: CFC6CFC6)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 02A48289)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=921.7 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 2275824E)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
29.07.2016, 21:00
| #8 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infisziert mit Javaws.exe*32Zitat:
Zitat:
Auch andere Freewareanbieter wie Avira, AVG oder Panda springen auf diesen oder ähnlichen Zügen rauf, basteln Junkware in die Setups, arbeiten mit ASK zusammen etc; so was ist bei Sicherheitssoftware einfach inakzeptabel. Gib Bescheid wenn Avast weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.07.2016, 21:24
| #9 |
| | Infisziert mit Javaws.exe*32 OK, die Programme sind deinstalliert. Und jetzt? |
|
29.07.2016, 21:31
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infisziert mit Javaws.exe*32 Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.07.2016, 08:52
| #11 |
| | Infisziert mit Javaws.exe*32 Hallo, gestern Nachmittag hab ich die mit Spybot gefundenen Bedrohungen in Quarantäne gesteckt. Ist das dann der Grund wieso Malwarebytes Anti-Rootkit nichts gefunden hat? Kann ich mir sicher sein, dass da jetzt nichts gefährliches mehr drauf ist? Und welches ANtivirusprogramm soll ich jetzt verwenden? Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.07.29.11
rootkit: v2016.05.27.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18376
Nici :: NICI-PC [administrator]
29.07.2016 22:46:25
mbar-log-2016-07-29 (22-46-25).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 353751
Time elapsed: 1 hour(s), 5 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
30.07.2016, 19:17
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infisziert mit Javaws.exe*32 Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Infisziert mit Javaws.exe*32 |
| abschalten, avast, brauch, computer, daten, diverse, einfach, heute, hochfahren, home, internet, kleine, malwarebytes, morgen, namen, natürlich, neustart, nicht mehr, problem, prozesse, spybot, tan, trojaner, virenscan, win |
Linear-Darstellung
