Libertine13 | 29.07.2016 14:49 | Ok, werde ich dann sobald ich kann machen. Danke erst mal. Malwarebytes Log von gestern, hab dann das gefundene in Quarantäne gesteckt.
Hatte bei beiden Scans immer Avast laufen... Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlaufdatum: 29.07.2016
Suchlaufzeit: 06:01
Protokolldatei: malwarebytesLog.txt
Administrator: Ja
Version: 2.2.1.1043
Malware-Datenbank: v2016.07.29.02
Rootkit-Datenbank: v2016.05.27.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Nici
Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 356338
Abgelaufene Zeit: 23 Min., 37 Sek.
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert
Prozesse: 0
(keine bösartigen Elemente erkannt)
Module: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 12
PUP.Optional.SearchProtect.AppFlsh, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [cbfba980504af24425672d693ac808f8],
PUP.Optional.Astromenda, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, In Quarantäne, [65616cbddfbb9a9c27dbc5d3a85b51af],
PUP.Optional.Astromenda, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WSE_Astromenda, Löschen bei Neustart, [12b47faa83172115b84e5741e02317e9],
PUP.Optional.InstallCore, HKLM\SOFTWARE\WOW6432NODE\InstallCore, In Quarantäne, [fbcb6dbcd8c2be78a4bf891e60a3cc34],
PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, In Quarantäne, [66601f0a6f2b79bd8a78b8e00cf73bc5],
PUP.Optional.InstallCore, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE_Astromenda, In Quarantäne, [9a2c9693d7c3979fb5af9e0906fd09f7],
PUP.Optional.Astromenda, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\astromenda, In Quarantäne, [7b4bf138bdddd75f1ae2eaad7e8556aa],
PUP.Optional.InstallCore, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\InstallCore, In Quarantäne, [7c4ab277316946f0a5bdd4d33ec5c23e],
PUP.Optional.Astromenda, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\WSE_Astromenda, In Quarantäne, [daecad7cd7c395a104fde5b3fc07a858],
PUP.Optional.Astromenda, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, In Quarantäne, [299d37f2d6c440f6738a9304b74c47b9],
PUP.Optional.Trovi, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}, In Quarantäne, [dfe781a8bbdf34028afb9c1d4ab908f8],
PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WSE_Astromenda, In Quarantäne, [279f4ddc3466082e766e4464cd35e41c],
Registrierungswerte: 8
PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, In Quarantäne, [982e6fba3e5cf2447a89524647bcc937]
PUP.Optional.Astromenda, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_35_ff&cd=2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEtByC0FzyyB0DtDtDyBtN0D0Tzu0SzyyBtAtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzztByE0FzztD0BtGtCtC0F0DtG0AyCtA0CtGtAtDtByBtGyEyD0CyDzztCzyzytBtD0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0DtBtDtCyB0FtGzy0CyEyEtGyEyDzytCtGzy0AyCyEtGyEtDtB0EyE0DtAtDtAyC0FyC2Q&cr=2048917834&ir=, In Quarantäne, [26a0ee3ba7f3e05603fb2b6c7b8842be]
PUP.Optional.Astromenda, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|TopResultURLFallback, hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_35_ff&cd=2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEtByC0FzyyB0DtDtDyBtN0D0Tzu0SzyyBtAtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzztByE0FzztD0BtGtCtC0F0DtG0AyCtA0CtGtAtDtByBtGyEyD0CyDzztCzyzytBtD0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0DtBtDtCyB0FtGzy0CyEyEtGyEyDzytCtGzy0AyCyEtGyEtDtB0EyE0DtAtDtAyC0FyC2Q&cr=2048917834&ir=, In Quarantäne, [cdf9b4758b0f1125fd01eaad758ed32d]
PUP.Optional.Astromenda, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|FaviconPath, C:\Program Files (x86)\WSE_Astromenda\\FavIcon.ico, In Quarantäne, [6f57b5745347cf677f7f0d8a22e1d32d]
PUP.Optional.Astromenda, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Astromenda, In Quarantäne, [d4f2eb3e19815fd7a5593562a55e718f]
PUP.Optional.Astromenda, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Astromenda, In Quarantäne, [8442a089d8c2cd69f509a4f35da69b65]
PUP.Optional.Trovi, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|URL, hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP13C10E43-FE92-433B-B624-66CB60225E3A&q={searchTerms}&SSPV=, In Quarantäne, [dfe781a8bbdf34028afb9c1d4ab908f8]
PUP.Optional.Conduit, HKU\S-1-5-21-2512360697-3570823552-3435949131-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|SuggestionsURL_JSON, hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, In Quarantäne, [5076bf6a4357290d32a7019b7e85837d]
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Ordner: 8
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda, In Quarantäne, [279f4ddc3466082e766e4464cd35e41c],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\bh, In Quarantäne, [279f4ddc3466082e766e4464cd35e41c],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS, In Quarantäne, [279f4ddc3466082e766e4464cd35e41c],
PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\Astromenda, In Quarantäne, [d5f1d257930705318ae45657fb0703fd],
PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\Astromenda\BRS, In Quarantäne, [d5f1d257930705318ae45657fb0703fd],
PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\WSE_Astromenda, In Quarantäne, [5d698f9afc9e67cf80ef04a9c63c46ba],
PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\WSE_Astromenda\UpdateProc, In Quarantäne, [5d698f9afc9e67cf80ef04a9c63c46ba],
PUP.Optional.Astromenda, C:\Users\Nici\AppData\Local\Astromenda, In Quarantäne, [675f919846543df9a5d0ffae4ab8e020],
Dateien: 21
PUP.Optional.Downloader, C:\Users\Nici\Eigene Musik\FileZilla - CHIP-Installer.exe, In Quarantäne, [dde9bf6a762450e6847d68af45bb22de],
PUP.Optional.Conduit, C:\Users\Nici\Downloads\zaSetupWeb_102_078_000.exe, In Quarantäne, [5f673feae3b70a2c5ae21a9b17eab64a],
PUP.Optional.DsiLoad, C:\Users\Nici\AppData\Local\dsisetup15034442.exe, In Quarantäne, [e4e24fda1d7d52e453bfa268c63b7a86],
PUP.Optional.DsiLoad, C:\Users\Nici\AppData\Local\dsisetup19427272.exe, In Quarantäne, [7a4c1d0c41595cda1bf78783c33e51af],
PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\Mozilla\Firefox\Profiles\2qifn27a.default\searchplugins\Astromenda.xml, In Quarantäne, [5e684ddc5743ba7cbbef6c796b97926e],
PUP.Optional.Astromenda, C:\Windows\System32\Tasks\WSE_Astromenda, In Quarantäne, [982e6dbc75252d094aaf395ede25c739],
PUP.Optional.Astromenda, C:\Windows\Tasks\WSE_Astromenda.job, In Quarantäne, [55714fda87131d19eb0f22759172ae52],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\FavIcon.ico, In Quarantäne, [279f4ddc3466082e766e4464cd35e41c],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\Sqlite3.dll, In Quarantäne, [279f4ddc3466082e766e4464cd35e41c],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\uninst.dat, In Quarantäne, [279f4ddc3466082e766e4464cd35e41c],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\uninstall.exe, In Quarantäne, [279f4ddc3466082e766e4464cd35e41c],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\Sqlite3.dll, In Quarantäne, [279f4ddc3466082e766e4464cd35e41c],
PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\Astromenda\BRS\stats, In Quarantäne, [d5f1d257930705318ae45657fb0703fd],
PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\WSE_Astromenda\UpdateProc\config.dat, In Quarantäne, [5d698f9afc9e67cf80ef04a9c63c46ba],
PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\WSE_Astromenda\UpdateProc\info.dat, In Quarantäne, [5d698f9afc9e67cf80ef04a9c63c46ba],
PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\WSE_Astromenda\UpdateProc\STTL.DAT, In Quarantäne, [5d698f9afc9e67cf80ef04a9c63c46ba],
PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\WSE_Astromenda\UpdateProc\TTL.DAT, In Quarantäne, [5d698f9afc9e67cf80ef04a9c63c46ba],
PUP.Optional.Astromenda, C:\Users\Nici\AppData\Local\Astromenda\astcnfg.dat, In Quarantäne, [675f919846543df9a5d0ffae4ab8e020],
PUP.Optional.Astromenda, C:\Users\Nici\AppData\Local\Astromenda\data, In Quarantäne, [675f919846543df9a5d0ffae4ab8e020],
PUP.Optional.Astromenda, C:\Users\Nici\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Schlecht: ("session":{"restore_on_startup":4,"startup_urls":["hxxp://astromenda.com/?f=7&a=ast_frg01_14_35_ff&cd=2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEtByC0FzyyB0DtDtDyBtN0D0Tzu0SzyyBtAtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzztByE0FzztD0BtGtCtC0F0DtG0AyCtA0CtGtAtDtByBtGyEyD0CyDzztCzyzytBtD0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0DtBtDtCyB0FtGzy0CyEyEtGyEyDzytCtGzy0AyCyEtGyEtDtB0EyE0DtAtDtAyC0FyC2Q&cr=2048917834&ir="]},"sync":{}}), Ersetzt,[eadc31f83f5b52e458e269355ca88080]
PUP.Optional.Astromenda, C:\Users\Nici\AppData\Roaming\Mozilla\Firefox\Profiles\2qifn27a.default\prefs.js, Gut: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Schlecht: (user_pref("browser.startup.homepage", "hxxp://astromenda.com), Ersetzt,[695d72b79406e353fc2f8c1327ddf010]
Physische Sektoren: 0
(keine bösartigen Elemente erkannt)
(end)
Und SpyBots Log von heute: Code:
Search results from Spybot - Search & Destroy
29.07.2016 15:42:56
Scan took 01:21:42.
114 items found.
DownloadSponsor: [SBI $CC437C6B] Settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\OCS\lastPID
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DownloadSponsor: [SBI $980DE8E4] Settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\OCS\PID
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\c.paypal.com\PayPalLSO.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=97
Properties.md5=E43EFCD081F0728540CCD7C6AFB0B439
Properties.filedate=1465647983
Properties.filedatetext=2016-06-11 12:26:22
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\entitlement.auth.adobe.com\authorization_access.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=61
Properties.md5=9E312161293F076A548E956986AC759E
Properties.filedate=1464022892
Properties.filedatetext=2016-05-23 17:01:31
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\entitlement.auth.adobe.com\social_data.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=48
Properties.md5=63E9DAD470D48185301EDB97B6C6AC64
Properties.filedate=1464022808
Properties.filedatetext=2016-05-23 17:00:07
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\images-na.ssl-images-amazon.com\mercury.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=69
Properties.md5=F74208F486570404E684F06FF0E758D5
Properties.filedate=1462205644
Properties.filedatetext=2016-05-02 16:14:03
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\prs3.midasplayer.com\kingdom-profile.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=65
Properties.md5=7D3A350F8793DF4B7DB70BDBE8035513
Properties.filedate=1462563112
Properties.filedatetext=2016-05-06 19:31:52
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\s.yimg.com\com.conviva.livePass.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=239
Properties.md5=32D6656686F1F9822664D67089DB01DE
Properties.filedate=1462474940
Properties.filedatetext=2016-05-05 19:02:20
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\s.ytimg.com\soundData.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=40
Properties.md5=31762F6F466719F9AF8E0656DCB64022
Properties.filedate=1466195270
Properties.filedatetext=2016-06-17 20:27:50
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\www.player.filmtrailer.com\analytics.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=419
Properties.md5=A770027FFF21041A88B8DFB4547BA9B2
Properties.filedate=1463526091
Properties.filedatetext=2016-05-17 23:01:30
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\www.tripadvisor.at\TA.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=62
Properties.md5=79376BCB45AFBB298862D9999CBF24CD
Properties.filedate=1464189893
Properties.filedatetext=2016-05-25 15:24:52
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\d3op16id4dloxg.cloudfront.net\dedupe.swf\glbl.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=70
Properties.md5=C0C2EB542CA3E7360E1692F2A4CCA08B
Properties.filedate=1463833442
Properties.filedatetext=2016-05-21 12:24:01
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\proxy-nl.hide.me\go.php\emp.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=125
Properties.md5=1AF2A7F33B4E41A8392BB6234A91DDCE
Properties.filedate=1463948312
Properties.filedatetext=2016-05-22 20:18:31
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\skype.com\#ui\preferences.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=234
Properties.md5=CD6EE4D9131742A3A2ED84F04A4B304F
Properties.filedate=1469732451
Properties.filedatetext=2016-07-28 19:00:51
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\soda1.midasplayer.com\Client.swf\grid_hint_database.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=100
Properties.md5=EB0B7C952D2035B461AEE71F9DDF7B7E
Properties.filedate=1465594591
Properties.filedatetext=2016-06-10 21:36:31
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\soda1.midasplayer.com\Client.swf\interstitial_timeout.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=60
Properties.md5=C4F09226A908101B6B03199E80CFBC3B
Properties.filedate=1465587670
Properties.filedatetext=2016-06-10 19:41:09
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\soda1.midasplayer.com\Client.swf\juego-starlevel.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=46
Properties.md5=316879C3F47F447DD0A5999D293FA129
Properties.filedate=1465589136
Properties.filedatetext=2016-06-10 20:05:35
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\soda1.midasplayer.com\Client.swf\messages.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=43
Properties.md5=3CEBA06F77F7CA5C5A21B840113362A6
Properties.filedate=1465587667
Properties.filedatetext=2016-06-10 19:41:07
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\wm1.midasplayer.com\WordMashSaga.swf\juego-starlevel.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=46
Properties.md5=316879C3F47F447DD0A5999D293FA129
Properties.filedate=1461958758
Properties.filedatetext=2016-04-29 19:39:18
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\prs3.midasplayer.com\swf\PetRescue.swf\LocalStorageUserData.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=131
Properties.md5=9D9F604DEAB409522CBA2977471F50AA
Properties.filedate=1468153512
Properties.filedatetext=2016-07-10 12:25:12
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\prs3.midasplayer.com\swf\PetRescue.swf\pr_hard_level_last_episode.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=95
Properties.md5=CE09A7BEA147BEC4B4D8C647E78F864D
Properties.filedate=1467670133
Properties.filedatetext=2016-07-04 22:08:53
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\prs3.midasplayer.com\swf\PetRescue.swf\pr_hard_level_last_level.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=93
Properties.md5=882824BC3248F405266A36A548C18150
Properties.filedate=1467670133
Properties.filedatetext=2016-07-04 22:08:53
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\prs3.midasplayer.com\swf\PetRescue.swf\pr_hard_level_number_of_fails.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=98
Properties.md5=635CDECE84ED295EDE68744CAA52AC0B
Properties.filedate=1467670133
Properties.filedatetext=2016-07-04 22:08:53
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\prs3.midasplayer.com\swf\PetRescue.swf\pr_mobile_install_offer.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=108
Properties.md5=A45DCACE0E235B3E695C870AD48C315D
Properties.filedate=1469483228
Properties.filedatetext=2016-07-25 21:47:07
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\prs3.midasplayer.com\swf\PetRescue.swf\pr_tutorial.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=156
Properties.md5=49135BD961EB337C61FF9283FA2F2151
Properties.filedate=1467669577
Properties.filedatetext=2016-07-04 21:59:37
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\prs3.midasplayer.com\swf\PetRescue.swf\storyLives.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=44
Properties.md5=6B62639080B21F0A42D8FD39A09D8BC3
Properties.filedate=1461525759
Properties.filedatetext=2016-04-24 19:22:39
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\prs3.midasplayer.com\swf\PetRescue.swf\WEATHER_WELCOME_DIALOG_SHOWN.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=103
Properties.md5=5D497C6D96D2CF1E9DC1B675D70D01A8
Properties.filedate=1465215013
Properties.filedatetext=2016-06-06 12:10:13
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\www.bbc.co.uk\emp\10player.swf\emp.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=125
Properties.md5=6054C627C03699592B5E2BFE4DAFAE28
Properties.filedate=1463946466
Properties.filedatetext=2016-05-22 19:47:45
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\www.filmon.com\#com.junkbyte\Console\UserData.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=105
Properties.md5=9A2B16BB37D5F91AF25A08399047A526
Properties.filedate=1466799448
Properties.filedatetext=2016-06-24 20:17:27
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Nici\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EHL3NZ97\www.marketagent.com\MA_WebResources\sharedObject.swf\ma_ugc.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=89
Properties.md5=DCABDC6CA24E25F722D3D05D81364EBA
Properties.filedate=1462997665
Properties.filedatetext=2016-05-11 20:14:25
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Internet Explorer (Benutzer): Nici) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
CoreMetrics: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
FastClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
FastClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WebTrends live: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: Nici (default-1450547907328)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WebTrends live: [SBI $4E2AF2AC] Tracking cookie (Thunderbird: Nici (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Thunderbird: Nici (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Internet Explorer\TypedURLs
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1003\Software\Microsoft\Internet Explorer\TypedURLs
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Microsoft Management Console\Recent File List
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1003\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Ulead Gif Animator 5.05: [SBI $1E35409D] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Ulead Systems\Ulead GIF Animator\5.05\Recent File List
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Ulead Gif Animator 5.05: [SBI $5E698A90] Last open video folder (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Ulead Systems\Ulead GIF Animator\5.05\UI Settings\OpenVDir
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Ulead Gif Animator 5.05: [SBI $5BF40CE3] Last save as gif folder (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Ulead Systems\Ulead GIF Animator\5.05\UI Settings\Save GIF File Dir
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Ulead Gif Animator 5.05: [SBI $9CCDCA12] Last save folder (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Ulead Systems\Ulead GIF Animator\5.05\UI Settings\SaveDir
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Ulead VideoStudio 5.0: [SBI $7F6F8CD8] Recent audio folder list (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Ulead Systems\VIO\Recent Dir
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $7E93AD81] Open with list - .CSS extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\WinRAR\ArcHistory
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WinRAR: [SBI $A59A1C0A] Recent exe file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\WinRAR\DialogEditHistory\ArcName
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\WinRAR\General\LastFolder
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2512360697-3570823552-3435949131-1000\Software\WinRAR\DialogEditHistory\ExtrPath
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Cookie: [SBI $49804B54] Browser: Cookie (37) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Cache: [SBI $49804B54] Browser: Cache (1290) (Browser: Cache, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Verlauf: [SBI $49804B54] Browser: History (188) (Browser: History, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Cookie: [SBI $49804B54] Browser: Cookie (3215) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Cookie: [SBI $49804B54] Browser: Cookie (167) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Verlauf: [SBI $49804B54] Browser: History (9579) (Browser: History, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
--- Spybot - Search & Destroy version: 2.6.44.134 DLL (build: 20160321) ---
2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2016-03-21 SDCleaner.exe (2.6.44.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2016-03-21 SDImmunize.exe (2.6.44.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2016-03-21 SDScan.exe (2.6.44.181)
2014-06-24 SDScript.exe (2.4.40.54)
2016-03-21 SDSettings.exe (2.6.44.141)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2016-05-02 spybotsd2-install-iefreezefix.exe (2.4.40.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2015-03-25 spybotsd2-translation-hrx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)
2016-07-29 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2016-03-21 DelZip192.dll (1.9.2.132)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2015-03-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2016-03-21 SDScanLibrary.dll (2.6.44.134)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2015-04-22 Includes\Adware-000.sbi (*)
2015-08-05 Includes\Adware-001.sbi (*)
2016-07-27 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2015-07-29 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2016-07-06 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2015-12-23 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2016-05-27 Includes\Keyloggers-000.sbi (*)
2016-07-27 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2016-06-14 Includes\Malware-002.sbi (*)
2015-11-19 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2016-07-06 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2016-07-27 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2015-12-02 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2016-07-27 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-31 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2016-07-19 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2016-02-03 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*) |