Facebookvirus verschickt über meinen Account Links

Sarah1109199 · 19.11.2011, 12:04

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-11-19.03 - MSI Mobile 19.11.2011  11:29:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1955 [GMT 1:00]
ausgeführt von:: c:\users\MSI Mobile\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\muzapp.exe
c:\windows\UA000061.DLL
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-19 bis 2011-11-19  ))))))))))))))))))))))))))))))
.
.
2011-11-19 10:38 . 2011-11-19 10:38	--------	d-----w-	c:\users\MSI Mobile\AppData\Local\temp
2011-11-19 10:38 . 2011-11-19 10:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-19 09:38 . 2011-11-19 09:38	63115	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-11-19 09:38 . 2011-11-19 09:38	9310	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-11-19 09:38 . 2011-11-19 09:38	8646	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-11-19 09:38 . 2011-11-19 09:38	8613	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-11-19 09:38 . 2011-11-19 09:38	6429	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-11-19 09:38 . 2011-11-19 09:38	5927	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-11-19 09:38 . 2011-11-19 09:38	4599	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-11-19 09:38 . 2011-11-19 09:38	6910	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-11-19 09:38 . 2011-11-19 09:38	1651	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-11-19 09:37 . 2011-11-19 09:37	8288	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-11-19 09:37 . 2011-11-19 09:37	6208	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-11-19 09:37 . 2011-11-19 09:37	18541	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-11-19 09:37 . 2011-11-19 09:37	51852	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-11-19 09:37 . 2011-11-19 09:37	23327	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-11-19 09:37 . 2011-11-19 09:37	20719	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-11-19 09:37 . 2011-11-19 09:37	8782	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-11-19 09:37 . 2011-11-19 09:37	7271	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-11-18 13:47 . 2011-11-18 13:47	--------	d-----w-	C:\_OTL
2011-11-14 22:34 . 2011-11-14 22:34	--------	d-----w-	c:\program files\ESET
2011-11-13 16:49 . 2011-11-18 13:47	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-11-13 16:49 . 2011-11-13 18:25	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-11-11 20:51 . 2011-11-11 20:51	--------	d-----w-	c:\users\MSI Mobile\AppData\Roaming\Malwarebytes
2011-11-11 20:51 . 2011-11-11 20:51	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-11 20:50 . 2011-11-11 20:51	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-11-11 20:50 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-09 13:37 . 2011-10-17 11:41	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 13:37 . 2011-09-20 21:02	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 13:32 . 2011-09-30 15:57	707584	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-10-27 10:40 . 2011-08-13 04:43	6144	----a-w-	c:\program files\Internet Explorer\iecompat.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 23:06 . 2011-10-16 11:12	916480	----a-w-	c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-16 11:12	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-16 11:12	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-16 11:12	109056	----a-w-	c:\windows\system32\iesysprep.dll
2011-09-30 23:01 . 2011-10-16 11:12	71680	----a-w-	c:\windows\system32\iesetup.dll
2011-09-30 22:07 . 2011-10-16 11:12	385024	----a-w-	c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-16 11:12	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-16 10:52	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-09-06 13:30 . 2011-10-14 12:17	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-08-25 16:15 . 2011-10-14 14:15	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-14 14:15	238080	----a-w-	c:\windows\system32\oleacc.dll
2011-08-25 16:14 . 2011-10-14 14:15	563712	----a-w-	c:\windows\system32\oleaut32.dll
2011-08-25 13:31 . 2011-10-14 14:15	4096	----a-w-	c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"DAEMON Tools Lite"="d:\programme\Daemon Tools\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"rfxsrvtray"="d:\tobit radio.fx\Client\rfx-tray.exe" [2011-07-28 1851224]
"Facebook Update"="c:\users\MSI Mobile\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-09 137536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-24 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-24 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-20 6265376]
"Skytel"="Skytel.exe" [2008-08-20 1833504]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-09-22 708608]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"iTunesHelper"="d:\programme\i tunes\iTunesHelper.exe" [2011-04-14 421160]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"avgnt"="d:\programme\Avira_AntiVir\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3700083461-3758754058-1150892198-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\Drivers\mfpec.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-16 136176]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2008-08-26 159744]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-16 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-12-21 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-12-21 123648]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2010-12-21 100224]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WUSBVBus;MFP Server Detector;c:\windows\system32\DRIVERS\mfpvbus.sys [x]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-21 691696]
S1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];c:\windows\system32\drivers\Sleen16.sys [2007-10-11 10:24 79104]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 AntiVirSchedulerService;Avira AntiVir Planer;d:\programme\Avira_AntiVir\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 Radio.fx;Radio.fx Server;d:\tobit radio.fx\Server\rfx-server.exe [2011-11-18 3673944]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WTGService;WTGService;d:\programme\Verbindungsassi Aldi\wtgservice.exe [2010-12-14 330696]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-28 54784]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-05-19 380416]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700083461-3758754058-1150892198-1000Core.job
- c:\users\MSI Mobile\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-09 15:34]
.
2011-11-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700083461-3758754058-1150892198-1000UA.job
- c:\users\MSI Mobile\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-09 15:34]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-16 13:10]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-16 13:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uDefault_Search_URL = 
uSearchAssistant = 
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - 
FF - ProfilePath - c:\users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-KiesPDLR - c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-19 11:38
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-11-19  11:41:43
ComboFix-quarantined-files.txt  2011-11-19 10:41
.
Vor Suchlauf: 9 Verzeichnis(se), 12.864.409.600 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 12.166.873.088 Bytes frei
.
- - End Of File - - F3FDD2E11743BC6454661D1584EB7C8C

--- --- ---

cosinus · 20.11.2011, 12:19

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Sarah1109199 · 20.11.2011, 19:56

GMER:GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-20 19:54:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0
Running: lptb88dq.exe; Driver: C:\Users\MSIMOB~1\AppData\Local\Temp\uwliiuob.sys


---- System - GMER 1.0.15 ----

SSDT      90820BEE                                                                                                            ZwCreateSection
SSDT      90820BF3                                                                                                            ZwSetContextThread
SSDT      90820B8F                                                                                                            ZwTerminateProcess

INT 0x72  ?                                                                                                                   88D0FF00
INT 0x82  ?                                                                                                                   88D0FF00
INT 0x82  ?                                                                                                                   88D0FF00
INT 0x92  ?                                                                                                                   88D0FF00
INT 0xA2  ?                                                                                                                   88D0FF00
INT 0xB2  ?                                                                                                                   87522BF8
INT 0xB2  ?                                                                                                                   88D0FF00
INT 0xB2  ?                                                                                                                   88D0FF00
INT 0xB2  ?                                                                                                                   87522BF8

---- Kernel code sections - GMER 1.0.15 ----

.text     ntkrnlpa.exe!KeSetEvent + 215                                                                                       842F9998 4 Bytes  [EE, 0B, 82, 90]
.text     ntkrnlpa.exe!KeSetEvent + 56D                                                                                       842F9CF0 4 Bytes  [F3, 0B, 82, 90]
.text     ntkrnlpa.exe!KeSetEvent + 621                                                                                       842F9DA4 4 Bytes  [8F, 0B, 82, 90]
?         System32\Drivers\spdv.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !
.text     C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                            section is writeable [0x90002320, 0x3F54F7, 0xE8000020]
.text     USBPORT.SYS!DllUnload                                                                                               8FE3341B 5 Bytes  JMP 88D0F4E0 
.text     a4zkqmvz.SYS                                                                                                        8C3C5000 22 Bytes  [82, 13, 22, 84, 6C, 12, 22, ...]
.text     a4zkqmvz.SYS                                                                                                        8C3C5017 137 Bytes  [00, 32, 07, 79, 80, 3D, 05, ...]
.text     a4zkqmvz.SYS                                                                                                        8C3C50A1 43 Bytes  [60, 2F, 84, 74, 56, 29, 84, ...]
.text     a4zkqmvz.SYS                                                                                                        8C3C50CE 10 Bytes  [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text     a4zkqmvz.SYS                                                                                                        8C3C50DA 12 Bytes  [00, 00, 02, 00, 00, 00, 24, ...]
.text     ...                                                                                                                 
.vmp2     C:\Windows\system32\drivers\acedrv11.sys                                                                            entry point in ".vmp2" section [0x83CFD69D]
?         C:\Users\MSIMOB~1\AppData\Local\Temp\aswMBR.sys                                                                     Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text     D:\Tobit Radio.fx\Server\rfx-server.exe[2700] kernel32.dll!SetUnhandledExceptionFilter                              7598A8C5 5 Bytes  JMP 00641870 D:\Tobit Radio.fx\Server\rfx-server.exe
.text     C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2936] kernel32.dll!SetUnhandledExceptionFilter               7598A8C5 5 Bytes  JMP 5D625465 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text     C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2936] ole32.dll!OleLoadFromStream                            75FB1E80 5 Bytes  JMP 5D94B771 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text     D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!SetScrollRange                                               7567D185 5 Bytes  JMP 1006DE70 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!DefWindowProcA                                               7567DB88 7 Bytes  JMP 10036120 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!GetSysColorBrush                                             7567E21C 5 Bytes  JMP 100604D0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!GetScrollInfo                                                7567F073 7 Bytes  JMP 1006DD40 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!ShowScrollBar                                                7567F8AE 5 Bytes  JMP 1006DEC0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!SetScrollInfo                                                756871D8 7 Bytes  JMP 1006DDF0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!GetSysColor                                                  75689BF6 5 Bytes  JMP 10060490 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!DrawFrameControl                                             7569676D 7 Bytes  JMP 1005E040 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!EnableScrollBar                                              7569AF53 7 Bytes  JMP 1006DD00 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!EndDialog                                                    756A326E 5 Bytes  JMP 10036100 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!GetScrollPos                                                 756A337D 5 Bytes  JMP 1006DD80 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!GetScrollRange                                               756A34A5 5 Bytes  JMP 1006DDB0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!SetScrollPos                                                 756A3602 5 Bytes  JMP 1006DE30 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Programme\Mozilla Firefox\plugin-container.exe[4268] USER32.dll!SetWindowLongA                                   7567E7CD 5 Bytes  JMP 62AFE349 D:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text     D:\Programme\Mozilla Firefox\plugin-container.exe[4268] USER32.dll!SetWindowLongW                                   756813B4 5 Bytes  JMP 62AFE2DB D:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text     D:\Programme\Mozilla Firefox\plugin-container.exe[4268] USER32.dll!GetWindowInfo                                    7568428E 5 Bytes  JMP 628B89A7 D:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text     D:\Programme\Mozilla Firefox\plugin-container.exe[4268] USER32.dll!TrackPopupMenu                                   756914F3 5 Bytes  JMP 628B8F65 D:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text     D:\Programme\Mozilla Firefox\firefox.exe[4276] ntdll.dll!LdrLoadDll                                                 76EE93A8 5 Bytes  JMP 6273FAE0 D:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text     D:\Tobit Radio.fx\Client\rfx-client.exe[5484] kernel32.dll!SetUnhandledExceptionFilter                              7598A8C5 5 Bytes  JMP 100ACD60 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!SetScrollRange                                             7567D185 5 Bytes  JMP 1006DE70 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!DefWindowProcA                                             7567DB88 7 Bytes  JMP 10036120 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!GetSysColorBrush                                           7567E21C 5 Bytes  JMP 100604D0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!GetScrollInfo                                              7567F073 7 Bytes  JMP 1006DD40 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!ShowScrollBar                                              7567F8AE 5 Bytes  JMP 1006DEC0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!SetScrollInfo                                              756871D8 7 Bytes  JMP 1006DDF0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!GetSysColor                                                75689BF6 5 Bytes  JMP 10060490 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!DrawFrameControl                                           7569676D 7 Bytes  JMP 1005E040 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!EnableScrollBar                                            7569AF53 7 Bytes  JMP 1006DD00 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!EndDialog                                                  756A326E 5 Bytes  JMP 10036100 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!GetScrollPos                                               756A337D 5 Bytes  JMP 1006DD80 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!GetScrollRange                                             756A34A5 5 Bytes  JMP 1006DDB0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text     D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!SetScrollPos                                               756A3602 5 Bytes  JMP 1006DE30 D:\Tobit Radio.fx\Client\TOBITCLT.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                           [806946D6] \SystemRoot\System32\Drivers\spdv.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                            [80694042] \SystemRoot\System32\Drivers\spdv.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                    [80694800] \SystemRoot\System32\Drivers\spdv.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                           [806940C0] \SystemRoot\System32\Drivers\spdv.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                     [8069413E] \SystemRoot\System32\Drivers\spdv.sys
IAT       \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [806A3B90] \SystemRoot\System32\Drivers\spdv.sys
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortNotification]                                          CC358B04
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortWritePortUchar]                                        838C3EBF
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortWritePortUlong]                                        458B38C6
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                    A5A5A514
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                         [100D8BA5] \Programme\Daemon Tools\DAEMON Tools Lite\Engine.dll
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                  5F8C3E90
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortReadPortUchar]                                         30810889
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortStallExecution]                                        54771129
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortGetParentBusType]                                      10C25D5E
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortRequestCallback]                                       8B55CC00
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                 084D8BEC
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                  0CF0918B
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortCompleteRequest]                                       458B0000
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortMoveMemory]                                            8B108910
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                             000CF491
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                04508900
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                  053C7980
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortReadPortUshort]                                        560C558B
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                  C6127557
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortInitialize]                                            B18D0502
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortGetDeviceBase]                                         00000CF8
IAT       \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortDeviceStateChange]                                     A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT       C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                [73A17817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                 [73A6A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                             [73A1BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                       [73A0F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                 [73A175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                              [73A0E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                  [73A48395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                     [73A1DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                             [73A0FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                              [73A0FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                               [73A071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                       [73A9CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                          [73A3C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                             [73A0D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                       [73A06853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                      [73A0687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                         [73A12AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                              875251F8
Device    \Driver\volmgr \Device\VolMgrControl                                                                                86B911F8
Device    \Driver\PCI_PNP6065 \Device\00000050                                                                                spdv.sys
Device    \Driver\usbuhci \Device\USBPDO-0                                                                                    88CD2500
Device    \Driver\usbuhci \Device\USBPDO-1                                                                                    88CD2500
Device    \Driver\usbuhci \Device\USBPDO-2                                                                                    88CD2500
Device    \Driver\usbehci \Device\USBPDO-3                                                                                    88CBD1F8
Device    \Driver\usbuhci \Device\USBPDO-4                                                                                    88CD2500
Device    \Driver\usbuhci \Device\USBPDO-5                                                                                    88CD2500
Device    \Driver\usbuhci \Device\USBPDO-6                                                                                    88CD2500
Device    \Driver\volmgr \Device\HarddiskVolume1                                                                              86B911F8
Device    \Driver\usbehci \Device\USBPDO-7                                                                                    88CBD1F8
Device    \Driver\cdrom \Device\CdRom0                                                                                        88E321F8
Device    \Driver\volmgr \Device\HarddiskVolume2                                                                              86B911F8
Device    \Driver\netbt \Device\NetBT_Tcpip_{AE49E988-18DE-464E-B24C-F2111873A485}                                            8A3101F8
Device    \Driver\iaStor \Device\Ide\iaStor0                                                                                  [8C2B3A60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                       [8C2B3A60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                       [8C2B3A60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\cdrom \Device\CdRom1                                                                                        88E321F8
Device    \Driver\sptd \Device\319586075                                                                                      spdv.sys
Device    \Driver\netbt \Device\NetBt_Wins_Export                                                                             8A3101F8
Device    \Driver\Smb \Device\NetbiosSmb                                                                                      8A2C91F8
Device    \Driver\iScsiPrt \Device\RaidPort0                                                                                  88F161F8
Device    \Driver\usbuhci \Device\USBFDO-0                                                                                    88CD2500
Device    \Driver\usbuhci \Device\USBFDO-1                                                                                    88CD2500
Device    \Driver\usbuhci \Device\USBFDO-2                                                                                    88CD2500
Device    \Driver\usbehci \Device\USBFDO-3                                                                                    88CBD1F8
Device    \Driver\usbuhci \Device\USBFDO-4                                                                                    88CD2500
Device    \Driver\usbuhci \Device\USBFDO-5                                                                                    88CD2500
Device    \Driver\usbuhci \Device\USBFDO-6                                                                                    88CD2500
Device    \Driver\netbt \Device\NetBT_Tcpip_{42D05106-6CA9-499D-9DBC-0658FD350B0D}                                            8A3101F8
Device    \Driver\usbehci \Device\USBFDO-7                                                                                    88CBD1F8
Device    \Driver\a4zkqmvz \Device\Scsi\a4zkqmvz1Port2Path0Target0Lun0                                                        88E1C1F8
Device    \Driver\a4zkqmvz \Device\Scsi\a4zkqmvz1                                                                             88E1C1F8
Device    \FileSystem\cdfs \Cdfs                                                                                              8B1861F8

---- Registry - GMER 1.0.15 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 D:\Programme\Daemon Tools\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x0D 0x5D 0x81 0xA6 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xF8 0x8A 0xB1 0x4B ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xEA 0xA2 0x33 0xDA ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     D:\Programme\Daemon Tools\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x0D 0x5D 0x81 0xA6 ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xF8 0x8A 0xB1 0x4B ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xEA 0xA2 0x33 0xDA ...
Reg       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart B110 series@ChangeID                 17480598

---- EOF - GMER 1.0.15 ----

--- --- ---

Sarah1109199 · 20.11.2011, 19:57

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 16:08:31 on 20.11.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 7.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-3700083461-3758754058-1150892198-1000Core.job" - "Facebook Inc." - C:\Users\MSI Mobile\AppData\Local\Facebook\Update\FacebookUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-3700083461-3758754058-1150892198-1000UA.job" - "Facebook Inc." - C:\Users\MSI Mobile\AppData\Local\Facebook\Update\FacebookUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a4zkqmvz" (a4zkqmvz) - "Microsoft Corporation" - C:\Windows\system32\drivers\a4zkqmvz.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\MSIMOB~1\AppData\Local\Temp\catchme.sys  (File not found)
"dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\Windows\system32\drivers\mbamswissarmy.sys  (File not found)
"MFP Server Detector" (WUSBVBus) - ? - C:\Windows\System32\DRIVERS\mfpvbus.sys  (File not found)
"MFP Server Enhanced Controller" (ALIWEHCD) - ? - C:\Windows\System32\Drivers\mfpec.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Steganos Live Encryption Engine 16 [Driver]" (SLEE_16_DRIVER) - "Softwareentwicklung Remus - ArchiCrypt " - C:\Windows\system32\drivers\Sleen16.sys
"uwliiuob" (uwliiuob) - ? - C:\Users\MSIMOB~1\AppData\Local\Temp\uwliiuob.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{F2DDE6B2-9684-4A55-86D4-E255E237B77C} "avgsecuritytoolbar" - ? - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll  (File not found)
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - D:\Programme\i tunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10k.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "D:\Programme\Daemon Tools\DAEMON Tools Lite\DTLite.exe" -autorun
"Facebook Update" - "Facebook Inc." - "C:\Users\MSI Mobile\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"rfxsrvtray" - "Tobit.Software" - "D:\Tobit Radio.fx\Client\rfx-tray.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\avgnt.exe" /min
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"iTunesHelper" - "Apple Inc." - "D:\Programme\i tunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MGSysCtrl" - "Mirco-Star International  CO., LTD." - C:\Program Files\System Control Manager\MGSysCtrl.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"Ulead AutoDetector v2" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"EPSON Stylus SX400 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\E_FLBEGE.DLL
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\sched.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Micro Star SCM" (Micro Star SCM) - ? - C:\Program Files\System Control Manager\MSIService.exe  (File found, but it contains no detailed information)
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Radio.fx Server" (Radio.fx) - ? - D:\Tobit Radio.fx\Server\rfx-server.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"WTGService" (WTGService) - ? - D:\Programme\Verbindungsassi Aldi\wtgservice.exe  (File found, but it contains no detailed information)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

Sarah1109199 · 20.11.2011, 19:57

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-20 16:30:44
-----------------------------
16:30:44.883 OS Version: Windows 6.0.6002 Service Pack 2
16:30:44.884 Number of processors: 2 586 0xF0D
16:30:44.886 ComputerName: MSIMOBILE-PC UserName: MSI Mobile
16:30:45.634 Initialize success
16:47:27.777 AVAST engine defs: 11112000
16:52:09.705 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:52:09.713 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
16:52:11.940 Disk 0 MBR read successfully
16:52:11.953 Disk 0 MBR scan
16:52:12.037 Disk 0 Windows VISTA default MBR code
16:52:12.075 Disk 0 scanning sectors +625139712
16:52:12.418 Disk 0 scanning C:\Windows\system32\drivers
16:53:29.109 Service scanning
16:53:30.358 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:53:30.998 Modules scanning
16:55:28.527 Disk 0 trace - called modules:
16:55:28.607 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spdv.sys hal.dll >>UNKNOWN [0x874db938]<<
16:55:28.619 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x880f30d8]
16:55:29.002 3 CLASSPNP.SYS[8c9ac8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8756e028]
16:55:29.478 AVAST engine scan C:\Windows
16:56:19.383 AVAST engine scan C:\Windows\system32
17:05:10.203 AVAST engine scan C:\Windows\system32\drivers
17:05:26.550 AVAST engine scan C:\Users\MSI Mobile
17:23:15.636 AVAST engine scan C:\ProgramData
17:27:26.282 Scan finished successfully
17:27:56.752 Disk 0 MBR has been saved successfully to "C:\Users\MSI Mobile\Desktop\MBR.dat"
17:27:56.769 The log file has been saved successfully to "C:\Users\MSI Mobile\Desktop\aswMBR.txt"

cosinus · 21.11.2011, 10:13

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Sarah1109199 · 23.11.2011, 21:10

Also hier schonmal die Logdatein von Malwarebytes, schaut gut aus, es wurden keine infizierten Dateien gefunden. Vielen Dank schonmal!
Den Rest kann ich erst am Freitag versuchen, Internetverbindung ist hier schlecht wo ich bin.

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8226

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

23.11.2011 20:40:52
mbam-log-2011-11-23 (20-40-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 328068
Laufzeit: 1 Stunde(n), 5 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Lg Sarah

Sarah1109199 · 25.11.2011, 22:18

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 11/25/2011 at 10:13 PM

Application Version : 5.0.1136

Core Rules Database Version : 7987
Trace Rules Database Version: 5799

Scan type : Quick Scan
Total Scan Time : 00:06:25

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 740
Memory threats detected : 0
Registry items scanned : 30279
Registry threats detected : 0
File items scanned : 7275
File threats detected : 382

Adware.Tracking Cookie
C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Windows\Cookies\msi_mobile@adx.chip[2].txt [ /adx.chip ]
C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Windows\Cookies\msi_mobile@atwola[1].txt [ /atwola ]
C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Windows\Cookies\msi_mobile@avgtechnologies.112.2o7[1].txt [ /avgtechnologies.112.2o7 ]
C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Windows\Cookies\msi_mobile@serving-sys[2].txt [ /serving-sys ]
C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Windows\Cookies\msi_mobile@smartadserver[1].txt [ /smartadserver ]
C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Windows\Cookies\msi_mobile@tracking.quisma[1].txt [ /tracking.quisma ]
C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Windows\Cookies\AFVJYE12.txt [ /atdmt.com ]
.lfstmedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
C:\USERS\MSI MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\P39FH2S4.txt [ Cookie:msi mobile@yadro.ru/ ]
C:\USERS\MSI MOBILE\Cookies\AFVJYE12.txt [ Cookie:msi mobile@atdmt.com/ ]
.adxpose.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.vodafonegroup.122.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
C:\USERS\MSI MOBILE\Cookies\msi_mobile@tracking.quisma[1].txt [ Cookie:msi mobile@tracking.quisma.com/ ]
.msnportal.112.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
C:\USERS\MSI MOBILE\Cookies\msi_mobile@smartadserver[1].txt [ Cookie:msi mobile@smartadserver.com/ ]
.weborama.fr [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
C:\USERS\MSI MOBILE\Cookies\msi_mobile@avgtechnologies.112.2o7[1].txt [ Cookie:msi mobile@avgtechnologies.112.2o7.net/ ]
.liveperson.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.komtrack.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.komtrack.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.avgtechnologies.112.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adserver1.mokono.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adsrv1.admediate.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.sevenoneintermedia.112.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adcentriconline.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adserver.gs [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
upvalue1.easymedia-adserver.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.wissende.122.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
zbox.zanox.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.porn.drei.to [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.porn.drei.to [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.nextag.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.nextag.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.estat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.mediabrandsww.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.e-2dj6aeliciczwfp.stats.esomniture.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.e-2dj6aelyomc5skp.stats.esomniture.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.profilbanner.me [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.azjmp.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.profilbanner.me [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.findix.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.findix.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.stepstone.112.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.cheaptickets.122.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wmliuid5cco.stats.esomniture.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.nail-discount-24.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.nail-discount-24.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.advert-layer.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.advert-layer.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
data.coremetrics.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.cyonix.to [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.cyonix.to [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
tracking.sandstein.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adserver.kino-zeit.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjl4apd5ifp.stats.esomniture.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ads2.bartime.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ibanner.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
new.portal-banner.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.wlw.122.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
pornrush.org [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
pornrush.org [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.matratzendiscount.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.matratzendiscount.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.countomat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adservercentral.info [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.sexgeschichten.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.sexgeschichten.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adserver.gb5.motorpresse.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.pumaonlinestorede.112.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
s4.trafficmaxx.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.snapfish.112.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
counter.search.bg [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.aok.122.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.track.webgains.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.gostats.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.dealtime.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
stat.dealtime.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.sexshop-dildo-king.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.sexshop-dildo-king.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wmloumdpoep.stats.esomniture.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.druckdiscount24.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.druckdiscount24.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.deutschepostag.112.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.sexgeschichten.tv [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.sexgeschichten.tv [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.sexvideos01.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.sexvideos01.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
vidasco.rotator.hadj7.adjuggler.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
vidasco.rotator.hadj7.adjuggler.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adserv.chirurgie-portal.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
NETTO Reifen-Räder-Discount - billig, schnell, kompetent [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.reifendiscount.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
NETTO Reifen-Räder-Discount - billig, schnell, kompetent [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.nextag.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.frontlinegmbh.122.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.uk.at.atwola.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.BurstMedia [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.en.profilbanner.me [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.en.profilbanner.me [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.tracking.mindshare.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
tracking.sim-technik.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
TLDAdserv.com - Ihr Partner für seriöse Auszahlungen [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adserver2.clipkit.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.kursfinder.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.kursfinder.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Finden Sie auf kursfinder.de die passende Weiterbildung! [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.uk.at.atwola.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.uk.at.atwola.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
studivz.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
studivz.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
s1.trafficmaxx.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.elitepartner.ch [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.elitepartner.ch [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.elitepartner.ch [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]

cosinus · 26.11.2011, 13:49

Zitat:

Scan type : Quick Scan

Ich hab extzra geschrieben VOLLSCANS auch mit SASW!

Sarah1109199 · 29.11.2011, 21:43

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 11/29/2011 at 06:28 PM

Application Version : 5.0.1136

Core Rules Database Version : 7996
Trace Rules Database Version: 5808

Scan type : Complete Scan
Total Scan Time : 00:43:32

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 723
Memory threats detected : 0
Registry items scanned : 38194
Registry threats detected : 0
File items scanned : 40926
File threats detected : 12

Adware.Tracking Cookie
delivery.ibanner.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CYNNBZH5 ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-SoftonicDownloader
C:\USERS\MSI MOBILE\DOWNLOADS\SOFTONICDOWNLOADER_FUER_AVIRA-ANTIVIR.EXE

cosinus · 30.11.2011, 12:00

Ok. Softonic-Müll und Cookies. Alles entfernen.
Kommt ESET noch?

Sarah1109199 · 03.12.2011, 14:10

Sorry es hat leider etwas gedauert...also hier Eset:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=722c9f04af97134ab210e502484a64b3
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-14 11:30:46
# local_time=2011-11-15 12:30:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1032 16777214 0 1 15651540 15651540 0 0
# compatibility_mode=1797 16775165 100 94 1491796 57847177 1506964 0
# compatibility_mode=5892 16776574 100 100 23279031 158843084 0 0
# compatibility_mode=8192 67108863 100 0 3909 3909 0 0
# scanned=24453
# found=0
# cleaned=0
# scan_time=3090
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=722c9f04af97134ab210e502484a64b3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-15 10:16:07
# local_time=2011-11-15 11:16:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1032 16777214 0 1 15725181 15725181 0 0
# compatibility_mode=1797 16775165 100 94 3910 57920818 0 0
# compatibility_mode=5892 16776574 100 100 23352672 158916725 0 0
# compatibility_mode=8192 67108863 100 0 77550 77550 0 0
# scanned=169535
# found=3
# cleaned=0
# scan_time=11372
C:\Users\MSI Mobile\AppData\Local\Temp\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\MSI Mobile\Downloads\SoftonicDownloader_fuer_avira-antivir.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\MSI Mobile\Downloads\SoftonicDownloader_fuer_nero-lite.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=722c9f04af97134ab210e502484a64b3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-03 12:47:09
# local_time=2011-12-03 01:47:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1032 16777214 0 1 17246480 17246480 0 0
# compatibility_mode=1797 16775165 100 94 1284505 59442117 1109286 0
# compatibility_mode=5892 16776574 100 100 24873971 160438024 0 0
# compatibility_mode=8192 67108863 100 0 1598849 1598849 0 0
# scanned=174782
# found=3
# cleaned=0
# scan_time=11133
C:\$RECYCLE.BIN\S-1-5-21-3700083461-3758754058-1150892198-1000\$RKBLFWF.exe Win32/InstallCore application (unable to clean) 00000000000000000000000000000000 I
C:\Users\MSI Mobile\AppData\Local\temp\ICReinstall_PDFCreatorSetup.exe Win32/InstallCore application (unable to clean) 00000000000000000000000000000000 I
C:\Users\MSI Mobile\Downloads\SoftonicDownloader_fuer_nero-lite.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I

cosinus · 03.12.2011, 14:51

Die Funde kannst du vernachlässigen. Evtl. mal den Papierkorb leeren.
Rechner soweit wieder im Lot?

Sarah1109199 · 10.12.2011, 14:10

Ja also ich merke nichts mehr, dürfte alles wieder ok sein! Vielen Dank!
Lg Sarah

cosinus · 12.12.2011, 09:45

Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Flashplayer
Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers => Adobe - Andere Version des Adobe Flash Player installieren
(Alternativ bei Chip => http://filepony.de/?q=Flash+Player)

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

30.11.2011, 12:00	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Facebookvirus verschickt über meinen Account Links Ok. Softonic-Müll und Cookies. Alles entfernen. Kommt ESET noch? __________________ Logfiles bitte immer in CODE-Tags posten

03.12.2011, 14:51	#28
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Facebookvirus verschickt über meinen Account Links Die Funde kannst du vernachlässigen. Evtl. mal den Papierkorb leeren. Rechner soweit wieder im Lot? __________________ Logfiles bitte immer in CODE-Tags posten

Facebookvirus verschickt über meinen Account Links

Log-Analyse und Auswertung: Facebookvirus verschickt über meinen Account Links