| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows-Verschlüsselungs-Trojaner auf Win7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.06.2012, 15:25
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Windows-Verschlüsselungs-Trojaner auf Win7 SRy ich hab mich in meinen Bausteinen verklickt   Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.06.2012, 19:09
| #17 |
 | Windows-Verschlüsselungs-Trojaner auf Win7 gmer.txt
__________________Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-22 12:21:14
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000
Running: 03hl90c8.exe; Driver: C:\Users\Ari\AppData\Local\Temp\fxldrpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x94AC6D8C]
SSDT 94C68AAE ZwCreateSection
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x94AC6E3C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x94AC6ED4]
SSDT 94C68AB8 ZwRequestWaitReplyPort
SSDT 94C68AB3 ZwSetContextThread
SSDT 94C68ABD ZwSetSecurityObject
SSDT 94C68AC2 ZwSystemDebugControl
SSDT 94C68A4F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8344F3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83488D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 8348FDA8 4 Bytes [8C, 6D, AC, 94] {MOV WORD [EBP-0x54], GS; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 8348FEAC 4 Bytes [AE, 8A, C6, 94] {SCASB ; MOV AL, DH; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 12B3 8348FF68 4 Bytes [3C, 6E, AC, 94] {CMP AL, 0x6e; LODSB ; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1403 834900B8 4 Bytes [D4, 6E, AC, 94] {AAM 0x6e; LODSB ; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 83490208 4 Bytes [B8, 8A, C6, 94]
.text ...
.text C:\windows\system32\DRIVERS\atipmdag.sys section is writeable [0x9521D000, 0x2CBE50, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[452] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[452] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[452] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[452] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00080A08
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[452] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 000803FC
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[452] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00080804
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[452] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 000801F8
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[452] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00080600
.text C:\windows\system32\csrss.exe[492] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[500] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[500] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[500] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[500] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 004F0A08
.text C:\windows\system32\svchost.exe[500] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 004F03FC
.text C:\windows\system32\svchost.exe[500] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 004F0804
.text C:\windows\system32\svchost.exe[500] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 004F01F8
.text C:\windows\system32\svchost.exe[500] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 004F0600
.text C:\windows\system32\wininit.exe[572] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000303FC
.text C:\windows\system32\wininit.exe[572] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000301F8
.text C:\windows\system32\wininit.exe[572] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\wininit.exe[572] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00050A08
.text C:\windows\system32\wininit.exe[572] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 000503FC
.text C:\windows\system32\wininit.exe[572] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00050804
.text C:\windows\system32\wininit.exe[572] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 000501F8
.text C:\windows\system32\wininit.exe[572] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00050600
.text C:\windows\system32\csrss.exe[584] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\services.exe[624] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\services.exe[624] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\system32\services.exe[624] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\services.exe[624] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00190A08
.text C:\windows\system32\services.exe[624] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001903FC
.text C:\windows\system32\services.exe[624] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00190804
.text C:\windows\system32\services.exe[624] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001901F8
.text C:\windows\system32\services.exe[624] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00190600
.text C:\windows\system32\lsass.exe[636] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\lsass.exe[636] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\system32\lsass.exe[636] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\lsm.exe[644] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\lsm.exe[644] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\system32\lsm.exe[644] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\System Control Manager\MSIService.exe[692] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Program Files\System Control Manager\MSIService.exe[692] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Program Files\System Control Manager\MSIService.exe[692] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\System Control Manager\MSIService.exe[692] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\System Control Manager\MSIService.exe[692] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 002003FC
.text C:\Program Files\System Control Manager\MSIService.exe[692] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00200804
.text C:\Program Files\System Control Manager\MSIService.exe[692] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 002001F8
.text C:\Program Files\System Control Manager\MSIService.exe[692] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00200600
.text C:\windows\system32\svchost.exe[768] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[768] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[768] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[768] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 002C0A08
.text C:\windows\system32\svchost.exe[768] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 002C03FC
.text C:\windows\system32\svchost.exe[768] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 002C0804
.text C:\windows\system32\svchost.exe[768] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 002C01F8
.text C:\windows\system32\svchost.exe[768] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 002C0600
.text C:\windows\system32\winlogon.exe[808] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000303FC
.text C:\windows\system32\winlogon.exe[808] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000301F8
.text C:\windows\system32\winlogon.exe[808] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\winlogon.exe[808] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 000C0A08
.text C:\windows\system32\winlogon.exe[808] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 000C03FC
.text C:\windows\system32\winlogon.exe[808] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 000C0804
.text C:\windows\system32\winlogon.exe[808] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 000C01F8
.text C:\windows\system32\winlogon.exe[808] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 000C0600
.text C:\windows\system32\svchost.exe[904] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[904] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[904] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[904] user32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 001D0A08
.text C:\windows\system32\svchost.exe[904] user32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001D03FC
.text C:\windows\system32\svchost.exe[904] user32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 001D0804
.text C:\windows\system32\svchost.exe[904] user32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001D01F8
.text C:\windows\system32\svchost.exe[904] user32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 001D0600
.text C:\windows\system32\atiesrxx.exe[968] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\windows\system32\atiesrxx.exe[968] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\windows\system32\atiesrxx.exe[968] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\atiesrxx.exe[968] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 001F0A08
.text C:\windows\system32\atiesrxx.exe[968] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001F03FC
.text C:\windows\system32\atiesrxx.exe[968] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 001F0804
.text C:\windows\system32\atiesrxx.exe[968] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001F01F8
.text C:\windows\system32\atiesrxx.exe[968] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1008] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1008] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1008] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1008] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1008] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001003FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1008] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00100804
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1008] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001001F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1008] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00100600
.text C:\windows\System32\svchost.exe[1044] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[1044] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[1044] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[1044] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00140A08
.text C:\windows\System32\svchost.exe[1044] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001403FC
.text C:\windows\System32\svchost.exe[1044] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00140804
.text C:\windows\System32\svchost.exe[1044] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001401F8
.text C:\windows\System32\svchost.exe[1044] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00140600
.text C:\windows\System32\svchost.exe[1076] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[1076] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[1076] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[1076] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 003D0A08
.text C:\windows\System32\svchost.exe[1076] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 003D03FC
.text C:\windows\System32\svchost.exe[1076] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 003D0804
.text C:\windows\System32\svchost.exe[1076] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 003D01F8
.text C:\windows\System32\svchost.exe[1076] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 003D0600
.text C:\windows\system32\svchost.exe[1116] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1116] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1116] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00B10A08
.text C:\windows\system32\svchost.exe[1116] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 00B103FC
.text C:\windows\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00B10804
.text C:\windows\system32\svchost.exe[1116] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 00B101F8
.text C:\windows\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00B10600
.text C:\windows\system32\svchost.exe[1248] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1248] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1248] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1248] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00470A08
.text C:\windows\system32\svchost.exe[1248] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 004703FC
.text C:\windows\system32\svchost.exe[1248] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00470804
.text C:\windows\system32\svchost.exe[1248] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 004701F8
.text C:\windows\system32\svchost.exe[1248] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00470600
.text C:\windows\system32\atieclxx.exe[1280] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\windows\system32\atieclxx.exe[1280] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\windows\system32\atieclxx.exe[1280] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\atieclxx.exe[1280] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 001F0A08
.text C:\windows\system32\atieclxx.exe[1280] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001F03FC
.text C:\windows\system32\atieclxx.exe[1280] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 001F0804
.text C:\windows\system32\atieclxx.exe[1280] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001F01F8
.text C:\windows\system32\atieclxx.exe[1280] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 001F0600
.text C:\windows\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1396] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 02750A08
.text C:\windows\system32\svchost.exe[1396] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 027503FC
.text C:\windows\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 02750804
.text C:\windows\system32\svchost.exe[1396] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 027501F8
.text C:\windows\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 02750600
.text C:\windows\system32\igfxsrvc.exe[1412] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\windows\system32\igfxsrvc.exe[1412] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\windows\system32\igfxsrvc.exe[1412] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\igfxsrvc.exe[1412] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 001F0A08
.text C:\windows\system32\igfxsrvc.exe[1412] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001F03FC
.text C:\windows\system32\igfxsrvc.exe[1412] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 001F0804
.text C:\windows\system32\igfxsrvc.exe[1412] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001F01F8
.text C:\windows\system32\igfxsrvc.exe[1412] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 001F0600
.text C:\windows\system32\svchost.exe[1532] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1532] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1532] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1532] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00130A08
.text C:\windows\system32\svchost.exe[1532] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001303FC
.text C:\windows\system32\svchost.exe[1532] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00130804
.text C:\windows\system32\svchost.exe[1532] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001301F8
.text C:\windows\system32\svchost.exe[1532] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00130600
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1560] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1560] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1560] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1560] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1560] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1560] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1560] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1560] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 001F0600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1584] kernel32.dll!SetUnhandledExceptionFilter 76ACF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1584] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\wbem\unsecapp.exe[1636] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\wbem\unsecapp.exe[1636] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\system32\wbem\unsecapp.exe[1636] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\wbem\unsecapp.exe[1636] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 000F0A08
.text C:\windows\system32\wbem\unsecapp.exe[1636] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 000F03FC
.text C:\windows\system32\wbem\unsecapp.exe[1636] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 000F0804
.text C:\windows\system32\wbem\unsecapp.exe[1636] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 000F01F8
.text C:\windows\system32\wbem\unsecapp.exe[1636] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Samsung\Kies\KiesHelper.exe[1756] KERNEL32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1796] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1796] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1796] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1796] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 001A0A08
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1796] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001A03FC
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1796] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 001A0804
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1796] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001A01F8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1796] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 001A0600
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1832] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1832] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1832] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1832] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1832] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001F03FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1832] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 001F0804
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1832] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001F01F8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1832] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00210600
.text C:\windows\system32\svchost.exe[1880] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1880] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1880] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1936] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1936] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1936] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1936] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1936] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1936] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1936] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1936] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 001F0600
.text C:\windows\System32\spoolsv.exe[2024] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\spoolsv.exe[2024] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\System32\spoolsv.exe[2024] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\System32\spoolsv.exe[2024] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 000E0A08
.text C:\windows\System32\spoolsv.exe[2024] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 000E03FC
.text C:\windows\System32\spoolsv.exe[2024] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 000E0804
.text C:\windows\System32\spoolsv.exe[2024] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 000E01F8
.text C:\windows\System32\spoolsv.exe[2024] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 000E0600
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2144] ntdll.dll!DbgUiRemoteBreakin 77D6F17D 1 Byte [C3]
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2144] KERNEL32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2200] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2200] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2200] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2200] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2200] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2200] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2200] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2200] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00180600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] USER32.dll!SetWindowLongA 76518BA3 5 Bytes JMP 59D9B866 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001003FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00100804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001001F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] USER32.dll!SetWindowLongW 76524449 5 Bytes JMP 59D9B7F8 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] USER32.dll!GetWindowInfo 76524B5E 5 Bytes JMP 59B4D96E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] USER32.dll!TrackPopupMenu 76532228 5 Bytes JMP 59B4DF19 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00100600
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2616] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000503FC
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2616] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000501F8
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2616] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2616] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2616] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2616] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2616] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2616] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 000F0600
.text C:\windows\system32\conhost.exe[2624] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000303FC
.text C:\windows\system32\conhost.exe[2624] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000301F8
.text C:\windows\system32\conhost.exe[2624] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\conhost.exe[2624] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00050A08
.text C:\windows\system32\conhost.exe[2624] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 000503FC
.text C:\windows\system32\conhost.exe[2624] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00050804
.text C:\windows\system32\conhost.exe[2624] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 000501F8
.text C:\windows\system32\conhost.exe[2624] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00050600
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2648] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2648] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2648] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2648] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2648] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2648] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2648] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2648] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 001F0600
.text C:\windows\system32\Dwm.exe[2784] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\Dwm.exe[2784] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\system32\Dwm.exe[2784] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\Dwm.exe[2784] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 000F0A08
.text C:\windows\system32\Dwm.exe[2784] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 000F03FC
.text C:\windows\system32\Dwm.exe[2784] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 000F0804
.text C:\windows\system32\Dwm.exe[2784] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 000F01F8
.text C:\windows\system32\Dwm.exe[2784] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 000F0600
.text C:\windows\system32\taskhost.exe[2792] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000503FC
.text C:\windows\system32\taskhost.exe[2792] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000501F8
.text C:\windows\system32\taskhost.exe[2792] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\taskhost.exe[2792] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 000E0A08
.text C:\windows\system32\taskhost.exe[2792] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 000E03FC
.text C:\windows\system32\taskhost.exe[2792] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 000E0804
.text C:\windows\system32\taskhost.exe[2792] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 000E01F8
.text C:\windows\system32\taskhost.exe[2792] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 000E0600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2816] KERNEL32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[3124] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[3124] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[3124] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[3124] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 008E0A08
.text C:\windows\system32\svchost.exe[3124] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 008E03FC
.text C:\windows\system32\svchost.exe[3124] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 008E0804
.text C:\windows\system32\svchost.exe[3124] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 008E01F8
.text C:\windows\system32\svchost.exe[3124] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 008E0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00BB0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 00BB03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00BB0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 00BB01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00BB0600
.text C:\windows\system32\svchost.exe[3260] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[3260] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[3260] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3296] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3296] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3296] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3296] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00080A08
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3296] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 000803FC
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3296] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00080804
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3296] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 000801F8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3296] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00080600
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3320] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3320] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3320] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3320] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00240A08
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3320] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 002403FC
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3320] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00240804
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3320] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 002401F8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3320] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00240600
.text C:\windows\system32\SearchIndexer.exe[3432] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\SearchIndexer.exe[3432] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\system32\SearchIndexer.exe[3432] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\SearchIndexer.exe[3432] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00090A08
.text C:\windows\system32\SearchIndexer.exe[3432] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 000903FC
.text C:\windows\system32\SearchIndexer.exe[3432] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00090804
.text C:\windows\system32\SearchIndexer.exe[3432] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 000901F8
.text C:\windows\system32\SearchIndexer.exe[3432] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00090600
.text C:\windows\Explorer.EXE[3532] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\Explorer.EXE[3532] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\Explorer.EXE[3532] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\Explorer.EXE[3532] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00110A08
.text C:\windows\Explorer.EXE[3532] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001103FC
.text C:\windows\Explorer.EXE[3532] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00110804
.text C:\windows\Explorer.EXE[3532] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001101F8
.text C:\windows\Explorer.EXE[3532] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00110600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3680] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3680] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3680] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3680] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3680] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3680] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3680] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3680] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00180600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3740] KERNEL32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\AUDIODG.EXE[3768] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Windows\WindowsMobile\wmdc.exe[3792] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\Windows\WindowsMobile\wmdc.exe[3792] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\Windows\WindowsMobile\wmdc.exe[3792] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Windows\WindowsMobile\wmdc.exe[3792] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00190A08
.text C:\Windows\WindowsMobile\wmdc.exe[3792] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001903FC
.text C:\Windows\WindowsMobile\wmdc.exe[3792] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00190804
.text C:\Windows\WindowsMobile\wmdc.exe[3792] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001901F8
.text C:\Windows\WindowsMobile\wmdc.exe[3792] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00190600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3800] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3800] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3800] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3800] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00300A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3800] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 003003FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3800] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00300804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3800] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 003001F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3800] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00300600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 002F0A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 002F03FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 002F0804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 002F01F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 002F0600
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3912] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3912] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3912] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3912] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3912] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3912] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3912] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3912] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\igfxpers.exe[3960] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxpers.exe[3960] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxpers.exe[3960] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[3960] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00310A08
.text C:\Windows\System32\igfxpers.exe[3960] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 003103FC
.text C:\Windows\System32\igfxpers.exe[3960] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00310804
.text C:\Windows\System32\igfxpers.exe[3960] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 003101F8
.text C:\Windows\System32\igfxpers.exe[3960] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00310600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4000] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4000] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4000] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4000] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00190A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4000] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4000] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00190804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4000] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4000] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00190600
.text C:\windows\system32\wbem\wmiprvse.exe[4036] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\wbem\wmiprvse.exe[4036] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\system32\wbem\wmiprvse.exe[4036] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\wbem\wmiprvse.exe[4036] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 000A0A08
.text C:\windows\system32\wbem\wmiprvse.exe[4036] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 000A03FC
.text C:\windows\system32\wbem\wmiprvse.exe[4036] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 000A0804
.text C:\windows\system32\wbem\wmiprvse.exe[4036] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 000A01F8
.text C:\windows\system32\wbem\wmiprvse.exe[4036] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 000A0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00120A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001203FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00120804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001201F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00120600
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[4080] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[4080] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[4080] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[4080] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[4080] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 002003FC
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[4080] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00200804
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[4080] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 002001F8
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[4080] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00200600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4092] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4092] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4092] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4092] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 004D0A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4092] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 004D03FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4092] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 004D0804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4092] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 004D01F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4092] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 004D0600
.text C:\Program Files\msi\Live Update 5\LU5.exe[4224] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001703FC
.text C:\Program Files\msi\Live Update 5\LU5.exe[4224] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001701F8
.text C:\Program Files\msi\Live Update 5\LU5.exe[4224] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\msi\Live Update 5\LU5.exe[4224] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\msi\Live Update 5\LU5.exe[4224] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 002003FC
.text C:\Program Files\msi\Live Update 5\LU5.exe[4224] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00200804
.text C:\Program Files\msi\Live Update 5\LU5.exe[4224] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 002001F8
.text C:\Program Files\msi\Live Update 5\LU5.exe[4224] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00200600
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4336] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4336] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4336] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4336] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4336] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 002003FC
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4336] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00200804
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4336] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 002001F8
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4336] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00200600
.text C:\windows\servicing\TrustedInstaller.exe[4468] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000503FC
.text C:\windows\servicing\TrustedInstaller.exe[4468] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000501F8
.text C:\windows\servicing\TrustedInstaller.exe[4468] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\servicing\TrustedInstaller.exe[4468] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 000F0A08
.text C:\windows\servicing\TrustedInstaller.exe[4468] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 000F03FC
.text C:\windows\servicing\TrustedInstaller.exe[4468] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 000F0804
.text C:\windows\servicing\TrustedInstaller.exe[4468] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 000F01F8
.text C:\windows\servicing\TrustedInstaller.exe[4468] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 000F0600
.text C:\windows\explorer.exe[4524] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\explorer.exe[4524] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\explorer.exe[4524] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\explorer.exe[4524] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00250A08
.text C:\windows\explorer.exe[4524] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 002503FC
.text C:\windows\explorer.exe[4524] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00250804
.text C:\windows\explorer.exe[4524] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 002501F8
.text C:\windows\explorer.exe[4524] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00250600
.text C:\Users\Ari\Downloads\03hl90c8.exe[4744] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Users\Ari\Downloads\03hl90c8.exe[4744] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Users\Ari\Downloads\03hl90c8.exe[4744] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Users\Ari\Downloads\03hl90c8.exe[4744] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00310A08
.text C:\Users\Ari\Downloads\03hl90c8.exe[4744] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 003103FC
.text C:\Users\Ari\Downloads\03hl90c8.exe[4744] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00310804
.text C:\Users\Ari\Downloads\03hl90c8.exe[4744] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 003101F8
.text C:\Users\Ari\Downloads\03hl90c8.exe[4744] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00310600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4784] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4784] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4784] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4784] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4784] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001F03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4784] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 001F0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4784] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001F01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4784] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 001F0600
.text C:\windows\System32\svchost.exe[5220] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[5220] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[5220] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5344] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5344] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5344] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5344] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00300A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5344] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 003003FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5344] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00300804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5344] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 003001F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5344] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00300600
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[5876] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[5876] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 001601F8
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[5876] kernel32.dll!SetUnhandledExceptionFilter 76ACF4FB 5 Bytes JMP 00468140 C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe (DeviceManager.exe/Mobileleader Co., Ltd.)
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[5876] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[5876] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[5876] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[5876] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[5876] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[5876] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 001F0600
.text C:\windows\system32\taskeng.exe[6052] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\taskeng.exe[6052] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\windows\system32\taskeng.exe[6052] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\windows\system32\taskeng.exe[6052] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 000F0A08
.text C:\windows\system32\taskeng.exe[6052] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 000F03FC
.text C:\windows\system32\taskeng.exe[6052] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 000F0804
.text C:\windows\system32\taskeng.exe[6052] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 000F01F8
.text C:\windows\system32\taskeng.exe[6052] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[6096] ntdll.dll!LdrUnloadDll 77D2C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[6096] ntdll.dll!LdrLoadDll 77D3223E 5 Bytes JMP 000601F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[6096] kernel32.dll!GetBinaryTypeW + 70 76AE69F4 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[6096] USER32.dll!UnhookWindowsHookEx 7651ADF9 5 Bytes JMP 00080A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[6096] USER32.dll!UnhookWinEvent 7651B750 5 Bytes JMP 000803FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[6096] USER32.dll!SetWindowsHookExW 7651E30C 5 Bytes JMP 00080804
.text C:\Program Files\Mozilla Firefox\firefox.exe[6096] USER32.dll!SetWinEventHook 765224DC 5 Bytes JMP 000801F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[6096] USER32.dll!SetWindowsHookExA 76546D0C 5 Bytes JMP 00080600
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749B24CB] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7499562E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749956EC] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [749B2546] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [749A85AA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749A4D5E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749A5105] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [749A51DA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [749A6707] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [749A8301] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749A8850] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [749A90B1] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [749AE254] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749A4C90] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipAlloc] [749B24CB] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdiplusStartup] [7499562E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [749956EC] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipFree] [749B2546] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [749A85AA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [749A4D5E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [749A5105] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [749A51DA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [749A6707] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [749A8301] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [749A8850] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [749A90B1] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [749AE254] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipCloneImage] [749A4C90] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002421d25b11
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002421d25b11 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:54:20 on 24.06.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 8.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart (File not found) [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aswFsBlk" (aswFsBlk) - ? - aswFsBlk.sys (File not found) "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - ? - C:\windows\system32\drivers\aswRdr.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\windows\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\windows\system32\drivers\aswSP.sys "avast! Network Shield Support" (aswTdi) - ? - C:\windows\system32\drivers\aswTdi.sys (File not found) "avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\Ari\AppData\Local\Temp\catchme.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\windows\system32\drivers\mbam.sys "MSI_MSIBIOS_010507" (MSI_MSIBIOS_010507) - "Your Corporation" - C:\Program Files\MSI\Live Update 5\msibios32_100507.sys "NTIOLib_1_0_4" (NTIOLib_1_0_4) - "MSI" - C:\Program Files\msi\Live Update 5\NTIOLib.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR 3.61 Multi\rarext.dll (File found, but it contains no detailed information) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\windows\WindowsMobile\INetRepl.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\windows\WindowsMobile\INetRepl.dll {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corp." - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "KiesHelper" - "Samsung" - C:\Program Files\Samsung\Kies\KiesHelper.exe /s "KiesPDLR" - ? - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "hpqSRMon" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe "Live Update 5" - ? - C:\Program Files\MSI\Live Update 5\BootStartLiveupdate.exe /reminder "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "MGSysCtrl" - ? - C:\Program Files\System Control Manager\MGSysCtrl.exe "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe "Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Micro Star SCM" (Micro Star SCM) - "Micro-Star International Co., Ltd." - C:\Program Files\System Control Manager\MSIService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZipm12.dll "SeaPort" (SeaPort) - "Microsoft Corp." - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-24 19:08:18
-----------------------------
19:08:18.817 OS Version: Windows 6.1.7601 Service Pack 1
19:08:18.817 Number of processors: 4 586 0x2502
19:08:18.820 ComputerName: ARI-MSI UserName: Ari
19:08:20.258 Initialize success
19:08:20.344 AVAST engine defs: 11071801
19:08:25.662 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:08:25.665 Disk 0 Vendor: FUJITSU_ 0000 Size: 476940MB BusType: 3
19:08:25.717 Disk 0 MBR read successfully
19:08:25.720 Disk 0 MBR scan
19:08:25.724 Disk 0 Windows 7 default MBR code
19:08:25.734 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
19:08:25.752 Disk 0 Partition 2 80 (A) 27 Hidden NTFS WinRE NTFS 100 MB offset 20973568
19:08:25.774 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 279952 MB offset 21178368
19:08:25.805 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 186645 MB offset 594521164
19:08:25.816 Disk 0 scanning sectors +976771120
19:08:25.885 Disk 0 scanning C:\windows\system32\drivers
19:08:34.282 Service scanning
19:09:03.070 Modules scanning
19:09:13.977 Disk 0 trace - called modules:
19:09:13.995 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
19:09:14.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x874eeac8]
19:09:14.004 3 CLASSPNP.SYS[8c5a159e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86682028]
19:09:14.010 Scan finished successfully
19:25:15.626 Disk 0 MBR has been saved successfully to "C:\Users\Ari\Desktop\MBR.dat"
19:25:15.632 The log file has been saved successfully to "C:\Users\Ari\Desktop\aswMBR.txt"
|
|
25.06.2012, 08:45
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschlüsselungs-Trojaner auf Win7 Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
__________________Denk dran beide Tools zu updaten vor dem Scan!!
__________________ |
|
26.06.2012, 12:28
| #19 |
| | Windows-Verschlüsselungs-Trojaner auf Win7 Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.19.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Ari :: ARI-MSI [Administrator] Schutz: Aktiviert 25.06.2012 11:44:34 mbam-log-2012-06-25 (11-44-34).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 326420 Laufzeit: 1 Stunde(n), 16 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) SUPERAntiSpyware Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/26/2012 at 01:04 PM
Application Version : 5.1.1002
Core Rules Database Version : 8794
Trace Rules Database Version: 6606
Scan type : Complete Scan
Total Scan Time : 01:23:38
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 1006
Memory threats detected : 0
Registry items scanned : 35570
Registry threats detected : 0
File items scanned : 130872
File threats detected : 590
Adware.Tracking Cookie
C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\ari@adx.chip[1].txt [ /adx.chip ]
C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\EXQEBCD7.txt [ /atdmt.com ]
C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\NIZRVE5N.txt [ /tracking.quisma.com ]
C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\O6HY735T.txt [ /apmebf.com ]
C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\U71V1S83.txt [ /www.zanox-affiliate.de ]
C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\J6NHQCHO.txt [ /ad.dyntracker.de ]
C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\5XCW7I2D.txt [ /mediaplex.com ]
C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\GFDTNHTX.txt [ /dyntracker.com ]
C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\WVFF3Z3X.txt [ /ad.zanox.com ]
C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\TT23OVXF.txt [ /smartadserver.com ]
C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\RZT4U2TP.txt [ /zanox.com ]
C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\OYH1Z058.txt [ /track.adform.net ]
C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\IACM9A7H.txt [ /fastclick.net ]
C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\6XHOX3YX.txt [ /doubleclick.net ]
C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\H6U9M0IT.txt [ /adform.net ]
C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\XJCO3YCZ.txt [ /zanox-affiliate.de ]
C:\USERS\ARI\AppData\Roaming\Microsoft\Windows\Cookies\Low\ari@zanox[1].txt [ Cookie:ari@zanox.com/ ]
C:\USERS\ARI\AppData\Roaming\Microsoft\Windows\Cookies\Low\ari@doubleclick[1].txt [ Cookie:ari@doubleclick.net/ ]
C:\USERS\ARI\AppData\Roaming\Microsoft\Windows\Cookies\Low\ari@webmasterplan[2].txt [ Cookie:ari@webmasterplan.com/ ]
C:\USERS\ARI\Cookies\EXQEBCD7.txt [ Cookie:ari@atdmt.com/ ]
C:\USERS\ARI\Cookies\ari@adx.chip[1].txt [ Cookie:ari@adx.chip.de/ ]
C:\USERS\ARI\Cookies\U71V1S83.txt [ Cookie:ari@www.zanox-affiliate.de/ ]
C:\USERS\ARI\Cookies\J6NHQCHO.txt [ Cookie:ari@ad.dyntracker.de/ ]
C:\USERS\ARI\Cookies\GFDTNHTX.txt [ Cookie:ari@dyntracker.com/ ]
C:\USERS\ARI\Cookies\WVFF3Z3X.txt [ Cookie:ari@ad.zanox.com/ ]
C:\USERS\ARI\Cookies\TT23OVXF.txt [ Cookie:ari@smartadserver.com/ ]
C:\USERS\ARI\Cookies\RZT4U2TP.txt [ Cookie:ari@zanox.com/ ]
C:\USERS\ARI\Cookies\OYH1Z058.txt [ Cookie:ari@track.adform.net/ ]
C:\USERS\ARI\Cookies\6XHOX3YX.txt [ Cookie:ari@doubleclick.net/ ]
C:\USERS\ARI\Cookies\H6U9M0IT.txt [ Cookie:ari@adform.net/ ]
C:\USERS\ARI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ARI@TRAFFICTRACK[1].TXT [ /TRAFFICTRACK ]
.invitemedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.creativdiscount.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.gostats.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
adsrv.admediate.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
adsrv.admediate.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.stepstone.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
rotator.adjuggler.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
rotator.adjuggler.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.biz [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.autoscout24.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.audiag.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.sexcheck.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
track.webtrekk.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.cunda.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.vodafonegroup.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
stat.dealtime.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.shopping.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.mswmw7mobilemainprod.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.klicktel.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.aok.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.jobscanner.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.beiersdorf.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.tedi-discount.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.monstercom.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.tedi-discount.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.deutschepostag.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.financescout24.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.finanzportal20.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.verticaltechmedia.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.verticaltechmedia.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.thomascookag.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.hansenet.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
stats.datengarten.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.de.at.atwola.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.tchibo.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.cmpmedica.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
e2.emediate.se [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
software-download.mediamarkt.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.mediamarkt-fotoservice.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.wlw.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.nextag.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.nextag.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.nordclick.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
pw1.nordclick.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
track.webtrekk.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.e-2dj6aekickc5mlo.stats.esomniture.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.myhammer.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
track.webtrekk.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.amazonservices.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.tracking.hermesworld.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
media.stage-entertainment.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
adserver.tiervermittlung.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
adserver.tiervermittlung.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
adserver.tiervermittlung.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ads1.heimtierheim.eu [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.lokalportal24de.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
adserver.5schritte.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
adserver2.clipkit.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.mobile.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
adserver.wolterskluwer.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.klicktel.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.sim-technik.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.komtrack.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.komtrack.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracker.pegsanalytics.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracker.pegsanalytics.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
server.adform.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.secmedia.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.secmedia.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.bruegelmann.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.bruegelmann.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adpeppermedia.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
media.gan-online.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.fahrrad.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.fahrrad.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.looser.coachandmedia.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.looser.coachandmedia.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
media.gan-online.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.files.bannersnack.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.files.bannersnack.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.urbia.wwe-media.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
delivery.atkmedia.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.dyntracker.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.conrad.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
partners.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.dealtime.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
studivz.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
studivz.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.cewecolor.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.mediamarkt.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.mediamarkt.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.rionordgmbh.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
server.adform.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.avgtechnologies.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.tracking.mindshare.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
adserver.w3anythink.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
adserver.w3anythink.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
adserver.w3anythink.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
a.visualrevenue.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
|
|
26.06.2012, 14:02
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschlüsselungs-Trojaner auf Win7 Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.06.2012, 14:11
| #21 |
| | Windows-Verschlüsselungs-Trojaner auf Win7 Vielen vielen Dank. Bis auf dass die Dateien noch alle unbrauchbar sind, geht wieder alles. Die Bild-Dateien habe ich bereits alle wieder umbenannt, so dass sie sich wieder öffnen lassen. Bei allen anderen Dateien bin ich noch dabei. Bei mir wurden nur die Dateien umbenannt, ganz wilde Namen wie DnAqqfvGeyOJT und so. Dazu wurde noch die Dateierweiterung gelöscht. Mal sehen was ich davon wieder hinbekomme. |
|
26.06.2012, 14:24
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschlüsselungs-Trojaner auf Win7 Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows-Verschlüsselungs-Trojaner auf Win7 |
| administrator, anti-malware, appdata, audiodg.exe, autostart, avira searchfree toolbar, branding, bösartige, ccc.exe, code, dateien, dateisystem, daten, device driver, document, erfolgreich, explorer, gelöscht, heuristiks/extra, heuristiks/shuriken, locker, malwarebytes, microsoft, minute, mom.exe, ntdll.dll, plug-in, quarantäne, registrierung, roaming, searchscopes, software, speicher, test, trojan.fakealert, trojaner, version, version=1.0, win7, windows |
Linear-Darstellung
