Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.12.2011, 22:57   #1
tina01
 
Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop? - Standard

Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?



Hallo zusammen,
zunächst erst einmal vielen Dank an die User, die sich hier immer so viel Mühe geben

Nun zu meinem Problem:
Ich schreibe zur Zeit meine Diplomarbeit und arbeite sowohl an einem Rechner im Institut als auch zu Hause an meinem eigenen Laptop. Kürzlich kam der Systemadministrator zu mir und sagte, auf meinem USB-Stick befindet sich ein Virus in der versteckten Datei "iexplorer.exe". Diese haben sie direkt entfernt.
Des Weiteren meinte er, dass sich diese Datei automatisch auf jeden Rechner/ jedes Speichermedium verbreitet, welche miteinander verbunden werden. Daher wollte ich natürlich herausfinden, inwiefern mein Laptop ebenfalls davon betroffen ist. Eine Systemprüfung mit meinem regulären Virenprogramm (antivir) führte jedoch zu keinem Ergebnis. Malwarebytes findet "nur" einen Fehler in der Registry.
Google hat mich dann hierher geführt :-)

In vielen Foren fand ich Informationen über die Malware mit dem Namen "iexplorer.exe", auf meinem eigenen Laptop kann ich jedoch keinen dieser typischen "Symptome" feststellen. Im Taskmanager ist sie ebenfalls nicht vorhanden. Daher möchte ich euch darum bitten, meine Logfiles einmal zu checken, ob die Datei auf dem USB-Stick von meinem Laptop stammt oder ob sich sonst schädliche Dateien darauf befinden.


Hier zunächst der OTL-Logfile:
Code:
ATTFilter
OTL logfile created on: 02.12.2011 19:03:15 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Tina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 57,97% Memory free
6,09 Gb Paging File | 4,63 Gb Available in Paging File | 76,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 91,09 Gb Total Space | 28,78 Gb Free Space | 31,60% Space Free | Partition Type: NTFS
Drive D: | 194,00 Gb Total Space | 47,33 Gb Free Space | 24,40% Space Free | Partition Type: NTFS
Drive E: | 2,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PC-TINA | User Name: Tina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.02 19:01:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.03.23 23:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2009.10.22 04:44:24 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009.10.22 04:44:18 | 000,113,200 | ---- | M] (VMware, Inc.) -- D:\Programme\VMware Player\vmware-authd.exe
PRC - [2009.10.22 04:44:08 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009.10.22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
PRC - [2009.05.28 07:06:56 | 000,548,864 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.05.15 07:47:58 | 000,692,224 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.12.10 08:07:52 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.08.26 01:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2006.04.20 07:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) -- D:\Program Files\RWTH Aachen\Cisco VPN Client\cvpnd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.03.23 23:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2009.11.28 22:49:38 | 000,079,360 | ---- | M] (SolidWorks) [Disabled | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009.10.22 04:44:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009.10.22 04:44:18 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- D:\Programme\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2009.10.22 04:44:08 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009.10.22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009.10.12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- D:\Programme\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009.09.15 08:50:20 | 000,031,744 | ---- | M] () [On_Demand | Stopped] -- D:\Program Files\RWTH OpenVPN Client\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009.03.19 11:31:52 | 000,083,240 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [Disabled | Stopped] -- D:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006.04.20 07:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- D:\Program Files\RWTH Aachen\Cisco VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005.09.23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.03.23 23:25:38 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.03.23 23:25:14 | 000,046,480 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsmux.sys -- (acsmux)
DRV - [2011.03.23 23:25:14 | 000,036,624 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsint.sys -- (acsint)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.12.17 15:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.10.22 04:45:02 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009.10.22 04:45:00 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009.10.22 04:45:00 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009.10.22 04:44:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009.10.22 03:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009.10.22 00:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009.10.22 00:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009.10.12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- D:\Programme\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.16 10:20:26 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.05.04 15:35:00 | 000,163,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.14 01:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1&cf=d40be6b0-12d4-11e1-9373-001377e6774f
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: D:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.08 13:17:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.08 13:17:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\ProgrammeMozilla Firefox\components [2011.11.13 15:20:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\ProgrammeMozilla Firefox\plugins [2011.11.19 18:35:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.10.28 19:34:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.10.28 19:34:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\ProgrammeMozilla Firefox\components [2011.11.13 15:20:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\ProgrammeMozilla Firefox\plugins [2011.11.19 18:35:39 | 000,000,000 | ---D | M]
 
[2010.07.04 14:10:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\mozilla\Extensions
[2010.07.04 14:10:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.11.19 18:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\pitzgq6f.default\extensions
[2010.09.03 07:16:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\pitzgq6f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.19 18:35:48 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\pitzgq6f.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}
[2010.12.10 23:52:10 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\pitzgq6f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.12.08 21:25:09 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\pitzgq6f.default\extensions\firefox@tvunetworks.com
[2011.11.26 12:58:02 | 000,001,056 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\pitzgq6f.default\searchplugins\icqplugin.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\pitzgq6f.default\searchplugins\startsear.xml
 
========== Chrome  ==========
 
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.84\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.84\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.84\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\ProgrammeMozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: EModel scriptable Plugin (Enabled) = C:\ProgrammeMozilla Firefox\plugins\npEModelPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\ProgrammeMozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Picasa (Enabled) = D:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Veetle TV Player (Enabled) = D:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = D:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = d:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\Programs\PartyGaming\PartyCasino\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\Programs\PartyGaming\PartyCasino\RunApp.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\Poker\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\Poker\PartyPoker\RunApp.exe ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\Programme\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\Programme\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.de/s/v/63.21/uploader2.cab (UploadListView Class)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn-unidsl.rwth-aachen.de/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44EF97D1-4A26-4793-9E1F-CB3D0C9FF610}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A3533B6-7C6C-493F-BD37-5643638D8651}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0E305EC-5891-4B5E-962D-819BBEC3F92F}: DhcpNameServer = 134.130.4.1 134.130.5.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003.09.23 12:57:56 | 000,000,073 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{9cfeca23-5641-11de-8807-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9cfeca23-5641-11de-8807-806e6f6e6963}\Shell\AutoRun\command - "" = E:\install.EXE id= ver=1.0.0.0
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30F493C7-4262-0D50-CCCB-540736B2227A} - Microsoft Windows Media Player 11.0
ActiveX: {338C8641-EAF5-B94C-BDE7-CC21C2A9548E} - Microsoft Windows Media Player 11.0
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {421EE188-85E1-1C3E-1DA1-AE0E65B8B86E} - Browser Customizations
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RWTH Aachen Cisco VPN Client.lnk - D:\Program Files\RWTH Aachen\Cisco VPN Client\vpngui.exe - (Cisco Systems, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
MsConfig - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: NapsterShell - hkey= - key= - D:\Program Files\Napster\napster.exe (Napster)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SolidWorks_CheckForUpdates - hkey= - key= - C:\Program Files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: VMware hqtray - hkey= - key= - D:\Programme\VMware Player\hqtray.exe (VMware, Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.02 19:01:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
[2011.12.02 17:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.02 15:51:36 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Malwarebytes
[2011.12.02 15:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.02 15:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.02 15:51:20 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.02 15:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.24 20:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2011.11.24 20:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011.11.19 18:35:47 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\VshareComplete
[2011.11.19 18:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\VshareComplete
[2011.11.19 18:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin
[2011.11.16 22:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
[2011.11.07 21:13:19 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Simfy
[2011.11.07 21:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011.02.11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.02 19:01:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
[2011.12.02 18:59:33 | 000,000,000 | ---- | M] () -- C:\Users\Tina\defogger_reenable
[2011.12.02 18:58:52 | 000,050,477 | ---- | M] () -- C:\Users\Tina\Desktop\Defogger.exe
[2011.12.02 18:18:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.02 17:38:48 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.02 17:38:48 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.02 15:44:45 | 000,691,906 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.02 15:44:45 | 000,648,292 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.02 15:44:45 | 000,152,200 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.02 15:44:45 | 000,123,646 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.02 15:41:04 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.02 15:38:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.02 15:38:39 | 3150,565,376 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.20 20:27:39 | 000,082,944 | ---- | M] () -- C:\Users\Tina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.16 16:29:51 | 021,233,664 | ---- | M] () -- C:\Users\Tina\Documents\111116_amadeus_v7.accdb
[2011.11.08 13:07:40 | 001,291,006 | ---- | M] () -- C:\Users\Tina\Desktop\IMG_0599.JPG
 
========== Files Created - No Company Name ==========
 
[2011.12.02 18:59:33 | 000,000,000 | ---- | C] () -- C:\Users\Tina\defogger_reenable
[2011.12.02 18:58:51 | 000,050,477 | ---- | C] () -- C:\Users\Tina\Desktop\Defogger.exe
[2011.11.16 08:47:33 | 021,233,664 | ---- | C] () -- C:\Users\Tina\Documents\111116_amadeus_v7.accdb
[2011.11.08 12:58:21 | 001,291,006 | ---- | C] () -- C:\Users\Tina\Desktop\IMG_0599.JPG
[2011.10.13 09:07:48 | 000,000,000 | ---- | C] () -- C:\Users\Tina\AppData\Local\{3E3054D1-AC7B-45B3-A462-977747623890}
[2011.10.05 22:44:49 | 000,004,096 | -H-- | C] () -- C:\Users\Tina\AppData\Local\keyfile3.drm
[2011.01.04 01:46:28 | 000,000,059 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\GoodnightTimer.ini
[2010.09.22 10:32:31 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.02.03 01:05:30 | 000,000,000 | ---- | C] () -- C:\Users\Tina\AppData\Local\Temptable.xml
[2010.01.28 17:53:28 | 000,045,777 | ---- | C] () -- C:\Users\Tina\AppData\Local\Temp_table.xml
[2009.11.28 22:54:53 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2009.11.05 23:04:49 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.11.05 23:04:49 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009.10.26 09:45:08 | 000,024,206 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\UserTile.png
[2009.10.23 18:36:03 | 000,029,752 | ---- | C] () -- C:\Windows\System32\InstHelper.dll
[2009.10.23 18:35:56 | 000,197,680 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.09.13 16:53:31 | 000,082,944 | ---- | C] () -- C:\Users\Tina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.11 12:11:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.11 12:11:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.05 14:15:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.05 12:40:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.06.11 04:32:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.06.11 04:02:20 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2009.06.11 04:01:45 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009.06.11 04:01:45 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009.06.11 03:59:39 | 000,004,280 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009.06.11 03:59:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.06.11 02:23:00 | 000,691,906 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.06.11 02:23:00 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.06.11 02:23:00 | 000,152,200 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.06.11 02:23:00 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.06.11 02:06:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.06.11 02:06:25 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll
[2009.06.11 02:06:24 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.02.09 17:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2007.08.21 20:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2007.02.26 08:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\imagine digital freedom.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,419,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,648,292 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,123,646 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009.09.05 14:42:54 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Amazon
[2011.10.28 15:19:31 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Canneverbe Limited
[2009.12.09 23:36:12 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\DassaultSystemes
[2010.07.20 23:24:50 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Dropbox
[2010.12.10 23:52:10 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.02.03 21:12:48 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\DWGeditor
[2011.10.16 21:36:42 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\ICQ
[2009.11.28 22:56:45 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\IM
[2011.02.08 13:18:01 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Local
[2010.10.02 08:49:58 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Locktime
[2010.04.23 17:07:21 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\OpenOffice.org
[2009.10.26 09:45:07 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\PeerNetworking
[2011.11.07 21:13:19 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Simfy
[2010.07.04 14:09:59 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Thunderbird
[2011.11.19 18:35:47 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\VshareComplete
[2011.11.29 14:44:04 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.07.28 19:18:09 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.07.04 16:42:11 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.06.11 03:53:43 | 000,000,000 | ---D | M] -- C:\Intel
[2009.09.04 15:50:44 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.02 17:22:34 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.02 15:51:24 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.09.05 14:19:47 | 000,000,000 | ---D | M] -- C:\Programme
[2011.11.13 15:21:12 | 000,000,000 | ---D | M] -- C:\ProgrammeMozilla Firefox
[2009.07.08 05:20:26 | 000,000,000 | ---D | M] -- C:\SoftwareMedia
[2011.12.02 19:05:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.09.22 10:24:20 | 000,000,000 | ---D | M] -- C:\Temp
[2009.09.04 15:47:44 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.26 12:54:02 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-02 13:22:01

< End of report >
         

Leider hatte ich Probleme mit den Logfiles. Gmer konnte auch nach mehreren Versuche nicht komplett durchlaufen, nach einer gewissen Zeit hat der Laptop eigenständig einen Neustart durchgeführt. Defogger war ebenfalls nicht möglich (siehe Anhang).

Ich danke schon jetzt für die Hilfe!!
Viele Grüße
Tina

Alt 04.12.2011, 18:54   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop? - Standard

Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?



Automatische Wiedergabe deaktivieren:

Auf dem (neuinstallierten) Windows-Rechner die automatische Wiedergabe (Autorun) auf allen Laufwerken deaktivieren:

Windows XP
: Zur Vereinfachung hab ich mal die noautoplay.reg hochgeladen. Lad das auf dem Desktop herunter, führ die Datei aus und bestätige mit ja. Nach einem Neustart des Rechners ist die automatische Wiedergabe (von Datenträgern) auf allen Laufwerken deaktiviert, d.h. keine CD, kein Stick oder sonstwas startet nach dem Einstecken mehr automatisch.

Windows Vista/7: In der Systemsteuerung unter automatische Wiedergabe von CDs und anderen Medien alles deaktivieren. => siehe auch Einstellungen für automatische Wiedergabe ändern


Mach danach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=d40be6b0-12d4-11e1-9373-001377e6774f
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="
FF - prefs.js..network.proxy.type: 4
[2011.11.26 12:58:02 | 000,001,056 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\pitzgq6f.default\searchplugins\icqplugin.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\pitzgq6f.default\searchplugins\startsear.xml
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003.09.23 12:57:56 | 000,000,073 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{9cfeca23-5641-11de-8807-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9cfeca23-5641-11de-8807-806e6f6e6963}\Shell\AutoRun\command - "" = E:\install.EXE id= ver=1.0.0.0
:Files
D:\downloads\setups\SoftonicDownloader
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________

__________________

Alt 05.12.2011, 16:57   #3
tina01
 
Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop? - Standard

Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?



Hallo Arne,
zunächst einmal vielen Dank. Noch eine kurze Frage, was meinst du mit
Zitat:
Auf dem (neuinstallierten) Windows-Rechner [...]
Heißt das, dass ich erst mein Betriebssystem komplett neu istallieren muss?

Danke und viele Grüße
Tina
__________________

Alt 05.12.2011, 17:58   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop? - Standard

Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?



Ignorier das (neuinstallierte) doch einfach
Nirgendwo war auch nur angedeutet, dass du Windows neu machen musst
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.12.2011, 18:37   #5
tina01
 
Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop? - Standard

Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?



Okay, hätte mich auch gewundert. Aber wollte zur Sicherheit lieber noch mal nachfragen
Hier der Logfile:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: 4 removed from extensions.enabledItems
Prefs.js: 9 removed from extensions.enabledItems
Prefs.js: 1 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" removed from keyword.URL
Prefs.js: 4 removed from network.proxy.type
C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\pitzgq6f.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\pitzgq6f.default\searchplugins\startsear.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}\ deleted successfully.
C:\Program Files\vShare.tv plugin\BarLcher.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
C:\Program Files\vShare\vshare_toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}\ deleted successfully.
File C:\Program Files\vShare.tv plugin\BarLcher.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Program Files\vShare\vshare_toolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Program Files\vShare\vshare_toolbar.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File E:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cfeca23-5641-11de-8807-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cfeca23-5641-11de-8807-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cfeca23-5641-11de-8807-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cfeca23-5641-11de-8807-806e6f6e6963}\ not found.
File E:\install.EXE id= ver=1.0.0.0 not found.
========== FILES ==========
File\Folder D:\downloads\setups\SoftonicDownloader not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Tina
->Temp folder emptied: 955467346 bytes
->Temporary Internet Files folder emptied: 410572823 bytes
->Java cache emptied: 88920972 bytes
->FireFox cache emptied: 144274917 bytes
->Google Chrome cache emptied: 9765072 bytes
->Flash cache emptied: 89150 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1556992 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 484218686 bytes
RecycleBin emptied: 3767148557 bytes
 
Total Files Cleaned = 5.591,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12052011_191942

Files\Folders moved on Reboot...
File\Folder C:\Users\Tina\AppData\Local\Temp\2011-10-14-1193029255_04-RG.PDF  not found!
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2260.log moved successfully.

Registry entries deleted on Reboot...
         
Hat alles geklappt?


Alt 05.12.2011, 19:24   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop? - Standard

Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
--> Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?

Alt 05.12.2011, 23:39   #7
tina01
 
Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop? - Standard

Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?



Sollte alles in Ordnung sein:

Code:
ATTFilter
00:37:34.0417 0956	TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
00:37:34.0807 0956	============================================================
00:37:34.0807 0956	Current date / time: 2011/12/06 00:37:34.0807
00:37:34.0807 0956	SystemInfo:
00:37:34.0807 0956	
00:37:34.0807 0956	OS Version: 6.0.6002 ServicePack: 2.0
00:37:34.0807 0956	Product type: Workstation
00:37:34.0807 0956	ComputerName: PC-TINA
00:37:34.0807 0956	UserName: Tina
00:37:34.0807 0956	Windows directory: C:\Windows
00:37:34.0807 0956	System windows directory: C:\Windows
00:37:34.0807 0956	Processor architecture: Intel x86
00:37:34.0807 0956	Number of processors: 2
00:37:34.0807 0956	Page size: 0x1000
00:37:34.0807 0956	Boot type: Normal boot
00:37:34.0807 0956	============================================================
00:37:35.0197 0956	Initialize success
00:37:43.0013 2956	============================================================
00:37:43.0013 2956	Scan started
00:37:43.0013 2956	Mode: Manual; SigCheck; TDLFS; 
00:37:43.0013 2956	============================================================
00:37:43.0496 2956	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:37:43.0683 2956	ACPI - ok
00:37:43.0761 2956	acsint          (d2c5c56dd26386efa289ea0b92eadfd2) C:\Windows\system32\DRIVERS\acsint.sys
00:37:43.0839 2956	acsint - ok
00:37:43.0902 2956	acsmux          (45d6057452eafe7ac27cab55a0fed296) C:\Windows\system32\DRIVERS\acsmux.sys
00:37:43.0933 2956	acsmux - ok
00:37:43.0995 2956	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
00:37:44.0058 2956	adp94xx - ok
00:37:44.0089 2956	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
00:37:44.0136 2956	adpahci - ok
00:37:44.0151 2956	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
00:37:44.0198 2956	adpu160m - ok
00:37:44.0214 2956	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
00:37:44.0261 2956	adpu320 - ok
00:37:44.0354 2956	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:37:44.0463 2956	AFD - ok
00:37:44.0526 2956	AgereSoftModem  (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
00:37:44.0807 2956	AgereSoftModem - ok
00:37:44.0853 2956	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
00:37:44.0900 2956	agp440 - ok
00:37:44.0931 2956	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:37:44.0947 2956	aic78xx - ok
00:37:44.0978 2956	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
00:37:45.0009 2956	aliide - ok
00:37:45.0056 2956	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
00:37:45.0087 2956	amdagp - ok
00:37:45.0103 2956	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
00:37:45.0150 2956	amdide - ok
00:37:45.0181 2956	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
00:37:45.0321 2956	AmdK7 - ok
00:37:45.0337 2956	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
00:37:45.0431 2956	AmdK8 - ok
00:37:45.0493 2956	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
00:37:45.0509 2956	arc - ok
00:37:45.0555 2956	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
00:37:45.0602 2956	arcsas - ok
00:37:45.0633 2956	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:37:45.0711 2956	AsyncMac - ok
00:37:45.0743 2956	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:37:45.0758 2956	atapi - ok
00:37:45.0852 2956	athr            (f32fee7cb2ee32c1f808409bc8019701) C:\Windows\system32\DRIVERS\athr.sys
00:37:45.0977 2956	athr - ok
00:37:46.0039 2956	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
00:37:46.0055 2956	avgntflt - ok
00:37:46.0086 2956	avipbb          (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys
00:37:46.0101 2956	avipbb - ok
00:37:46.0133 2956	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
00:37:46.0148 2956	avkmgr - ok
00:37:46.0195 2956	bcm4sbxp        (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
00:37:46.0289 2956	bcm4sbxp - ok
00:37:46.0335 2956	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:37:46.0398 2956	Beep - ok
00:37:46.0429 2956	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
00:37:46.0507 2956	blbdrive - ok
00:37:46.0585 2956	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:37:46.0647 2956	bowser - ok
00:37:46.0679 2956	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:37:46.0772 2956	BrFiltLo - ok
00:37:46.0803 2956	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:37:46.0881 2956	BrFiltUp - ok
00:37:46.0897 2956	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:37:46.0975 2956	Brserid - ok
00:37:47.0006 2956	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:37:47.0100 2956	BrSerWdm - ok
00:37:47.0115 2956	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:37:47.0209 2956	BrUsbMdm - ok
00:37:47.0240 2956	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:37:47.0318 2956	BrUsbSer - ok
00:37:47.0381 2956	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:37:47.0490 2956	BTHMODEM - ok
00:37:47.0521 2956	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:37:47.0568 2956	cdfs - ok
00:37:47.0615 2956	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:37:47.0693 2956	cdrom - ok
00:37:47.0724 2956	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
00:37:47.0817 2956	circlass - ok
00:37:47.0849 2956	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:37:47.0880 2956	CLFS - ok
00:37:47.0927 2956	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
00:37:48.0005 2956	CmBatt - ok
00:37:48.0036 2956	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
00:37:48.0067 2956	cmdide - ok
00:37:48.0098 2956	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
00:37:48.0114 2956	Compbatt - ok
00:37:48.0129 2956	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
00:37:48.0145 2956	crcdisk - ok
00:37:48.0176 2956	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
00:37:48.0239 2956	Crusoe - ok
00:37:48.0332 2956	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:37:48.0379 2956	DfsC - ok
00:37:48.0473 2956	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:37:48.0488 2956	disk - ok
00:37:48.0551 2956	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:37:48.0613 2956	drmkaud - ok
00:37:48.0660 2956	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
00:37:48.0707 2956	DXGKrnl - ok
00:37:48.0738 2956	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:37:48.0816 2956	E1G60 - ok
00:37:48.0863 2956	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:37:48.0878 2956	Ecache - ok
00:37:48.0956 2956	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
00:37:49.0019 2956	elxstor - ok
00:37:49.0034 2956	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
00:37:49.0112 2956	ErrDev - ok
00:37:49.0175 2956	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:37:49.0268 2956	exfat - ok
00:37:49.0315 2956	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:37:49.0393 2956	fastfat - ok
00:37:49.0440 2956	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
00:37:49.0518 2956	fdc - ok
00:37:49.0549 2956	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:37:49.0565 2956	FileInfo - ok
00:37:49.0596 2956	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:37:49.0674 2956	Filetrace - ok
00:37:49.0689 2956	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:37:49.0783 2956	flpydisk - ok
00:37:49.0814 2956	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:37:49.0845 2956	FltMgr - ok
00:37:49.0877 2956	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
00:37:49.0939 2956	Fs_Rec - ok
00:37:49.0970 2956	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
00:37:50.0001 2956	gagp30kx - ok
00:37:50.0048 2956	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:37:50.0064 2956	GEARAspiWDM - ok
00:37:50.0142 2956	hcmon           (1f79859a8c1d7c14ef6207852f622add) C:\Windows\system32\drivers\hcmon.sys
00:37:50.0173 2956	hcmon - ok
00:37:50.0235 2956	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
00:37:50.0360 2956	HdAudAddService - ok
00:37:50.0407 2956	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:37:50.0485 2956	HDAudBus - ok
00:37:50.0516 2956	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:37:50.0641 2956	HidBth - ok
00:37:50.0657 2956	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:37:50.0766 2956	HidIr - ok
00:37:50.0813 2956	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:37:50.0859 2956	HidUsb - ok
00:37:50.0906 2956	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
00:37:50.0937 2956	HpCISSs - ok
00:37:51.0000 2956	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
00:37:51.0171 2956	HTTP - ok
00:37:51.0187 2956	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
00:37:51.0234 2956	i2omp - ok
00:37:51.0281 2956	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:37:51.0343 2956	i8042prt - ok
00:37:51.0655 2956	ialm            (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:37:52.0248 2956	ialm - ok
00:37:52.0341 2956	iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
00:37:52.0373 2956	iaStor - ok
00:37:52.0451 2956	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
00:37:52.0497 2956	iaStorV - ok
00:37:52.0778 2956	igfx            (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:37:53.0121 2956	igfx - ok
00:37:53.0137 2956	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:37:53.0184 2956	iirsp - ok
00:37:53.0277 2956	IntcAzAudAddService (64f2ef1749a977917c40f546e72182b3) C:\Windows\system32\drivers\RTKVHDA.sys
00:37:53.0465 2956	IntcAzAudAddService - ok
00:37:53.0511 2956	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
00:37:53.0558 2956	intelide - ok
00:37:53.0589 2956	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:37:53.0636 2956	intelppm - ok
00:37:53.0683 2956	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:37:53.0714 2956	IpFilterDriver - ok
00:37:53.0730 2956	IpInIp - ok
00:37:53.0745 2956	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
00:37:53.0792 2956	IPMIDRV - ok
00:37:53.0823 2956	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:37:53.0855 2956	IPNAT - ok
00:37:53.0886 2956	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:37:53.0948 2956	IRENUM - ok
00:37:53.0964 2956	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
00:37:53.0995 2956	isapnp - ok
00:37:54.0026 2956	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:37:54.0042 2956	iScsiPrt - ok
00:37:54.0073 2956	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:37:54.0104 2956	iteatapi - ok
00:37:54.0120 2956	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:37:54.0167 2956	iteraid - ok
00:37:54.0198 2956	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:37:54.0229 2956	kbdclass - ok
00:37:54.0276 2956	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
00:37:54.0323 2956	kbdhid - ok
00:37:54.0354 2956	KMDFMEMIO       (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
00:37:54.0432 2956	KMDFMEMIO - ok
00:37:54.0479 2956	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
00:37:54.0510 2956	KSecDD - ok
00:37:54.0572 2956	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:37:54.0650 2956	lltdio - ok
00:37:54.0697 2956	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
00:37:54.0728 2956	LSI_FC - ok
00:37:54.0759 2956	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
00:37:54.0806 2956	LSI_SAS - ok
00:37:54.0837 2956	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
00:37:54.0869 2956	LSI_SCSI - ok
00:37:54.0900 2956	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:37:54.0962 2956	luafv - ok
00:37:55.0025 2956	MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
00:37:55.0040 2956	MBAMProtector - ok
00:37:55.0071 2956	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
00:37:55.0103 2956	megasas - ok
00:37:55.0134 2956	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
00:37:55.0212 2956	MegaSR - ok
00:37:55.0243 2956	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:37:55.0321 2956	Modem - ok
00:37:55.0352 2956	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:37:55.0399 2956	monitor - ok
00:37:55.0430 2956	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:37:55.0446 2956	mouclass - ok
00:37:55.0477 2956	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:37:55.0524 2956	mouhid - ok
00:37:55.0555 2956	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:37:55.0571 2956	MountMgr - ok
00:37:55.0602 2956	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
00:37:55.0649 2956	mpio - ok
00:37:55.0695 2956	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:37:55.0789 2956	mpsdrv - ok
00:37:55.0820 2956	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:37:55.0851 2956	Mraid35x - ok
00:37:55.0898 2956	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:37:55.0961 2956	MRxDAV - ok
00:37:55.0992 2956	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:37:56.0039 2956	mrxsmb - ok
00:37:56.0070 2956	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:37:56.0101 2956	mrxsmb10 - ok
00:37:56.0132 2956	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:37:56.0163 2956	mrxsmb20 - ok
00:37:56.0195 2956	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
00:37:56.0226 2956	msahci - ok
00:37:56.0241 2956	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
00:37:56.0304 2956	msdsm - ok
00:37:56.0335 2956	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:37:56.0397 2956	Msfs - ok
00:37:56.0429 2956	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:37:56.0444 2956	msisadrv - ok
00:37:56.0475 2956	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:37:56.0538 2956	MSKSSRV - ok
00:37:56.0585 2956	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:37:56.0647 2956	MSPCLOCK - ok
00:37:56.0678 2956	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:37:56.0725 2956	MSPQM - ok
00:37:56.0756 2956	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:37:56.0787 2956	MsRPC - ok
00:37:56.0803 2956	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:37:56.0819 2956	mssmbios - ok
00:37:56.0881 2956	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:37:56.0959 2956	MSTEE - ok
00:37:56.0990 2956	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:37:57.0006 2956	Mup - ok
00:37:57.0053 2956	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:37:57.0115 2956	NativeWifiP - ok
00:37:57.0162 2956	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:37:57.0193 2956	NDIS - ok
00:37:57.0224 2956	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:37:57.0271 2956	NdisTapi - ok
00:37:57.0302 2956	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:37:57.0349 2956	Ndisuio - ok
00:37:57.0396 2956	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:37:57.0474 2956	NdisWan - ok
00:37:57.0489 2956	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:37:57.0567 2956	NDProxy - ok
00:37:57.0614 2956	Netaapl         (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
00:37:57.0692 2956	Netaapl - ok
00:37:57.0708 2956	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:37:57.0755 2956	NetBIOS - ok
00:37:57.0801 2956	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:37:57.0879 2956	netbt - ok
00:37:58.0004 2956	NETw3v32        (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
00:37:58.0285 2956	NETw3v32 - ok
00:37:58.0316 2956	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:37:58.0332 2956	nfrd960 - ok
00:37:58.0410 2956	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:37:58.0441 2956	Npfs - ok
00:37:58.0472 2956	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:37:58.0535 2956	nsiproxy - ok
00:37:58.0613 2956	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:37:58.0706 2956	Ntfs - ok
00:37:58.0722 2956	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:37:58.0831 2956	ntrigdigi - ok
00:37:58.0847 2956	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:37:58.0909 2956	Null - ok
00:37:58.0940 2956	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
00:37:58.0971 2956	nvraid - ok
00:37:59.0003 2956	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
00:37:59.0034 2956	nvstor - ok
00:37:59.0065 2956	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
00:37:59.0112 2956	nv_agp - ok
00:37:59.0127 2956	NwlnkFlt - ok
00:37:59.0143 2956	NwlnkFwd - ok
00:37:59.0174 2956	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
00:37:59.0237 2956	ohci1394 - ok
00:37:59.0315 2956	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:37:59.0439 2956	Parport - ok
00:37:59.0455 2956	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
00:37:59.0471 2956	partmgr - ok
00:37:59.0502 2956	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:37:59.0595 2956	Parvdm - ok
00:37:59.0642 2956	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:37:59.0658 2956	pci - ok
00:37:59.0689 2956	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
00:37:59.0736 2956	pciide - ok
00:37:59.0798 2956	pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
00:37:59.0845 2956	pcmcia - ok
00:37:59.0907 2956	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:38:00.0079 2956	PEAUTH - ok
00:38:00.0141 2956	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:38:00.0251 2956	PptpMiniport - ok
00:38:00.0282 2956	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
00:38:00.0344 2956	Processor - ok
00:38:00.0391 2956	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:38:00.0438 2956	PSched - ok
00:38:00.0500 2956	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
00:38:00.0641 2956	ql2300 - ok
00:38:00.0672 2956	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:38:00.0719 2956	ql40xx - ok
00:38:00.0734 2956	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:38:00.0797 2956	QWAVEdrv - ok
00:38:00.0812 2956	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:38:00.0890 2956	RasAcd - ok
00:38:00.0921 2956	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:38:00.0984 2956	Rasl2tp - ok
00:38:01.0031 2956	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:38:01.0093 2956	RasPppoe - ok
00:38:01.0109 2956	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:38:01.0140 2956	RasSstp - ok
00:38:01.0187 2956	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:38:01.0218 2956	rdbss - ok
00:38:01.0233 2956	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:38:01.0296 2956	RDPCDD - ok
00:38:01.0327 2956	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
00:38:01.0405 2956	rdpdr - ok
00:38:01.0421 2956	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:38:01.0483 2956	RDPENCDD - ok
00:38:01.0530 2956	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
00:38:01.0608 2956	RDPWD - ok
00:38:01.0639 2956	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:38:01.0686 2956	rspndr - ok
00:38:01.0733 2956	RTL8169         (034033f5a921764d8c4ba6698800d95b) C:\Windows\system32\DRIVERS\Rtlh86.sys
00:38:01.0826 2956	RTL8169 - ok
00:38:01.0857 2956	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:38:01.0889 2956	sbp2port - ok
00:38:01.0920 2956	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
00:38:01.0998 2956	sdbus - ok
00:38:02.0013 2956	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:38:02.0107 2956	secdrv - ok
00:38:02.0138 2956	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:38:02.0216 2956	Serenum - ok
00:38:02.0247 2956	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:38:02.0310 2956	Serial - ok
00:38:02.0341 2956	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:38:02.0372 2956	sermouse - ok
00:38:02.0419 2956	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
00:38:02.0435 2956	sffdisk - ok
00:38:02.0466 2956	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
00:38:02.0513 2956	sffp_mmc - ok
00:38:02.0528 2956	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
00:38:02.0575 2956	sffp_sd - ok
00:38:02.0606 2956	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:38:02.0700 2956	sfloppy - ok
00:38:02.0731 2956	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
00:38:02.0762 2956	sisagp - ok
00:38:02.0793 2956	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
00:38:02.0825 2956	SiSRaid2 - ok
00:38:02.0856 2956	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
00:38:02.0887 2956	SiSRaid4 - ok
00:38:02.0949 2956	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:38:03.0027 2956	Smb - ok
00:38:03.0059 2956	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:38:03.0074 2956	spldr - ok
00:38:03.0137 2956	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:38:03.0183 2956	srv - ok
00:38:03.0215 2956	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:38:03.0246 2956	srv2 - ok
00:38:03.0293 2956	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:38:03.0324 2956	srvnet - ok
00:38:03.0371 2956	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
00:38:03.0386 2956	ssmdrv - ok
00:38:03.0433 2956	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:38:03.0464 2956	swenum - ok
00:38:03.0480 2956	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:38:03.0511 2956	Symc8xx - ok
00:38:03.0542 2956	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:38:03.0573 2956	Sym_hi - ok
00:38:03.0605 2956	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:38:03.0636 2956	Sym_u3 - ok
00:38:03.0714 2956	SynTP           (71837fbce3fd8143953444b3ff7938dc) C:\Windows\system32\DRIVERS\SynTP.sys
00:38:03.0792 2956	SynTP - ok
00:38:03.0823 2956	tap0901         (e930a912c441b14e12dd744e726ed4ce) C:\Windows\system32\DRIVERS\tap0901.sys
00:38:03.0885 2956	tap0901 - ok
00:38:03.0963 2956	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
00:38:04.0057 2956	Tcpip - ok
00:38:04.0088 2956	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
00:38:04.0151 2956	Tcpip6 - ok
00:38:04.0197 2956	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
00:38:04.0260 2956	tcpipreg - ok
00:38:04.0291 2956	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:38:04.0353 2956	TDPIPE - ok
00:38:04.0385 2956	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:38:04.0431 2956	TDTCP - ok
00:38:04.0478 2956	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:38:04.0525 2956	tdx - ok
00:38:04.0556 2956	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:38:04.0603 2956	TermDD - ok
00:38:04.0650 2956	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:38:04.0697 2956	tssecsrv - ok
00:38:04.0728 2956	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:38:04.0806 2956	tunmp - ok
00:38:04.0837 2956	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
00:38:04.0884 2956	tunnel - ok
00:38:04.0899 2956	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
00:38:04.0946 2956	uagp35 - ok
00:38:04.0993 2956	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:38:05.0055 2956	udfs - ok
00:38:05.0118 2956	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
00:38:05.0149 2956	uliagpkx - ok
00:38:05.0196 2956	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
00:38:05.0227 2956	uliahci - ok
00:38:05.0258 2956	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:38:05.0274 2956	UlSata - ok
00:38:05.0305 2956	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:38:05.0321 2956	ulsata2 - ok
00:38:05.0352 2956	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:38:05.0461 2956	umbus - ok
00:38:05.0523 2956	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
00:38:05.0570 2956	USBAAPL - ok
00:38:05.0601 2956	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:38:05.0664 2956	usbccgp - ok
00:38:05.0742 2956	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:38:05.0835 2956	usbcir - ok
00:38:05.0882 2956	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:38:05.0945 2956	usbehci - ok
00:38:05.0991 2956	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:38:06.0023 2956	usbhub - ok
00:38:06.0038 2956	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
00:38:06.0101 2956	usbohci - ok
00:38:06.0163 2956	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:38:06.0225 2956	usbprint - ok
00:38:06.0257 2956	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:38:06.0303 2956	USBSTOR - ok
00:38:06.0335 2956	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:38:06.0366 2956	usbuhci - ok
00:38:06.0413 2956	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
00:38:06.0491 2956	usbvideo - ok
00:38:06.0537 2956	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
00:38:06.0615 2956	vga - ok
00:38:06.0647 2956	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:38:06.0709 2956	VgaSave - ok
00:38:06.0740 2956	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
00:38:06.0756 2956	viaagp - ok
00:38:06.0787 2956	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
00:38:06.0865 2956	ViaC7 - ok
00:38:06.0881 2956	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
00:38:06.0912 2956	viaide - ok
00:38:06.0959 2956	vmci            (f3a7a37d07d2c45e0cf56c764f949e99) C:\Windows\system32\Drivers\vmci.sys
00:38:06.0990 2956	vmci - ok
00:38:07.0021 2956	vmkbd           (5bdd3fbdf10bb329874a38631abf1d3e) C:\Windows\system32\drivers\VMkbd.sys
00:38:07.0068 2956	vmkbd - ok
00:38:07.0115 2956	VMnetAdapter    (e41704d8149992107b333cc7a52c07cc) C:\Windows\system32\DRIVERS\vmnetadapter.sys
00:38:07.0130 2956	VMnetAdapter - ok
00:38:07.0146 2956	VMnetBridge     (462f2a31ea8b87a28962aca998df1869) C:\Windows\system32\DRIVERS\vmnetbridge.sys
00:38:07.0193 2956	VMnetBridge - ok
00:38:07.0224 2956	VMnetuserif     (423cf74235fe72fae568e5709a54267f) C:\Windows\system32\drivers\vmnetuserif.sys
00:38:07.0271 2956	VMnetuserif - ok
00:38:07.0333 2956	vmx86           (755a9afe6665bab01c8013849d3785b1) C:\Windows\system32\Drivers\vmx86.sys
00:38:07.0442 2956	vmx86 - ok
00:38:07.0489 2956	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:38:07.0505 2956	volmgr - ok
00:38:07.0536 2956	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:38:07.0551 2956	volmgrx - ok
00:38:07.0598 2956	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:38:07.0614 2956	volsnap - ok
00:38:07.0676 2956	vpnva           (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys
00:38:07.0692 2956	vpnva - ok
00:38:07.0739 2956	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
00:38:07.0785 2956	vsmraid - ok
00:38:07.0863 2956	vstor2-ws60     (476a052b3ce506ed63a94018f3e979d5) D:\Programme\VMware Player\vstor2-ws60.sys
00:38:07.0879 2956	vstor2-ws60 - ok
00:38:07.0926 2956	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:38:08.0019 2956	WacomPen - ok
00:38:08.0051 2956	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:38:08.0113 2956	Wanarp - ok
00:38:08.0129 2956	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:38:08.0144 2956	Wanarpv6 - ok
00:38:08.0175 2956	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
00:38:08.0191 2956	Wd - ok
00:38:08.0238 2956	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:38:08.0285 2956	Wdf01000 - ok
00:38:08.0363 2956	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
00:38:08.0409 2956	WmiAcpi - ok
00:38:08.0456 2956	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
00:38:08.0487 2956	WpdUsb - ok
00:38:08.0519 2956	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:38:08.0581 2956	ws2ifsl - ok
00:38:08.0628 2956	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:38:08.0690 2956	WUDFRd - ok
00:38:08.0768 2956	MBR (0x1B8)     (61a349592c4728853f4a90ff78f7628e) \Device\Harddisk0\DR0
00:38:09.0158 2956	\Device\Harddisk0\DR0 - ok
00:38:09.0189 2956	Boot (0x1200)   (25e7fb68b4487f3e277afbb8b2c9778e) \Device\Harddisk0\DR0\Partition0
00:38:09.0189 2956	\Device\Harddisk0\DR0\Partition0 - ok
00:38:09.0205 2956	Boot (0x1200)   (ab4c386c14be3c599c6cde3756e9d2f8) \Device\Harddisk0\DR0\Partition1
00:38:09.0205 2956	\Device\Harddisk0\DR0\Partition1 - ok
00:38:09.0205 2956	============================================================
00:38:09.0205 2956	Scan finished
00:38:09.0205 2956	============================================================
00:38:09.0221 4228	Detected object count: 0
00:38:09.0221 4228	Actual detected object count: 0
         
Viele Grüße
Tina

Alt 06.12.2011, 07:30   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop? - Standard

Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.12.2011, 10:46   #9
tina01
 
Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop? - Standard

Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?



erledigt:
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-12-05.04 - Tina 06.12.2011  11:28:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3004.1876 [GMT 1:00]
ausgeführt von:: c:\users\Tina\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tina\AppData\Roaming\Local
c:\windows\system32\drivers\tcpip.copy
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-06 bis 2011-12-06  ))))))))))))))))))))))))))))))
.
.
2011-12-06 10:36 . 2011-12-06 10:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-06 10:01 . 2011-12-06 10:01	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{06DDD8C4-2140-4D43-A8E6-BE9AD4FA702E}\offreg.dll
2011-12-06 00:09 . 2011-12-06 00:09	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2011-12-06 00:05 . 2011-12-06 00:05	--------	d-----w-	c:\program files\Microsoft CAPICOM 2.1.0.2
2011-12-05 18:19 . 2011-12-05 18:19	--------	d-----w-	C:\_OTL
2011-12-04 14:55 . 2011-10-17 11:41	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-12-03 14:18 . 2011-12-03 14:18	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2011-12-03 14:17 . 2011-12-03 14:17	--------	d-----w-	c:\program files\Microsoft Sync Framework
2011-12-03 14:17 . 2011-12-03 14:17	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2011-12-03 14:09 . 2011-12-03 14:09	--------	d-----w-	c:\program files\Microsoft Analysis Services
2011-12-02 16:22 . 2011-12-02 16:22	--------	d-----w-	c:\program files\ESET
2011-12-02 14:51 . 2011-12-02 14:51	--------	d-----w-	c:\users\Tina\AppData\Roaming\Malwarebytes
2011-12-02 14:51 . 2011-12-02 14:51	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-02 14:51 . 2011-12-02 16:15	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-12-02 14:51 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-02 13:21 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{06DDD8C4-2140-4D43-A8E6-BE9AD4FA702E}\mpengine.dll
2011-11-24 19:43 . 2011-11-24 19:43	--------	d-----w-	c:\program files\Cisco
2011-11-19 17:35 . 2011-11-19 17:35	--------	d-----w-	c:\users\Tina\AppData\Roaming\VshareComplete
2011-11-19 17:35 . 2011-11-19 17:35	--------	d-----w-	c:\program files\VshareComplete
2011-11-19 17:35 . 2011-12-05 18:19	--------	d-----w-	c:\program files\vShare.tv plugin
2011-11-13 14:12 . 2011-09-30 15:57	707584	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-13 14:12 . 2011-09-20 21:02	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-07 20:13 . 2011-11-07 20:13	--------	d-----w-	c:\users\Tina\AppData\Roaming\Simfy
2011-11-07 20:13 . 2011-11-17 12:47	--------	d-----w-	c:\program files\Common Files\Adobe AIR
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-13 14:20 . 2011-07-23 09:56	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 12:29 . 2011-10-24 12:29	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 12:29 . 2011-10-24 12:29	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-10-11 13:00 . 2011-10-17 08:53	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-17 08:53	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-11 13:00 . 2011-10-17 08:53	134344	----a-w-	c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-21 7420448]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1049896]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-21 1833504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RWTH Aachen Cisco VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RWTH Aachen Cisco VPN Client.lnk
backup=c:\windows\pss\RWTH Aachen Cisco VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59	937920	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cisco AnyConnect Secure Mobility Agent for Windows]
2011-03-23 22:35	519632	----a-w-	c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15	63360	----a-w-	c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25	1230704	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2010-07-20 15:21	323280	----a-w-	d:\program files\Napster\napster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SolidWorks_CheckForUpdates]
2009-03-19 18:30	7308584	----a-w-	c:\program files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-12-03 20:15	218408	------w-	c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2009-10-22 03:43	64048	----a-w-	d:\programme\VMware Player\hqtray.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 135664]
R3 acsint;acsint;c:\windows\system32\DRIVERS\acsint.sys [2011-03-23 36624]
R3 acsmux;acsmux;c:\windows\system32\DRIVERS\acsmux.sys [2011-03-23 46480]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 CoordinatorServiceHost;SW Distributed TS Coordinator Service;d:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-03-19 83240]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2006-11-14 13312]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-10-22 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-03-23 435152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 20:30]
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 20:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uDefault_Search_URL = 
mStart Page = 
uSearchAssistant = 
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Tina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - d:\programs\PartyGaming\PartyCasino\RunApp.exe
LSP: d:\programme\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn-unidsl.rwth-aachen.de/CACHE/stc/1/binaries/vpnweb.cab
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\pitzgq6f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - d:\programme\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-06 11:36
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2668)
c:\users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
Zeit der Fertigstellung: 2011-12-06  11:39:19
ComboFix-quarantined-files.txt  2011-12-06 10:38
.
Vor Suchlauf: 11 Verzeichnis(se), 34.236.821.504 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 34.362.269.696 Bytes frei
.
- - End Of File - - AD9F248B80278F00CC340829907E00F4
         
--- --- ---


Viele Grüße,
Tina

Alt 06.12.2011, 10:55   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop? - Standard

Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.12.2011, 13:22   #11
tina01
 
Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop? - Standard

Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?



1) GMER
Code:
ATTFilter
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-06 13:01:13
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: sgj1umd5.exe; Driver: C:\Users\Tina\AppData\Local\Temp\pxldapow.sys


---- System - GMER 1.0.15 ----

SSDT            8CCEF9EE                                      ZwCreateSection
SSDT            8CCEF9F8                                      ZwRequestWaitReplyPort
SSDT            8CCEF9F3                                      ZwSetContextThread
SSDT            8CCEF9FD                                      ZwSetSecurityObject
SSDT            8CCEFA02                                      ZwSystemDebugControl
SSDT            8CCEF98F                                      ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!KeInsertQueue + 405              824B59FC 4 Bytes  [EE, F9, CE, 8C]
.text           ntoskrnl.exe!KeInsertQueue + 729              824B5D20 4 Bytes  [F8, F9, CE, 8C]
.text           ntoskrnl.exe!KeInsertQueue + 75D              824B5D54 4 Bytes  [F3, F9, CE, 8C]
.text           ntoskrnl.exe!KeInsertQueue + 7C1              824B5DB8 4 Bytes  [FD, F9, CE, 8C]
.text           ntoskrnl.exe!KeInsertQueue + 809              824B5E00 4 Bytes  [02, FA, CE, 8C]
.text           ...                                           
?               C:\Windows\system32\Drivers\PROCEXP113.SYS    Das System kann die angegebene Datei nicht finden. !
?               C:\Users\Tina\AppData\Local\Temp\catchme.sys  Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0       VMkbd.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0       Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\usbuhci \Device\USBPDO-0              hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-1              hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-2              hcmon.sys
Device          \Driver\usbehci \Device\USBPDO-3              hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-4              hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-5              hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-6              hcmon.sys
Device          \Driver\usbhub \Device\00000070               hcmon.sys
Device          \Driver\usbehci \Device\USBPDO-7              hcmon.sys
Device          \Driver\usbhub \Device\00000071               hcmon.sys
Device          \Driver\usbhub \Device\USBPDO-8               hcmon.sys
Device          \Driver\usbhub \Device\00000072               hcmon.sys
Device          \Driver\usbhub \Device\00000073               hcmon.sys
Device          \Driver\usbhub \Device\00000074               hcmon.sys
Device          \Driver\usbhub \Device\USBPDO-10              hcmon.sys
Device          \Driver\usbhub \Device\USBPDO-11              hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-0              hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-1              hcmon.sys
Device          \Driver\usbhub \Device\0000006d               hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-2              hcmon.sys
Device          \Driver\usbhub \Device\0000006e               hcmon.sys
Device          \Driver\usbehci \Device\USBFDO-3              hcmon.sys
Device          \Driver\usbhub \Device\0000006f               hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-4              hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-5              hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-6              hcmon.sys
Device          \Driver\usbehci \Device\USBFDO-7              hcmon.sys

---- EOF - GMER 1.0.15 ----
         
--- --- ---
2) OSAM
Code:
ATTFilter
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:08:46 on 06.12.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 8.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acsint" (acsint) - "Cisco Systems, Inc." - C:\Windows\System32\DRIVERS\acsint.sys
"acsmux" (acsmux) - "Cisco Systems, Inc." - C:\Windows\System32\DRIVERS\acsmux.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Tina\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"pxldapow" (pxldapow) - ? - C:\Users\Tina\AppData\Local\Temp\pxldapow.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"VMware hcmon" (hcmon) - "VMware, Inc." - C:\Windows\system32\drivers\hcmon.sys
"VMware kbd" (vmkbd) - "VMware, Inc." - C:\Windows\system32\drivers\VMkbd.sys
"VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\Windows\system32\drivers\vmnetuserif.sys
"VMware vmci" (vmci) - "VMware, Inc." - C:\Windows\system32\Drivers\vmci.sys
"VMware vmx86" (vmx86) - "VMware, Inc." - C:\Windows\system32\Drivers\vmx86.sys
"Vstor2 WS60 Virtual Storage Driver" (vstor2-ws60) - "VMware, Inc." - D:\Programme\VMware Player\vstor2-ws60.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} "vsharechrome" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{6A921E8A-C58C-4941-9E71-7946D9DCE941} "CSolidworkPropertyStore Class" - "Dassault Systèmes SolidWorks Corp." - D:\Program Files\SolidWorks Corp\SolidWorks\sldpropertyhandler.dll
{21D928D4-4850-45E3-9982-AD57051ECD42} "EdrawingThumbNailProvider Class" - "Dassault Systèmes SolidWorks Corp." - D:\Program Files\SolidWorks Corp\SolidWorks eDrawings\edrwthumbnailprovider.dll
{E81FFB23-40E2-431C-A041-76AEA0E4B04C} "Enterprise-Projekte" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\NAMEEXT.DLL
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - D:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{72670837-AA64-4C1D-AB58-A9D9D31A1216} "Solidworks Document Thumbnail Handler" - "Dassault Systèmes SolidWorks Corp." - D:\Program Files\SolidWorks Corp\SolidWorks\sldthumbnailprovider.dll
{AB4F43CA-ADCD-4384-B9AF-3CECEA7D6544} "Websites" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\12\BIN\FPNSE.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
Sldworks Shell Extension "{3AFCEAFB-FFC5-403D-AD33-5914AB4B7ECC}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{888078C6-70B2-4F88-8EE7-1F50DDEA6120} "CeWe Color AG & Co. OHG Control" - "CeWe Color AG & Co. OHG" - C:\Windows\Downloaded Program Files\ImageUploader6.ocx / https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
{55963676-2F5E-4BAF-AC28-CF26AA587566} "Cisco AnyConnect VPN Client Web Control" - "Cisco Systems, Inc." - C:\Windows\system32\vpnweb.ocx / https://vpn-unidsl.rwth-aachen.de/CACHE/stc/1/binaries/vpnweb.cab
{CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\Windows\Downloaded Program Files\IPSUploader4.ocx / https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{3D3B42C2-11BF-4732-A304-A01384B70D68} "UploadListView Class" - "Google, Inc." - C:\Windows\Downloaded Program Files\UploaderX.dll / hxxp://picasaweb.google.de/s/v/63.21/uploader2.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
"PartyCasino" - ? - D:\Programs\PartyGaming\PartyCasino\RunApp.exe
"PartyPoker.com" - ? - D:\Programme\Poker\PartyPoker\RunApp.exe
"PokerStars.net" - "PokerStars" - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BCSSync" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe
"iTunesHelper" - "Apple Inc." - "D:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cisco AnyConnect Secure Mobility Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - D:\Program Files\RWTH Aachen\Cisco VPN Client\cvpnd.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"OpenVPN Service" (OpenVPNService) - ? - D:\Program Files\RWTH OpenVPN Client\bin\openvpnserv.exe  (File found, but it contains no detailed information)
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"VMware Agent Service" (ufad-ws60) - "VMware, Inc." - D:\Programme\VMware Player\vmware-ufad.exe
"VMware Authorization Service" (VMAuthdService) - "VMware, Inc." - D:\Programme\VMware Player\vmware-authd.exe
"VMware DHCP Service" (VMnetDHCP) - "VMware, Inc." - C:\Windows\system32\vmnetdhcp.exe
"VMware NAT Service" (VMware NAT Service) - "VMware, Inc." - C:\Windows\system32\vmnat.exe
"VMware USB Arbitration Service" (VMUSBArbService) - "VMware, Inc." - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"VMCI sockets DGRAM" - "VMware, Inc." - D:\Programme\VMware Player\vsocklib.dll
"VMCI sockets STREAM" - "VMware, Inc." - D:\Programme\VMware Player\vsocklib.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
3) aswMBR
Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-06 13:38:51
-----------------------------
13:38:51.142    OS Version: Windows 6.0.6002 Service Pack 2
13:38:51.142    Number of processors: 2 586 0x170A
13:38:51.142    ComputerName: PC-TINA  UserName: Tina
13:38:51.890    Initialize success
13:38:56.165    AVAST engine defs: 11120600
13:38:59.550    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:38:59.550    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
13:38:59.846    Disk 0 MBR read successfully
13:38:59.846    Disk 0 MBR scan
13:38:59.909    Disk 0 unknown MBR code
13:38:59.956    Disk 0 scanning sectors +625139712
13:39:00.065    Disk 0 scanning C:\Windows\system32\drivers
13:39:22.232    Service scanning
13:39:24.136    Modules scanning
13:39:33.511    Disk 0 trace - called modules:
13:39:33.558    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
13:39:33.558    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86332ac8]
13:39:33.574    3 CLASSPNP.SYS[8aaa68b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x857d3028]
13:39:35.227    AVAST engine scan C:\Windows
13:39:38.800    AVAST engine scan C:\Windows\system32
13:41:45.035    AVAST engine scan C:\Windows\system32\drivers
13:41:56.189    AVAST engine scan C:\Users\Tina
14:13:31.824    AVAST engine scan C:\ProgramData
14:17:03.675    Scan finished successfully
14:19:00.160    Disk 0 MBR has been saved successfully to "C:\Users\Tina\Desktop\MBR.dat"
14:19:00.176    The log file has been saved successfully to "C:\Users\Tina\Desktop\aswMBR.txt"
         

Alt 06.12.2011, 13:26   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop? - Standard

Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?



Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.12.2011, 09:06   #13
tina01
 
Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop? - Standard

Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?



Log vom MBRFix:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-06 23:43:08
-----------------------------
23:43:08.708 OS Version: Windows 6.0.6002 Service Pack 2
23:43:08.708 Number of processors: 2 586 0x170A
23:43:08.708 ComputerName: PC-TINA UserName: Tina
23:43:09.472 Initialize success
23:43:18.242 AVAST engine defs: 11120600
23:43:30.240 Verifying
23:43:40.270 Disk 0 Windows 600 MBR fixed successfully
23:49:00.055 Disk 0 MBR has been saved successfully to "C:\Users\Tina\Desktop\MBR.dat"
23:49:00.055 The log file has been saved successfully to "C:\Users\Tina\Desktop\aswMBR_2.txt"


Log nach dem Scan:
Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-07 08:46:33
-----------------------------
08:46:33.223    OS Version: Windows 6.0.6002 Service Pack 2
08:46:33.223    Number of processors: 2 586 0x170A
08:46:33.223    ComputerName: PC-TINA  UserName: Tina
08:46:34.456    Initialize success
08:46:39.464    AVAST engine defs: 11120600
08:46:45.111    The log file has been saved successfully to "C:\Users\Tina\Desktop\aswMBR_3.txt"
08:46:58.145    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:46:58.145    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
08:46:58.192    Disk 0 MBR read successfully
08:46:58.192    Disk 0 MBR scan
08:46:58.223    Disk 0 Windows VISTA default MBR code
08:46:58.223    Disk 0 scanning sectors +625139712
08:46:58.317    Disk 0 scanning C:\Windows\system32\drivers
08:47:09.393    Service scanning
08:47:10.812    Modules scanning
08:47:15.477    Disk 0 trace - called modules:
08:47:15.492    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
08:47:15.508    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8632b690]
08:47:16.023    3 CLASSPNP.SYS[8aaa88b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x857d1028]
08:47:17.115    AVAST engine scan C:\Windows
08:47:20.375    AVAST engine scan C:\Windows\system32
08:49:21.025    AVAST engine scan C:\Windows\system32\drivers
08:49:31.821    AVAST engine scan C:\Users\Tina
09:13:01.218    AVAST engine scan C:\ProgramData
09:16:43.675    Scan finished successfully
10:03:14.063    Disk 0 MBR has been saved successfully to "C:\Users\Tina\Desktop\MBR.dat"
10:03:14.063    The log file has been saved successfully to "C:\Users\Tina\Desktop\aswMBR_3.txt"
         
Nachdem ich mir die Logs angesehen habe, frage ich mich, ob ich den MBRFix komplett hab durchlaufen lassen? Habe ich mich von dem "successfully" vielleicht irritieren lassen? Möchte aber nicht selbstständig einfach noch einmal den Fix durchführen lassen..

Alt 07.12.2011, 11:31   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop? - Standard

Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?



Zitat:
08:46:58.223 Disk 0 Windows VISTA default MBR code
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.12.2011, 17:59   #15
tina01
 
Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop? - Standard

Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?



Hallo,
leider hat es etwas gedauert, da die Scans ja doch einige Zeit benötigen.

1) Malwarebytes:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8327

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

07.12.2011 17:17:34
mbam-log-2011-12-07 (17-17-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 414585
Laufzeit: 2 Stunde(n), 41 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

2) SuperAntySpyware:
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/07/2011 at 08:48 PM

Application Version : 5.0.1136

Core Rules Database Version : 8022
Trace Rules Database Version: 5834

Scan type       : Complete Scan
Total Scan Time : 02:47:51

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 669
Memory threats detected   : 0
Registry items scanned    : 39266
Registry threats detected : 6
File items scanned        : 271460
File threats detected     : 886

Adware.Tracking Cookie
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@ad.adition[2].txt [ /ad.adition ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@ad.yieldmanager[3].txt [ /ad.yieldmanager ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@ad.yieldmanager[4].txt [ /ad.yieldmanager ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@ad.yieldmanager[5].txt [ /ad.yieldmanager ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@ad.zanox[1].txt [ /ad.zanox ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@adbrite[10].txt [ /adbrite ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@adbrite[11].txt [ /adbrite ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@adbrite[1].txt [ /adbrite ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@adbrite[2].txt [ /adbrite ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@adbrite[3].txt [ /adbrite ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@adbrite[4].txt [ /adbrite ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@adbrite[5].txt [ /adbrite ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@adbrite[6].txt [ /adbrite ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@adbrite[7].txt [ /adbrite ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@adbrite[8].txt [ /adbrite ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@adbrite[9].txt [ /adbrite ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@adfarm1.adition[1].txt [ /adfarm1.adition ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@adply.plymedia[1].txt [ /adply.plymedia ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@adply.plymedia[2].txt [ /adply.plymedia ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@adply.plymedia[4].txt [ /adply.plymedia ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@adply.plymedia[5].txt [ /adply.plymedia ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@ads.adk2[1].txt [ /ads.adk2 ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@ads.adk2[2].txt [ /ads.adk2 ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@ads.adk2[3].txt [ /ads.adk2 ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@ads.adk2[5].txt [ /ads.adk2 ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@adserver.adtechus[1].txt [ /adserver.adtechus ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@adx.chip[2].txt [ /adx.chip ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@apmebf[1].txt [ /apmebf ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@apmebf[2].txt [ /apmebf ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@atdmt[2].txt [ /atdmt ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@atwola[1].txt [ /atwola ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@atwola[2].txt [ /atwola ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@bs.serving-sys[1].txt [ /bs.serving-sys ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@bwincom.122.2o7[1].txt [ /bwincom.122.2o7 ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@content.yieldmanager[10].txt [ /content.yieldmanager ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@content.yieldmanager[11].txt [ /content.yieldmanager ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@content.yieldmanager[1].txt [ /content.yieldmanager ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@content.yieldmanager[2].txt [ /content.yieldmanager ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@content.yieldmanager[3].txt [ /content.yieldmanager ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@content.yieldmanager[4].txt [ /content.yieldmanager ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@content.yieldmanager[5].txt [ /content.yieldmanager ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@content.yieldmanager[6].txt [ /content.yieldmanager ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@content.yieldmanager[7].txt [ /content.yieldmanager ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@content.yieldmanager[8].txt [ /content.yieldmanager ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@content.yieldmanager[9].txt [ /content.yieldmanager ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@doubleclick[1].txt [ /doubleclick ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@doubleclick[2].txt [ /doubleclick ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@doubleclick[3].txt [ /doubleclick ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@doubleclick[4].txt [ /doubleclick ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@doubleclick[6].txt [ /doubleclick ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@earlyexperience.partyaccount[2].txt [ /earlyexperience.partyaccount ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@earlyexperience.partyaccount[3].txt [ /earlyexperience.partyaccount ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@earlyexperience.partyaccount[4].txt [ /earlyexperience.partyaccount ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@linksunten.indymedia[1].txt [ /linksunten.indymedia ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@liveperson[1].txt [ /liveperson ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@liveperson[3].txt [ /liveperson ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@mediaplex[1].txt [ /mediaplex ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@mediaplex[3].txt [ /mediaplex ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@secure.partyaccount[2].txt [ /secure.partyaccount ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@server.iad.liveperson[1].txt [ /server.iad.liveperson ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@serving-sys[2].txt [ /serving-sys ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@sevenoneintermedia.112.2o7[1].txt [ /sevenoneintermedia.112.2o7 ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@smartadserver[1].txt [ /smartadserver ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@smartadserver[2].txt [ /smartadserver ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@tradedoubler[2].txt [ /tradedoubler ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@xiti[1].txt [ /xiti ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@zanox[2].txt [ /zanox ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@zedo[1].txt [ /zedo ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\Z7105KWN.txt [ /112.2o7.net ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\DDK43D7X.txt [ /2o7.net ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\6PM7Y2YU.txt [ /ad3.adfarm1.adition.com ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\Y30P8WTR.txt [ /c.atdmt.com ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\IL2Q9BGD.txt [ /doubleclick.net ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\5WK8QHWU.txt [ /adtech.de ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\4ZAOYI64.txt [ /ad.yieldmanager.com ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\MT4L80V9.txt [ /earlyexperience.partyaccount.com ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\KW8OH0A4.txt [ /content.yieldmanager.com ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\0QH8596G.txt [ /adfarm1.adition.com ]
	C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\BHJ4YVVZ.txt [ /atdmt.com ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@adsrv.admediate[3].txt [ Cookie:tina@adsrv.admediate.net/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@eas.apm.emediate[4].txt [ Cookie:tina@eas.apm.emediate.eu/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@tracking.mindshare[4].txt [ Cookie:tina@tracking.mindshare.de/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@112.2o7[2].txt [ Cookie:tina@112.2o7.net/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@ad3.adfarm1.adition[4].txt [ Cookie:tina@ad3.adfarm1.adition.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@casalemedia[2].txt [ Cookie:tina@casalemedia.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@www.etracker[8].txt [ Cookie:tina@www.etracker.de/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@zedo[3].txt [ Cookie:tina@zedo.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@smartadserver[11].txt [ Cookie:tina@smartadserver.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@rambler[2].txt [ Cookie:tina@rambler.ru/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@mediaplex[8].txt [ Cookie:tina@mediaplex.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@content.yieldmanager[11].txt [ Cookie:tina@content.yieldmanager.com/ak/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@CAV6R9XU.txt [ Cookie:tina@de.sitestat.com/laola1/laola1-tv/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@statcounter[6].txt [ Cookie:tina@statcounter.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@media6degrees[4].txt [ Cookie:tina@media6degrees.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@ww251.smartadserver[7].txt [ Cookie:tina@ww251.smartadserver.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@serving-sys[8].txt [ Cookie:tina@serving-sys.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@cms.trafficmp[1].txt [ Cookie:tina@cms.trafficmp.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@studivz.adfarm1.adition[2].txt [ Cookie:tina@studivz.adfarm1.adition.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@advertising[1].txt [ Cookie:tina@advertising.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@adinterax[2].txt [ Cookie:tina@adinterax.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@traffictrack[7].txt [ Cookie:tina@traffictrack.de/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@doubleclick[4].txt [ Cookie:tina@doubleclick.net/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@CACLNU9M.txt [ Cookie:tina@www.googleadservices.com/pagead/conversion/1027018726/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@ads.quartermedia[2].txt [ Cookie:tina@ads.quartermedia.de/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@yieldmanager[1].txt [ Cookie:tina@yieldmanager.net/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@ru4[1].txt [ Cookie:tina@ru4.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@bwincom.122.2o7[1].txt [ Cookie:tina@bwincom.122.2o7.net/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@im.banner.t-online[10].txt [ Cookie:tina@im.banner.t-online.de/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@adtech[7].txt [ Cookie:tina@adtech.de/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@zanox-affiliate[6].txt [ Cookie:tina@zanox-affiliate.de/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@user.lucidmedia[2].txt [ Cookie:tina@user.lucidmedia.com/clicksense/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@daimlerag.122.2o7[2].txt [ Cookie:tina@daimlerag.122.2o7.net/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@www.franke-media[2].txt [ Cookie:tina@www.franke-media.net/piwik/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@track.adform[5].txt [ Cookie:tina@track.adform.net/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@webcount.finn[1].txt [ Cookie:tina@webcount.finn.no/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@imrworldwide[3].txt [ Cookie:tina@imrworldwide.com/cgi-bin ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@CAU4XWIF.txt [ Cookie:tina@de.sitestat.com/otto-de/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@invitemedia[3].txt [ Cookie:tina@invitemedia.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@fl01.ct2.comclick[4].txt [ Cookie:tina@fl01.ct2.comclick.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@ad.adnet[3].txt [ Cookie:tina@ad.adnet.de/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@ad.zanox[5].txt [ Cookie:tina@ad.zanox.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@himedia.individuad[2].txt [ Cookie:tina@himedia.individuad.net/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@CAUPKEDQ.txt [ Cookie:tina@de.sitestat.com/sueddeutsche/sueddeutsche/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@tribalfusion[3].txt [ Cookie:tina@tribalfusion.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@adfarm1.adition[7].txt [ Cookie:tina@adfarm1.adition.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@atdmt[2].txt [ Cookie:tina@atdmt.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@ad2.adfarm1.adition[5].txt [ Cookie:tina@ad2.adfarm1.adition.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@ads.pointroll[1].txt [ Cookie:tina@ads.pointroll.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@eyewonder[3].txt [ Cookie:tina@eyewonder.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@tripod[3].txt [ Cookie:tina@tripod.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@pointroll[3].txt [ Cookie:tina@pointroll.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@CA32LUGQ.txt [ Cookie:tina@de.sitestat.com/otto-de/otto-de/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@tradedoubler[6].txt [ Cookie:tina@tradedoubler.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@partypoker[3].txt [ Cookie:tina@partypoker.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@tracking.hannoversche[3].txt [ Cookie:tina@tracking.hannoversche.de/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@adserver.11freunde[5].txt [ Cookie:tina@adserver.11freunde.de/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@rgadvert[1].txt [ Cookie:tina@rgadvert.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@dfb.stats.yum[2].txt [ Cookie:tina@dfb.stats.yum.de/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@webmasterplan[11].txt [ Cookie:tina@webmasterplan.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@ad.yieldmanager[10].txt [ Cookie:tina@ad.yieldmanager.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@sevenoneintermedia.112.2o7[2].txt [ Cookie:tina@sevenoneintermedia.112.2o7.net/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@statse.webtrendslive[2].txt [ Cookie:tina@statse.webtrendslive.com/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@collective-media[2].txt [ Cookie:tina@collective-media.net/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@specificclick[10].txt [ Cookie:tina@specificclick.net/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@chitika[3].txt [ Cookie:tina@chitika.net/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@tracking.mlsat02[2].txt [ Cookie:tina@tracking.mlsat02.de/tmobile/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@tracking.bmbfcluster[2].txt [ Cookie:tina@tracking.bmbfcluster.de/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@audit.median[2].txt [ Cookie:tina@audit.median.hu/ ]
	C:\USERS\TINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tina@szmstat.sueddeutsche[1].txt [ Cookie:tina@szmstat.sueddeutsche.de/ ]
	C:\USERS\TINA\Cookies\Z7105KWN.txt [ Cookie:tina@112.2o7.net/ ]
	C:\USERS\TINA\Cookies\6PM7Y2YU.txt [ Cookie:tina@ad3.adfarm1.adition.com/ ]
	C:\USERS\TINA\Cookies\tina@adply.plymedia[5].txt [ Cookie:tina@adply.plymedia.com/ ]
	C:\USERS\TINA\Cookies\Y30P8WTR.txt [ Cookie:tina@c.atdmt.com/ ]
	C:\USERS\TINA\Cookies\IL2Q9BGD.txt [ Cookie:tina@doubleclick.net/ ]
	C:\USERS\TINA\Cookies\tina@adx.chip[2].txt [ Cookie:tina@adx.chip.de/ ]
	C:\USERS\TINA\Cookies\tina@bwincom.122.2o7[1].txt [ Cookie:tina@bwincom.122.2o7.net/ ]
	C:\USERS\TINA\Cookies\5WK8QHWU.txt [ Cookie:tina@adtech.de/ ]
	C:\USERS\TINA\Cookies\4ZAOYI64.txt [ Cookie:tina@ad.yieldmanager.com/ ]
	C:\USERS\TINA\Cookies\MT4L80V9.txt [ Cookie:tina@earlyexperience.partyaccount.com/earlyexp/ ]
	C:\USERS\TINA\Cookies\0QH8596G.txt [ Cookie:tina@adfarm1.adition.com/ ]
	C:\USERS\TINA\Cookies\BHJ4YVVZ.txt [ Cookie:tina@atdmt.com/ ]
	.divx.112.2o7.net [ C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.partypoker.com [ C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.partypoker.com [ C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.partypoker.com [ C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.partypoker.com [ C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.partypoker.com [ C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.partypoker.com [ C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.partyaccount.com [ C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	secure-uk.imrworldwide.com [ C:\USERS\TINA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\W8DYA52T ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@EHG-FIFA.HITBOX[1].TXT [ /EHG-FIFA.HITBOX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.SCIENTIFICCOMMONS[1].TXT [ /ADS.SCIENTIFICCOMMONS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@FILEUPLOADX[2].TXT [ /FILEUPLOADX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@DAIMLERAG.122.2O7[1].TXT [ /DAIMLERAG.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@STAT.DF[1].TXT [ /STAT.DF ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@CDN5.SPECIFICCLICK[1].TXT [ /CDN5.SPECIFICCLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SHOP.ZANOX[2].TXT [ /SHOP.ZANOX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADSERV.QUALITY-CHANNEL[1].TXT [ /ADSERV.QUALITY-CHANNEL ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@STATS.BETRADAR[2].TXT [ /STATS.BETRADAR ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@CDN5.SPECIFICCLICK[2].TXT [ /CDN5.SPECIFICCLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.BAUERVERLAG[1].TXT [ /AD.BAUERVERLAG ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADSERV.QUALITY-CHANNEL[2].TXT [ /ADSERV.QUALITY-CHANNEL ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADULTFRIENDFINDER[2].TXT [ /ADULTFRIENDFINDER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@CDN5.SPECIFICCLICK[3].TXT [ /CDN5.SPECIFICCLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@LIBRI.112.2O7[1].TXT [ /LIBRI.112.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@FASTCLICK[3].TXT [ /FASTCLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@FASTCLICK[2].TXT [ /FASTCLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@KOMTRACK[3].TXT [ /KOMTRACK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADSERV.MIOMEDI[1].TXT [ /ADSERV.MIOMEDI ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@UNICREDITGROUP.122.2O7[1].TXT [ /UNICREDITGROUP.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@EBUSINESS.SPRINGER-BUSINESS-MEDIA[1].TXT [ /EBUSINESS.SPRINGER-BUSINESS-MEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@KOMTRACK[4].TXT [ /KOMTRACK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@IPCMEDIA.122.2O7[1].TXT [ /IPCMEDIA.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADSERVER.TRAFFICTRACK[2].TXT [ /ADSERVER.TRAFFICTRACK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADSERVER.TRAFFICTRACK[3].TXT [ /ADSERVER.TRAFFICTRACK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@KOMTRACK[1].TXT [ /KOMTRACK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADSRV1.ADMEDIATE[1].TXT [ /ADSRV1.ADMEDIATE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ICE.112.2O7[1].TXT [ /ICE.112.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.MEDIENHAUS[1].TXT [ /ADS.MEDIENHAUS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@KOMTRACK[2].TXT [ /KOMTRACK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.HOCKEYWEB[2].TXT [ /ADS.HOCKEYWEB ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADBRITE[3].TXT [ /ADBRITE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADBRITE[2].TXT [ /ADBRITE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.US.E-PLANNING[1].TXT [ /ADS.US.E-PLANNING ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.ETRACKER[3].TXT [ /WWW.ETRACKER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.YN-ADS[1].TXT [ /AD.YN-ADS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@LFSTMEDIA[1].TXT [ /LFSTMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.WEBTREKK[11].TXT [ /TRACK.WEBTREKK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.WEBTREKK[10].TXT [ /TRACK.WEBTREKK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@MEDIATOTAL.ADS.VISIONWEB[1].TXT [ /MEDIATOTAL.ADS.VISIONWEB ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@QUESTIONMARKET[4].TXT [ /QUESTIONMARKET ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SERVER.CPMSTAR[2].TXT [ /SERVER.CPMSTAR ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.ETRACKER[4].TXT [ /WWW.ETRACKER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADSERVER.TRAFFICTRACK[4].TXT [ /ADSERVER.TRAFFICTRACK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@YADRO[2].TXT [ /YADRO ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@YADRO[1].TXT [ /YADRO ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.EFFILIATION[5].TXT [ /TRACK.EFFILIATION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.EFFILIATION[2].TXT [ /TRACK.EFFILIATION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.EFFILIATION[1].TXT [ /TRACK.EFFILIATION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.EFFILIATION[3].TXT [ /TRACK.EFFILIATION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADCENTRICONLINE[2].TXT [ /ADCENTRICONLINE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@MEDIATOTAL.ADS.VISIONWEB[2].TXT [ /MEDIATOTAL.ADS.VISIONWEB ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@QUESTIONMARKET[1].TXT [ /QUESTIONMARKET ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@CHITIKA[2].TXT [ /CHITIKA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@INSIGHTEXPRESSAI[2].TXT [ /INSIGHTEXPRESSAI ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.ETRACKER[1].TXT [ /WWW.ETRACKER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.ETRACKER[5].TXT [ /WWW.ETRACKER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AT.ATWOLA[2].TXT [ /AT.ATWOLA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.AMGDGT[1].TXT [ /AD.AMGDGT ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@QUESTIONMARKET[2].TXT [ /QUESTIONMARKET ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.ETRACKER[2].TXT [ /WWW.ETRACKER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.ETRACKER[6].TXT [ /WWW.ETRACKER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@VIDEOEGG.ADBUREAU[2].TXT [ /VIDEOEGG.ADBUREAU ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SPECIFICCLICK[1].TXT [ /SPECIFICCLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SPECIFICCLICK[2].TXT [ /SPECIFICCLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@S4.TRAFFICMAXX[1].TXT [ /S4.TRAFFICMAXX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@UNITYMEDIA.122.2O7[1].TXT [ /UNITYMEDIA.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.QUISMA[10].TXT [ /TRACKING.QUISMA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ZANOX[2].TXT [ /ZANOX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ZANOX[3].TXT [ /ZANOX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@CASALEMEDIA[3].TXT [ /CASALEMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@CASALEMEDIA[1].TXT [ /CASALEMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@S4.TRAFFICMAXX[2].TXT [ /S4.TRAFFICMAXX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.COUNTERSTATISTIK[2].TXT [ /WWW.COUNTERSTATISTIK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.AD-SRV[4].TXT [ /AD.AD-SRV ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.AD-SRV[3].TXT [ /AD.AD-SRV ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.AD-SRV[1].TXT [ /AD.AD-SRV ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@MICROSOFTSTO.112.2O7[1].TXT [ /MICROSOFTSTO.112.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.PUBMATIC[1].TXT [ /ADS.PUBMATIC ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.PUBMATIC[2].TXT [ /ADS.PUBMATIC ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADJUGGLER[1].TXT [ /ADJUGGLER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SPECIFICCLICK[9].TXT [ /SPECIFICCLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SPECIFICCLICK[8].TXT [ /SPECIFICCLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SPECIFICCLICK[7].TXT [ /SPECIFICCLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SPECIFICCLICK[6].TXT [ /SPECIFICCLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SPECIFICCLICK[5].TXT [ /SPECIFICCLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SPECIFICCLICK[4].TXT [ /SPECIFICCLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SPECIFICCLICK[3].TXT [ /SPECIFICCLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@PARTYPOKER[1].TXT [ /PARTYPOKER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.ZANOX[1].TXT [ /AD.ZANOX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.YIELDMANAGER[5].TXT [ /AD.YIELDMANAGER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.YIELDMANAGER[4].TXT [ /AD.YIELDMANAGER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.YIELDMANAGER[3].TXT [ /AD.YIELDMANAGER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.YIELDMANAGER[6].TXT [ /AD.YIELDMANAGER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.COUNTER[1].TXT [ /WWW.COUNTER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.ZANOX[2].TXT [ /AD.ZANOX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ZANOX[8].TXT [ /ZANOX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ZANOX[7].TXT [ /ZANOX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ZANOX[6].TXT [ /ZANOX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ZANOX[5].TXT [ /ZANOX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ZANOX[4].TXT [ /ZANOX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.CREATIVE-SERVING[1].TXT [ /ADS.CREATIVE-SERVING ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@PIWIK.FINDERNET[2].TXT [ /PIWIK.FINDERNET ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WEB.SECMEDIA[2].TXT [ /WEB.SECMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.ZANOX[3].TXT [ /AD.ZANOX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@2O7[1].TXT [ /2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.CREATIVE-SERVING[2].TXT [ /ADS.CREATIVE-SERVING ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@STEPSTONE.112.2O7[1].TXT [ /STEPSTONE.112.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.ERLERSTREETELITE.DE[2].TXT [ /WWW.ERLERSTREETELITE.DE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@E-2DJ6WFKIWOCPSAQ.STATS.ESOMNITURE[1].TXT [ /E-2DJ6WFKIWOCPSAQ.STATS.ESOMNITURE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.ZANOX[4].TXT [ /AD.ZANOX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TACODA[2].TXT [ /TACODA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SMARTADSERVER[10].TXT [ /SMARTADSERVER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.MIXXT[1].TXT [ /TRACKING.MIXXT ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@IBM.122.2O7[1].TXT [ /IBM.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@USER.LUCIDMEDIA[1].TXT [ /USER.LUCIDMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.CREATIVE-SERVING[3].TXT [ /ADS.CREATIVE-SERVING ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADSERVER.INTRO[2].TXT [ /ADSERVER.INTRO ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.MLSAT02[1].TXT [ /TRACKING.MLSAT02 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.YIELDMANAGER[9].TXT [ /AD.YIELDMANAGER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.YIELDMANAGER[7].TXT [ /AD.YIELDMANAGER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.ADITION[2].TXT [ /AD.ADITION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@EHG-LINKSYS.HITBOX[1].TXT [ /EHG-LINKSYS.HITBOX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@GO.DYNAMIC-TRACKING[2].TXT [ /GO.DYNAMIC-TRACKING ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@REVSCI[2].TXT [ /REVSCI ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@UNITYMEDIA[8].TXT [ /UNITYMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADX.CHIP[1].TXT [ /ADX.CHIP ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AUDIAG.112.2O7[1].TXT [ /AUDIAG.112.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRUNITYBE2.122.2O7[1].TXT [ /TRUNITYBE2.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@REVSCI[3].TXT [ /REVSCI ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@UNITYMEDIA[5].TXT [ /UNITYMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@UNITYMEDIA[9].TXT [ /UNITYMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@FINDER[2].TXT [ /FINDER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.ADK2[2].TXT [ /ADS.ADK2 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@2O7[6].TXT [ /2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@2O7[4].TXT [ /2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@2O7[3].TXT [ /2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@REVSCI[4].TXT [ /REVSCI ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@UNITYMEDIA[2].TXT [ /UNITYMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@UNITYMEDIA[6].TXT [ /UNITYMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@POINTROLL[1].TXT [ /POINTROLL ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADSERVER.ADTECHUS[1].TXT [ /ADSERVER.ADTECHUS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.ADSERVER01[3].TXT [ /AD.ADSERVER01 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.ADSERVER01[1].TXT [ /AD.ADSERVER01 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@REVSCI[1].TXT [ /REVSCI ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@UNITYMEDIA[3].TXT [ /UNITYMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@UNITYMEDIA[7].TXT [ /UNITYMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@MEDIADB.KICKER[1].TXT [ /MEDIADB.KICKER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.QUISMA[1].TXT [ /TRACKING.QUISMA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.QUISMA[2].TXT [ /TRACKING.QUISMA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@DC.TREMORMEDIA[2].TXT [ /DC.TREMORMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@BWINCOM.122.2O7[2].TXT [ /BWINCOM.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.MITFAHRZENTRALE[2].TXT [ /ADS.MITFAHRZENTRALE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@HIGHBEAM.122.2O7[1].TXT [ /HIGHBEAM.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.POINTROLL[2].TXT [ /ADS.POINTROLL ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.DC-STORM[2].TXT [ /TRACKING.DC-STORM ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SURVEYMONKEY.122.2O7[1].TXT [ /SURVEYMONKEY.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@MEDIA.PHOTOBUCKET[1].TXT [ /MEDIA.PHOTOBUCKET ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRIBALFUSION[1].TXT [ /TRIBALFUSION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@KEYWORD-ADVERTISING.WEB[2].TXT [ /KEYWORD-ADVERTISING.WEB ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKINGCDN.PORSCHE[1].TXT [ /TRACKINGCDN.PORSCHE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TEST.COREMETRICS[1].TXT [ /TEST.COREMETRICS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SERVING-SYS[1].TXT [ /SERVING-SYS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@RU4[2].TXT [ /RU4 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SERVING-SYS[3].TXT [ /SERVING-SYS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.QUISMA[9].TXT [ /TRACKING.QUISMA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.QUISMA[8].TXT [ /TRACKING.QUISMA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.QUISMA[7].TXT [ /TRACKING.QUISMA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.QUISMA[6].TXT [ /TRACKING.QUISMA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.QUISMA[5].TXT [ /TRACKING.QUISMA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.QUISMA[4].TXT [ /TRACKING.QUISMA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@STAT.ONESTAT[1].TXT [ /STAT.ONESTAT ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.MINDSHARE[1].TXT [ /TRACKING.MINDSHARE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.MINDSHARE[5].TXT [ /TRACKING.MINDSHARE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@DE.AT.ATWOLA[1].TXT [ /DE.AT.ATWOLA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD1.ADFARM1.ADITION[1].TXT [ /AD1.ADFARM1.ADITION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD2.ADFARM1.ADITION[1].TXT [ /AD2.ADFARM1.ADITION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.MINDSHARE[2].TXT [ /TRACKING.MINDSHARE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@MMEDIA.T134[2].TXT [ /MMEDIA.T134 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@EHG-DELTATRE.HITBOX[2].TXT [ /EHG-DELTATRE.HITBOX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SMARTADSERVER[7].TXT [ /SMARTADSERVER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SMARTADSERVER[6].TXT [ /SMARTADSERVER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SMARTADSERVER[5].TXT [ /SMARTADSERVER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADINTERAX[1].TXT [ /ADINTERAX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SMARTADSERVER[8].TXT [ /SMARTADSERVER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SMARTADSERVER[3].TXT [ /SMARTADSERVER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SMARTADSERVER[2].TXT [ /SMARTADSERVER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SMARTADSERVER[1].TXT [ /SMARTADSERVER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SMARTADSERVER[4].TXT [ /SMARTADSERVER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD1.CHEFKOCH[1].TXT [ /AD1.CHEFKOCH ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.MINDSHARE[3].TXT [ /TRACKING.MINDSHARE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@DE.AT.ATWOLA[3].TXT [ /DE.AT.ATWOLA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@EUROS4CLICK[1].TXT [ /EUROS4CLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@STATS.BMW[1].TXT [ /STATS.BMW ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD1.CHEFKOCH[2].TXT [ /AD1.CHEFKOCH ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WEBMASTERPLAN[10].TXT [ /WEBMASTERPLAN ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADSERVER2.CLIPKIT[1].TXT [ /ADSERVER2.CLIPKIT ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SERVING-SYS[7].TXT [ /SERVING-SYS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SERVING-SYS[6].TXT [ /SERVING-SYS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SERVING-SYS[4].TXT [ /SERVING-SYS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@CONTENT.YIELDMANAGER[10].TXT [ /CONTENT.YIELDMANAGER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@EAS.APM.EMEDIATE[3].TXT [ /EAS.APM.EMEDIATE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD3.ADFARM1.ADITION[3].TXT [ /AD3.ADFARM1.ADITION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@CONTENT.YIELDMANAGER[3].TXT [ /CONTENT.YIELDMANAGER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@CONTENT.YIELDMANAGER[7].TXT [ /CONTENT.YIELDMANAGER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD4.ADFARM1.ADITION[2].TXT [ /AD4.ADFARM1.ADITION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.ADFORM[1].TXT [ /TRACK.ADFORM ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@CAREERS.PEOPLECLICK[1].TXT [ /CAREERS.PEOPLECLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD2.ADFARM1.ADITION[4].TXT [ /AD2.ADFARM1.ADITION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD2.ADFARM1.ADITION[2].TXT [ /AD2.ADFARM1.ADITION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@CONTENT.YIELDMANAGER[4].TXT [ /CONTENT.YIELDMANAGER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADSRV.ADMEDIATE[1].TXT [ /ADSRV.ADMEDIATE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ROTATOR.ADJUGGLER[1].TXT [ /ROTATOR.ADJUGGLER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADFARM1.ADITION[9].TXT [ /ADFARM1.ADITION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADFARM1.ADITION[8].TXT [ /ADFARM1.ADITION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADFARM1.ADITION[6].TXT [ /ADFARM1.ADITION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADFARM1.ADITION[5].TXT [ /ADFARM1.ADITION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADFARM1.ADITION[4].TXT [ /ADFARM1.ADITION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADFARM1.ADITION[3].TXT [ /ADFARM1.ADITION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.ADFORM[2].TXT [ /TRACK.ADFORM ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@LIVENATION.122.2O7[1].TXT [ /LIVENATION.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ROTATOR.ADJUGGLER[3].TXT [ /ROTATOR.ADJUGGLER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ROTATOR.ADJUGGLER[2].TXT [ /ROTATOR.ADJUGGLER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@EAS.APM.EMEDIATE[1].TXT [ /EAS.APM.EMEDIATE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@COUNTER.HITSLINK[1].TXT [ /COUNTER.HITSLINK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@CONTENT.YIELDMANAGER[5].TXT [ /CONTENT.YIELDMANAGER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@CONTENT.YIELDMANAGER[9].TXT [ /CONTENT.YIELDMANAGER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.ADFORM[3].TXT [ /TRACK.ADFORM ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SKYDEUTSCHLAND.122.2O7[1].TXT [ /SKYDEUTSCHLAND.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@CONTENT.YIELDMANAGER[6].TXT [ /CONTENT.YIELDMANAGER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.ADFORM[4].TXT [ /TRACK.ADFORM ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.EUROSTREAM[2].TXT [ /ADS.EUROSTREAM ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.GOOGLEADSERVICES[3].TXT [ /WWW.GOOGLEADSERVICES ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.GOOGLEADSERVICES[7].TXT [ /WWW.GOOGLEADSERVICES ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADVERTISER.CONTEXTMATTERS[1].TXT [ /ADVERTISER.CONTEXTMATTERS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.MOVECO[1].TXT [ /ADS.MOVECO ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.GOOGLEADSERVICES[4].TXT [ /WWW.GOOGLEADSERVICES ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRADEDOUBLER[2].TXT [ /TRADEDOUBLER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@EAS4.EMEDIATE[4].TXT [ /EAS4.EMEDIATE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@EAS4.EMEDIATE[2].TXT [ /EAS4.EMEDIATE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@EAS4.EMEDIATE[3].TXT [ /EAS4.EMEDIATE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@EAS4.EMEDIATE[1].TXT [ /EAS4.EMEDIATE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@STAT.HEIMAT[2].TXT [ /STAT.HEIMAT ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRAFFICTRACK[4].TXT [ /TRAFFICTRACK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.GOOGLEADSERVICES[8].TXT [ /WWW.GOOGLEADSERVICES ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.DOODLE[3].TXT [ /ADS.DOODLE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@RTS.PGMEDIASERVE[1].TXT [ /RTS.PGMEDIASERVE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@MSNACCOUNTSERVICES.112.2O7[1].TXT [ /MSNACCOUNTSERVICES.112.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRADEDOUBLER[3].TXT [ /TRADEDOUBLER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRADEDOUBLER[7].TXT [ /TRADEDOUBLER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@DFB.STATS.YUM[1].TXT [ /DFB.STATS.YUM ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRAFFICTRACK[1].TXT [ /TRAFFICTRACK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRAFFICTRACK[5].TXT [ /TRAFFICTRACK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@OPODO.122.2O7[1].TXT [ /OPODO.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.GOOGLEADSERVICES[1].TXT [ /WWW.GOOGLEADSERVICES ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.GOOGLEADSERVICES[5].TXT [ /WWW.GOOGLEADSERVICES ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.GOOGLEADSERVICES[9].TXT [ /WWW.GOOGLEADSERVICES ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ZANOX-AFFILIATE[3].TXT [ /ZANOX-AFFILIATE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ZANOX-AFFILIATE[2].TXT [ /ZANOX-AFFILIATE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ZANOX-AFFILIATE[1].TXT [ /ZANOX-AFFILIATE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ZANOX-AFFILIATE[4].TXT [ /ZANOX-AFFILIATE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@RTS.PGMEDIASERVE[2].TXT [ /RTS.PGMEDIASERVE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WEBMASTERPLAN[1].TXT [ /WEBMASTERPLAN ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WEBMASTERPLAN[2].TXT [ /WEBMASTERPLAN ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TNS-COUNTER[1].TXT [ /TNS-COUNTER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TNS-COUNTER[2].TXT [ /TNS-COUNTER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@INTERCLICK[2].TXT [ /INTERCLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRADEDOUBLER[4].TXT [ /TRADEDOUBLER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.AD-TRACK[2].TXT [ /WWW.AD-TRACK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRAFFICTRACK[2].TXT [ /TRAFFICTRACK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.GOOGLEADSERVICES[2].TXT [ /WWW.GOOGLEADSERVICES ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.GOOGLEADSERVICES[6].TXT [ /WWW.GOOGLEADSERVICES ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@MYHAMMER.122.2O7[1].TXT [ /MYHAMMER.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@BWINBANNER.122.2O7[1].TXT [ /BWINBANNER.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.DOODLE[1].TXT [ /ADS.DOODLE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.LAYERMEDIA-ADSERVER[2].TXT [ /WWW.LAYERMEDIA-ADSERVER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRADEDOUBLER[5].TXT [ /TRADEDOUBLER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRAFFICTRACK[3].TXT [ /TRAFFICTRACK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.CLUBPORTAL[1].TXT [ /ADS.CLUBPORTAL ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.PORTA.EOL[2].TXT [ /AD.PORTA.EOL ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TVTV.122.2O7[1].TXT [ /TVTV.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADVIVA[10].TXT [ /ADVIVA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADVERTISING[2].TXT [ /ADVERTISING ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.ZANOX-AFFILIATE[2].TXT [ /WWW.ZANOX-AFFILIATE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.ZANOX-AFFILIATE[1].TXT [ /WWW.ZANOX-AFFILIATE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.HANNOVERSCHE[4].TXT [ /TRACKING.HANNOVERSCHE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.HANNOVERSCHE[2].TXT [ /TRACKING.HANNOVERSCHE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.HANNOVERSCHE[1].TXT [ /TRACKING.HANNOVERSCHE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TVTV.122.2O7[2].TXT [ /TVTV.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WW251.SMARTADSERVER[5].TXT [ /WW251.SMARTADSERVER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@CCT.CLICKABLE[1].TXT [ /CCT.CLICKABLE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.UNLIKE[2].TXT [ /AD.UNLIKE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ZANOX-AFFILIATE[5].TXT [ /ZANOX-AFFILIATE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADECN[1].TXT [ /ADECN ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WEBMASTERPLAN[7].TXT [ /WEBMASTERPLAN ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WEBMASTERPLAN[8].TXT [ /WEBMASTERPLAN ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WEBMASTERPLAN[5].TXT [ /WEBMASTERPLAN ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WEBMASTERPLAN[6].TXT [ /WEBMASTERPLAN ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WEBMASTERPLAN[3].TXT [ /WEBMASTERPLAN ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WEBMASTERPLAN[4].TXT [ /WEBMASTERPLAN ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ATDMT[1].TXT [ /ATDMT ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WW251.SMARTADSERVER[4].TXT [ /WW251.SMARTADSERVER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WW251.SMARTADSERVER[3].TXT [ /WW251.SMARTADSERVER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WW251.SMARTADSERVER[6].TXT [ /WW251.SMARTADSERVER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WW251.SMARTADSERVER[1].TXT [ /WW251.SMARTADSERVER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WW251.SMARTADSERVER[2].TXT [ /WW251.SMARTADSERVER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADT.TRAFFICTRACK[2].TXT [ /ADT.TRAFFICTRACK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SOLUTION.WEBORAMA[1].TXT [ /SOLUTION.WEBORAMA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@VODAFONEGROUP.122.2O7[1].TXT [ /VODAFONEGROUP.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@VODAFONEGROUP.122.2O7[2].TXT [ /VODAFONEGROUP.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@STATS.GILDEMEISTER[1].TXT [ /STATS.GILDEMEISTER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@DEUTSCHEPOSTAG.112.2O7[1].TXT [ /DEUTSCHEPOSTAG.112.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@HIMEDIA.INDIVIDUAD[1].TXT [ /HIMEDIA.INDIVIDUAD ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.FIFATAINMENT[2].TXT [ /AD.FIFATAINMENT ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.MIKINIMEDIA[2].TXT [ /ADS.MIKINIMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.TRAFFICRANK[1].TXT [ /WWW.TRAFFICRANK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.BEEPWORLD[2].TXT [ /AD.BEEPWORLD ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.ZANOX-AFFILIATE[3].TXT [ /WWW.ZANOX-AFFILIATE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.VG.BASEFARM[1].TXT [ /ADS.VG.BASEFARM ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@MEDIALAND[1].TXT [ /MEDIALAND ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.DLV[1].TXT [ /AD.DLV ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@STUDIVZ.ADFARM1.ADITION[3].TXT [ /STUDIVZ.ADFARM1.ADITION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@STUDIVZ.ADFARM1.ADITION[1].TXT [ /STUDIVZ.ADFARM1.ADITION ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@HIMEDIA.INDIVIDUAD[3].TXT [ /HIMEDIA.INDIVIDUAD ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WW251.SMARTADSERVER[8].TXT [ /WW251.SMARTADSERVER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ENGINE.GOODADVERT[1].TXT [ /ENGINE.GOODADVERT ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@A3.ADSERVER01[1].TXT [ /A3.ADSERVER01 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADSERVER.SEVENLOAD[2].TXT [ /ADSERVER.SEVENLOAD ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.ADSHOPPING[1].TXT [ /ADS.ADSHOPPING ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@HIMEDIA.INDIVIDUAD[4].TXT [ /HIMEDIA.INDIVIDUAD ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@MEDIA6DEGREES[1].TXT [ /MEDIA6DEGREES ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.KLICKTEL[2].TXT [ /TRACKING.KLICKTEL ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.KLICKTEL[1].TXT [ /TRACKING.KLICKTEL ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@APMEBF[2].TXT [ /APMEBF ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.AMBIWEB[2].TXT [ /AD.AMBIWEB ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@M1.WEBSTATS.MOTIGO[2].TXT [ /M1.WEBSTATS.MOTIGO ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@APMEBF[3].TXT [ /APMEBF ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@APMEBF[4].TXT [ /APMEBF ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@DOUBLECLICK[3].TXT [ /DOUBLECLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.ADNET[1].TXT [ /AD.ADNET ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@FRONTLINEGMBH.122.2O7[1].TXT [ /FRONTLINEGMBH.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.ACTIVE-TRACKING[2].TXT [ /WWW.ACTIVE-TRACKING ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@APMEBF[1].TXT [ /APMEBF ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.ADNET[2].TXT [ /AD.ADNET ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@MEDIAPLEX[3].TXT [ /MEDIAPLEX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@MEDIAPLEX[4].TXT [ /MEDIAPLEX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADFORM[1].TXT [ /ADFORM ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@IM.BANNER.T-ONLINE[4].TXT [ /IM.BANNER.T-ONLINE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@IM.BANNER.T-ONLINE[8].TXT [ /IM.BANNER.T-ONLINE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@BLUESTREAK[3].TXT [ /BLUESTREAK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ZEDO[2].TXT [ /ZEDO ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@CLICKSOR[2].TXT [ /CLICKSOR ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@IM.BANNER.T-ONLINE[5].TXT [ /IM.BANNER.T-ONLINE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADTECH[3].TXT [ /ADTECH ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@IM.BANNER.T-ONLINE[1].TXT [ /IM.BANNER.T-ONLINE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@BLUESTREAK[4].TXT [ /BLUESTREAK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@STATSE.WEBTRENDSLIVE[3].TXT [ /STATSE.WEBTRENDSLIVE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADSERVER.BRAVADO[2].TXT [ /ADSERVER.BRAVADO ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.QUARTERMEDIA[1].TXT [ /ADS.QUARTERMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WEBSTATS.HATSCHER[1].TXT [ /WEBSTATS.HATSCHER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SOCIALMEDIA[1].TXT [ /SOCIALMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@CLICK2GO[1].TXT [ /CLICK2GO ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADTECH[4].TXT [ /ADTECH ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@IM.BANNER.T-ONLINE[2].TXT [ /IM.BANNER.T-ONLINE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@IM.BANNER.T-ONLINE[6].TXT [ /IM.BANNER.T-ONLINE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@BLUESTREAK[1].TXT [ /BLUESTREAK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@XITI[2].TXT [ /XITI ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ZEDO[4].TXT [ /ZEDO ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@STATCOUNTER[3].TXT [ /STATCOUNTER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@STATCOUNTER[2].TXT [ /STATCOUNTER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@STATCOUNTER[1].TXT [ /STATCOUNTER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRIPOD[2].TXT [ /TRIPOD ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@STAT.ALDI[1].TXT [ /STAT.ALDI ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@UNITYMEDIA[10].TXT [ /UNITYMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADTECH[1].TXT [ /ADTECH ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADTECH[5].TXT [ /ADTECH ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@IM.BANNER.T-ONLINE[3].TXT [ /IM.BANNER.T-ONLINE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@IM.BANNER.T-ONLINE[7].TXT [ /IM.BANNER.T-ONLINE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@BLUESTREAK[2].TXT [ /BLUESTREAK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ZEDO[1].TXT [ /ZEDO ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SIEMENS.112.2O7[1].TXT [ /SIEMENS.112.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@STATSE.WEBTRENDSLIVE[1].TXT [ /STATSE.WEBTRENDSLIVE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@BS.SERVING-SYS[4].TXT [ /BS.SERVING-SYS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@MEDIAPLEX[6].TXT [ /MEDIAPLEX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@MEDIAPLEX[5].TXT [ /MEDIAPLEX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SEVENONEINTERMEDIA.112.2O7[1].TXT [ /SEVENONEINTERMEDIA.112.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@STAT.IGUS[1].TXT [ /STAT.IGUS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@EPP.EUROSTAT.EC.EUROPA[1].TXT [ /EPP.EUROSTAT.EC.EUROPA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADVIVA[1].TXT [ /ADVIVA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADVIVA[5].TXT [ /ADVIVA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADVIVA[9].TXT [ /ADVIVA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@BS.SERVING-SYS[5].TXT [ /BS.SERVING-SYS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@BS.SERVING-SYS[9].TXT [ /BS.SERVING-SYS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AD.ADC-SERV[1].TXT [ /AD.ADC-SERV ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SPYLOG[1].TXT [ /SPYLOG ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AUDIT.MEDIAN[1].TXT [ /AUDIT.MEDIAN ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TELE2DE.112.2O7[1].TXT [ /TELE2DE.112.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADVIVA[2].TXT [ /ADVIVA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADVIVA[6].TXT [ /ADVIVA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADSERVER.DOCCHECK[2].TXT [ /ADSERVER.DOCCHECK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@BS.SERVING-SYS[2].TXT [ /BS.SERVING-SYS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@BS.SERVING-SYS[6].TXT [ /BS.SERVING-SYS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@AXELSPRINGER.122.2O7[1].TXT [ /AXELSPRINGER.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@REVENUE[2].TXT [ /REVENUE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@GERMANWINGS.112.2O7[1].TXT [ /GERMANWINGS.112.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@STATCOUNTER[4].TXT [ /STATCOUNTER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADVIVA[3].TXT [ /ADVIVA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADVIVA[7].TXT [ /ADVIVA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SAMSUNGFUNCLUB.122.2O7[1].TXT [ /SAMSUNGFUNCLUB.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@BS.SERVING-SYS[3].TXT [ /BS.SERVING-SYS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@BS.SERVING-SYS[7].TXT [ /BS.SERVING-SYS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW2.UNITYMEDIA[2].TXT [ /WWW2.UNITYMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SPYLOG[2].TXT [ /SPYLOG ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADVIVA[4].TXT [ /ADVIVA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.PARTYPOKER[1].TXT [ /WWW.PARTYPOKER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADSERVER.11FREUNDE[3].TXT [ /ADSERVER.11FREUNDE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@FL01.CT2.COMCLICK[2].TXT [ /FL01.CT2.COMCLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@FL01.CT2.COMCLICK[1].TXT [ /FL01.CT2.COMCLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.WEBTREKK[1].TXT [ /TRACK.WEBTREKK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.WEBTREKK[9].TXT [ /TRACK.WEBTREKK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.ONMARKETING[1].TXT [ /TRACKING.ONMARKETING ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.WEBTREKK[6].TXT [ /TRACK.WEBTREKK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADSERVER.11FREUNDE[4].TXT [ /ADSERVER.11FREUNDE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.FINDER[1].TXT [ /WWW.FINDER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADSERVER.CLASHMUSIC[2].TXT [ /ADSERVER.CLASHMUSIC ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.WEBTREKK[2].TXT [ /TRACK.WEBTREKK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@OPTIMIZE.INDIECLICK[1].TXT [ /OPTIMIZE.INDIECLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.WEBTREKK[3].TXT [ /TRACK.WEBTREKK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.WEBTREKK[7].TXT [ /TRACK.WEBTREKK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@MYROITRACKING[1].TXT [ /MYROITRACKING ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.FUNPIC[2].TXT [ /TRACK.FUNPIC ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@A7.ADSERVER01[1].TXT [ /A7.ADSERVER01 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.SPORTWERK[1].TXT [ /ADS.SPORTWERK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@VALUECLICK[2].TXT [ /VALUECLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADSERVER.11FREUNDE[2].TXT [ /ADSERVER.11FREUNDE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.WEBTREKK[4].TXT [ /TRACK.WEBTREKK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.GOOGLEADSERVICES[10].TXT [ /WWW.GOOGLEADSERVICES ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@WWW.GOOGLEADSERVICES[11].TXT [ /WWW.GOOGLEADSERVICES ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADSRV1.247ACTIVEMEDIA[1].TXT [ /ADSRV1.247ACTIVEMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@2O7[2].TXT [ /2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@4STATS[2].TXT [ /4STATS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADS.BASECOM[1].TXT [ /ADS.BASECOM ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ADTECH[2].TXT [ /ADTECH ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@COLLECTIVE-MEDIA[1].TXT [ /COLLECTIVE-MEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@EYEWONDER[1].TXT [ /EYEWONDER ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@FASTCLICK[1].TXT [ /FASTCLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@GUJ.122.2O7[1].TXT [ /GUJ.122.2O7 ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@HITBOX[2].TXT [ /HITBOX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@NEXTAG[1].TXT [ /NEXTAG ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@OVERTURE[1].TXT [ /OVERTURE ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@SERVING-SYS[2].TXT [ /SERVING-SYS ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.WEBTREKK[5].TXT [ /TRACK.WEBTREKK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACK.WEBTREKK[8].TXT [ /TRACK.WEBTREKK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@TRACKING.QUISMA[3].TXT [ /TRACKING.QUISMA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@UNITYMEDIA[1].TXT [ /UNITYMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@VALUECLICK[1].TXT [ /VALUECLICK ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@XITI[1].TXT [ /XITI ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@XM.XTENDMEDIA[2].TXT [ /XM.XTENDMEDIA ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ZBOX.ZANOX[1].TXT [ /ZBOX.ZANOX ]
	C:\USERS\TINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TINA@ZANOX[1].TXT [ /ZANOX ]
	.doubleclick.net [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.olympiaverlag.122.2o7.net [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	www.active-tracking.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	www.active-tracking.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	www.active-tracking.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.a.revenuemax.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	ad.dyntracker.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.aka-cdn-ns.adtech.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	spenden.wikimedia.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	spenden.wikimedia.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	spenden.wikimedia.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	buntebilder.trendymedia.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.urbia.wwe-media.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	media.gan-online.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.ww251.smartadserver.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.bwincom.122.2o7.net [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.at.atwola.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adxpose.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.dyntracker.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.kontera.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	eas4.emediate.eu [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	eas4.emediate.eu [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.www.burstnet.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.yadro.ru [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.yadro.ru [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PITZGQ6F.DEFAULT\COOKIES.SQLITE ]
	.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYCASINO\COOKIES.TXT ]
	earlyexperience.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYCASINO\COOKIES.TXT ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYCASINO\COOKIES.TXT ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYCASINO\COOKIES.TXT ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYCASINO\COOKIES.TXT ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYCASINO\COOKIES.TXT ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYCASINO\COOKIES.TXT ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYCASINO\COOKIES.TXT ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYCASINO\COOKIES.TXT ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYCASINO\COOKIES.TXT ]
	ad.yieldmanager.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYCASINO\COOKIES.TXT ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYCASINO\COOKIES.TXT ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYCASINO\COOKIES.TXT ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYCASINO\COOKIES.TXT ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYCASINO\COOKIES.TXT ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYCASINO\COOKIES.TXT ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYCASINO\COOKIES.TXT ]
	.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
	earlyexperience.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
	ad.yieldmanager.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
	ad.yieldmanager.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
	secure.partyaccount.com [ C:\USERS\TINA\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]

Trojan.Agent/Gen-UsrMgr
	HKLM\System\ControlSet001\Services\OPENVPNSERVICE
	D:\PROGRAM FILES\RWTH OPENVPN CLIENT\BIN\OPENVPNSERV.EXE
	HKLM\System\ControlSet001\Enum\Root\LEGACY_OPENVPNSERVICE
	HKLM\System\ControlSet002\Services\OPENVPNSERVICE
	HKLM\System\ControlSet002\Enum\Root\LEGACY_OPENVPNSERVICE
	HKLM\System\CurrentControlSet\Services\OPENVPNSERVICE
	HKLM\System\CurrentControlSet\Enum\Root\LEGACY_OPENVPNSERVICE

Trojan.Agent/Gen-StartPage
	D:\PROGRAM FILES\PHASE5\PLUGINS\TABELLENZERLEGER.DLL
         
Anmerkung: Das was hier als Trojan.Agent/Gen-UsrMgr identifiziert wurde, ist der VPN-Client von der Uni.

Antwort

Themen zu Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?
antivir, avg, avira, bho, bonjour, c:\windows\system32\rundll32.exe, cisco vpn, converter, defender, error, fehler, firefox, helper, home, iexplorer.exe, install.exe, mozilla thunderbird, mp3, nicht möglich, problem, programm, realtek, required, rundll, scan, senden, software, studio, systemadministrator, taskmanager, usb stick, version=1.0, virus, vista, visual studio



Ähnliche Themen: Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?


  1. Nur Verknüpfungen auf USB Stick und Ständig POP UP Werbung auf dem Laptop
    Plagegeister aller Art und deren Bekämpfung - 29.06.2015 (8)
  2. Laptop sehr langsam und wird schnell heiß wenn man games zockt virus? internet spackt auch oft ab (nur laptop)
    Plagegeister aller Art und deren Bekämpfung - 06.12.2014 (3)
  3. Mein Laptop legt Verknüpfungen am USB Stick an
    Plagegeister aller Art und deren Bekämpfung - 07.05.2014 (29)
  4. USB Stick infiziert - PC auch? - Windows Vista
    Log-Analyse und Auswertung - 16.02.2014 (9)
  5. Laptop bootet Win 8 Installation nicht vom Stick
    Alles rund um Windows - 08.02.2014 (7)
  6. USB-Stick hängt Laptop auf
    Netzwerk und Hardware - 14.01.2014 (3)
  7. GVU auf Netbook, kann man auch mit USB Stick arbeiten?
    Log-Analyse und Auswertung - 30.05.2013 (3)
  8. BKA Trojaner mit explorer.exe in der console ersetzt! Jetzt auch der 2 Laptop infiziert nachdem ein USB Stick eingesteckt wurde!
    Log-Analyse und Auswertung - 27.09.2012 (3)
  9. Conficker - Wurm (Recycler) auf USB-Stick bzw. Laptop
    Log-Analyse und Auswertung - 14.07.2012 (1)
  10. Auch bei mir 50 € Virus - wie bringe ich mein Laptop wieder zum Laufen?
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (7)
  11. Antivirus für USB-Stick das auch Archive und Image untersucht
    Antiviren-, Firewall- und andere Schutzprogramme - 09.09.2011 (11)
  12. TR/ATRAPS.gen auf Stick - Computer auch befallen?
    Log-Analyse und Auswertung - 05.07.2011 (10)
  13. Wurm auf USB-Stick. Laptop infiziert?
    Plagegeister aller Art und deren Bekämpfung - 14.03.2011 (2)
  14. Virus auf USB-Stick? - USB-Stick wird beim Einstecken als Ordner angezeigt.
    Antiviren-, Firewall- und andere Schutzprogramme - 21.07.2010 (5)
  15. Laptop Startet Nicht, Abgesicherter Modus auch nicht! Virus... Was machen?
    Plagegeister aller Art und deren Bekämpfung - 05.12.2009 (2)
  16. Auch das Problem mit den 2 iexplorer.exe
    Log-Analyse und Auswertung - 13.12.2007 (10)
  17. Wenn ich IExplorer starte hängt sich mein laptop
    Mülltonne - 20.09.2007 (1)

Zum Thema Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop? - Hallo zusammen, zunächst erst einmal vielen Dank an die User, die sich hier immer so viel Mühe geben Nun zu meinem Problem: Ich schreibe zur Zeit meine Diplomarbeit und arbeite - Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop?...
Archiv
Du betrachtest: Virus auf USB-Stick (iexplorer.exe) - auch auf dem Laptop? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.