Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows-Verschlüsselungs-Trojaner auf Win7

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.06.2012, 16:25   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



SRy ich hab mich in meinen Bausteinen verklickt

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.06.2012, 20:09   #17
McManaman
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



gmer.txt

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-22 12:21:14
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000
Running: 03hl90c8.exe; Driver: C:\Users\Ari\AppData\Local\Temp\fxldrpog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwAllocateVirtualMemory [0x94AC6D8C]
SSDT            94C68AAE                                                                                                               ZwCreateSection
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwFreeVirtualMemory [0x94AC6E3C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwProtectVirtualMemory [0x94AC6ED4]
SSDT            94C68AB8                                                                                                               ZwRequestWaitReplyPort
SSDT            94C68AB3                                                                                                               ZwSetContextThread
SSDT            94C68ABD                                                                                                               ZwSetSecurityObject
SSDT            94C68AC2                                                                                                               ZwSystemDebugControl
SSDT            94C68A4F                                                                                                               ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                               8344F3C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                 83488D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                                    8348FDA8 4 Bytes  [8C, 6D, AC, 94] {MOV WORD [EBP-0x54], GS; XCHG ESP, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                    8348FEAC 4 Bytes  [AE, 8A, C6, 94] {SCASB ; MOV AL, DH; XCHG ESP, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 12B3                                                                                    8348FF68 4 Bytes  [3C, 6E, AC, 94] {CMP AL, 0x6e; LODSB ; XCHG ESP, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1403                                                                                    834900B8 4 Bytes  [D4, 6E, AC, 94] {AAM 0x6e; LODSB ; XCHG ESP, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                    83490208 4 Bytes  [B8, 8A, C6, 94]
.text           ...                                                                                                                    
.text           C:\windows\system32\DRIVERS\atipmdag.sys                                                                               section is writeable [0x9521D000, 0x2CBE50, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[452] ntdll.dll!LdrUnloadDll                                           77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[452] ntdll.dll!LdrLoadDll                                             77D3223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[452] kernel32.dll!GetBinaryTypeW + 70                                 76AE69F4 1 Byte  [62]
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[452] USER32.dll!UnhookWindowsHookEx                                   7651ADF9 5 Bytes  JMP 00080A08 
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[452] USER32.dll!UnhookWinEvent                                        7651B750 5 Bytes  JMP 000803FC 
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[452] USER32.dll!SetWindowsHookExW                                     7651E30C 5 Bytes  JMP 00080804 
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[452] USER32.dll!SetWinEventHook                                       765224DC 5 Bytes  JMP 000801F8 
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[452] USER32.dll!SetWindowsHookExA                                     76546D0C 5 Bytes  JMP 00080600 
.text           C:\windows\system32\csrss.exe[492] kernel32.dll!GetBinaryTypeW + 70                                                    76AE69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[500] ntdll.dll!LdrUnloadDll                                                            77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[500] ntdll.dll!LdrLoadDll                                                              77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[500] kernel32.dll!GetBinaryTypeW + 70                                                  76AE69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[500] USER32.dll!UnhookWindowsHookEx                                                    7651ADF9 5 Bytes  JMP 004F0A08 
.text           C:\windows\system32\svchost.exe[500] USER32.dll!UnhookWinEvent                                                         7651B750 5 Bytes  JMP 004F03FC 
.text           C:\windows\system32\svchost.exe[500] USER32.dll!SetWindowsHookExW                                                      7651E30C 5 Bytes  JMP 004F0804 
.text           C:\windows\system32\svchost.exe[500] USER32.dll!SetWinEventHook                                                        765224DC 5 Bytes  JMP 004F01F8 
.text           C:\windows\system32\svchost.exe[500] USER32.dll!SetWindowsHookExA                                                      76546D0C 5 Bytes  JMP 004F0600 
.text           C:\windows\system32\wininit.exe[572] ntdll.dll!LdrUnloadDll                                                            77D2C86E 5 Bytes  JMP 000303FC 
.text           C:\windows\system32\wininit.exe[572] ntdll.dll!LdrLoadDll                                                              77D3223E 5 Bytes  JMP 000301F8 
.text           C:\windows\system32\wininit.exe[572] kernel32.dll!GetBinaryTypeW + 70                                                  76AE69F4 1 Byte  [62]
.text           C:\windows\system32\wininit.exe[572] USER32.dll!UnhookWindowsHookEx                                                    7651ADF9 5 Bytes  JMP 00050A08 
.text           C:\windows\system32\wininit.exe[572] USER32.dll!UnhookWinEvent                                                         7651B750 5 Bytes  JMP 000503FC 
.text           C:\windows\system32\wininit.exe[572] USER32.dll!SetWindowsHookExW                                                      7651E30C 5 Bytes  JMP 00050804 
.text           C:\windows\system32\wininit.exe[572] USER32.dll!SetWinEventHook                                                        765224DC 5 Bytes  JMP 000501F8 
.text           C:\windows\system32\wininit.exe[572] USER32.dll!SetWindowsHookExA                                                      76546D0C 5 Bytes  JMP 00050600 
.text           C:\windows\system32\csrss.exe[584] kernel32.dll!GetBinaryTypeW + 70                                                    76AE69F4 1 Byte  [62]
.text           C:\windows\system32\services.exe[624] ntdll.dll!LdrUnloadDll                                                           77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\services.exe[624] ntdll.dll!LdrLoadDll                                                             77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\services.exe[624] kernel32.dll!GetBinaryTypeW + 70                                                 76AE69F4 1 Byte  [62]
.text           C:\windows\system32\services.exe[624] USER32.dll!UnhookWindowsHookEx                                                   7651ADF9 5 Bytes  JMP 00190A08 
.text           C:\windows\system32\services.exe[624] USER32.dll!UnhookWinEvent                                                        7651B750 5 Bytes  JMP 001903FC 
.text           C:\windows\system32\services.exe[624] USER32.dll!SetWindowsHookExW                                                     7651E30C 5 Bytes  JMP 00190804 
.text           C:\windows\system32\services.exe[624] USER32.dll!SetWinEventHook                                                       765224DC 5 Bytes  JMP 001901F8 
.text           C:\windows\system32\services.exe[624] USER32.dll!SetWindowsHookExA                                                     76546D0C 5 Bytes  JMP 00190600 
.text           C:\windows\system32\lsass.exe[636] ntdll.dll!LdrUnloadDll                                                              77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\lsass.exe[636] ntdll.dll!LdrLoadDll                                                                77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\lsass.exe[636] kernel32.dll!GetBinaryTypeW + 70                                                    76AE69F4 1 Byte  [62]
.text           C:\windows\system32\lsm.exe[644] ntdll.dll!LdrUnloadDll                                                                77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\lsm.exe[644] ntdll.dll!LdrLoadDll                                                                  77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\lsm.exe[644] kernel32.dll!GetBinaryTypeW + 70                                                      76AE69F4 1 Byte  [62]
.text           C:\Program Files\System Control Manager\MSIService.exe[692] ntdll.dll!LdrUnloadDll                                     77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\System Control Manager\MSIService.exe[692] ntdll.dll!LdrLoadDll                                       77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\System Control Manager\MSIService.exe[692] kernel32.dll!GetBinaryTypeW + 70                           76AE69F4 1 Byte  [62]
.text           C:\Program Files\System Control Manager\MSIService.exe[692] USER32.dll!UnhookWindowsHookEx                             7651ADF9 5 Bytes  JMP 00200A08 
.text           C:\Program Files\System Control Manager\MSIService.exe[692] USER32.dll!UnhookWinEvent                                  7651B750 5 Bytes  JMP 002003FC 
.text           C:\Program Files\System Control Manager\MSIService.exe[692] USER32.dll!SetWindowsHookExW                               7651E30C 5 Bytes  JMP 00200804 
.text           C:\Program Files\System Control Manager\MSIService.exe[692] USER32.dll!SetWinEventHook                                 765224DC 5 Bytes  JMP 002001F8 
.text           C:\Program Files\System Control Manager\MSIService.exe[692] USER32.dll!SetWindowsHookExA                               76546D0C 5 Bytes  JMP 00200600 
.text           C:\windows\system32\svchost.exe[768] ntdll.dll!LdrUnloadDll                                                            77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[768] ntdll.dll!LdrLoadDll                                                              77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[768] kernel32.dll!GetBinaryTypeW + 70                                                  76AE69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[768] USER32.dll!UnhookWindowsHookEx                                                    7651ADF9 5 Bytes  JMP 002C0A08 
.text           C:\windows\system32\svchost.exe[768] USER32.dll!UnhookWinEvent                                                         7651B750 5 Bytes  JMP 002C03FC 
.text           C:\windows\system32\svchost.exe[768] USER32.dll!SetWindowsHookExW                                                      7651E30C 5 Bytes  JMP 002C0804 
.text           C:\windows\system32\svchost.exe[768] USER32.dll!SetWinEventHook                                                        765224DC 5 Bytes  JMP 002C01F8 
.text           C:\windows\system32\svchost.exe[768] USER32.dll!SetWindowsHookExA                                                      76546D0C 5 Bytes  JMP 002C0600 
.text           C:\windows\system32\winlogon.exe[808] ntdll.dll!LdrUnloadDll                                                           77D2C86E 5 Bytes  JMP 000303FC 
.text           C:\windows\system32\winlogon.exe[808] ntdll.dll!LdrLoadDll                                                             77D3223E 5 Bytes  JMP 000301F8 
.text           C:\windows\system32\winlogon.exe[808] kernel32.dll!GetBinaryTypeW + 70                                                 76AE69F4 1 Byte  [62]
.text           C:\windows\system32\winlogon.exe[808] USER32.dll!UnhookWindowsHookEx                                                   7651ADF9 5 Bytes  JMP 000C0A08 
.text           C:\windows\system32\winlogon.exe[808] USER32.dll!UnhookWinEvent                                                        7651B750 5 Bytes  JMP 000C03FC 
.text           C:\windows\system32\winlogon.exe[808] USER32.dll!SetWindowsHookExW                                                     7651E30C 5 Bytes  JMP 000C0804 
.text           C:\windows\system32\winlogon.exe[808] USER32.dll!SetWinEventHook                                                       765224DC 5 Bytes  JMP 000C01F8 
.text           C:\windows\system32\winlogon.exe[808] USER32.dll!SetWindowsHookExA                                                     76546D0C 5 Bytes  JMP 000C0600 
.text           C:\windows\system32\svchost.exe[904] ntdll.dll!LdrUnloadDll                                                            77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[904] ntdll.dll!LdrLoadDll                                                              77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[904] kernel32.dll!GetBinaryTypeW + 70                                                  76AE69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[904] user32.dll!UnhookWindowsHookEx                                                    7651ADF9 5 Bytes  JMP 001D0A08 
.text           C:\windows\system32\svchost.exe[904] user32.dll!UnhookWinEvent                                                         7651B750 5 Bytes  JMP 001D03FC 
.text           C:\windows\system32\svchost.exe[904] user32.dll!SetWindowsHookExW                                                      7651E30C 5 Bytes  JMP 001D0804 
.text           C:\windows\system32\svchost.exe[904] user32.dll!SetWinEventHook                                                        765224DC 5 Bytes  JMP 001D01F8 
.text           C:\windows\system32\svchost.exe[904] user32.dll!SetWindowsHookExA                                                      76546D0C 5 Bytes  JMP 001D0600 
.text           C:\windows\system32\atiesrxx.exe[968] ntdll.dll!LdrUnloadDll                                                           77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\windows\system32\atiesrxx.exe[968] ntdll.dll!LdrLoadDll                                                             77D3223E 5 Bytes  JMP 001601F8 
.text           C:\windows\system32\atiesrxx.exe[968] kernel32.dll!GetBinaryTypeW + 70                                                 76AE69F4 1 Byte  [62]
.text           C:\windows\system32\atiesrxx.exe[968] USER32.dll!UnhookWindowsHookEx                                                   7651ADF9 5 Bytes  JMP 001F0A08 
.text           C:\windows\system32\atiesrxx.exe[968] USER32.dll!UnhookWinEvent                                                        7651B750 5 Bytes  JMP 001F03FC 
.text           C:\windows\system32\atiesrxx.exe[968] USER32.dll!SetWindowsHookExW                                                     7651E30C 5 Bytes  JMP 001F0804 
.text           C:\windows\system32\atiesrxx.exe[968] USER32.dll!SetWinEventHook                                                       765224DC 5 Bytes  JMP 001F01F8 
.text           C:\windows\system32\atiesrxx.exe[968] USER32.dll!SetWindowsHookExA                                                     76546D0C 5 Bytes  JMP 001F0600 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1008] ntdll.dll!LdrUnloadDll                    77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1008] ntdll.dll!LdrLoadDll                      77D3223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1008] kernel32.dll!GetBinaryTypeW + 70          76AE69F4 1 Byte  [62]
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1008] USER32.dll!UnhookWindowsHookEx            7651ADF9 5 Bytes  JMP 00100A08 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1008] USER32.dll!UnhookWinEvent                 7651B750 5 Bytes  JMP 001003FC 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1008] USER32.dll!SetWindowsHookExW              7651E30C 5 Bytes  JMP 00100804 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1008] USER32.dll!SetWinEventHook                765224DC 5 Bytes  JMP 001001F8 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1008] USER32.dll!SetWindowsHookExA              76546D0C 5 Bytes  JMP 00100600 
.text           C:\windows\System32\svchost.exe[1044] ntdll.dll!LdrUnloadDll                                                           77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\System32\svchost.exe[1044] ntdll.dll!LdrLoadDll                                                             77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\System32\svchost.exe[1044] kernel32.dll!GetBinaryTypeW + 70                                                 76AE69F4 1 Byte  [62]
.text           C:\windows\System32\svchost.exe[1044] USER32.dll!UnhookWindowsHookEx                                                   7651ADF9 5 Bytes  JMP 00140A08 
.text           C:\windows\System32\svchost.exe[1044] USER32.dll!UnhookWinEvent                                                        7651B750 5 Bytes  JMP 001403FC 
.text           C:\windows\System32\svchost.exe[1044] USER32.dll!SetWindowsHookExW                                                     7651E30C 5 Bytes  JMP 00140804 
.text           C:\windows\System32\svchost.exe[1044] USER32.dll!SetWinEventHook                                                       765224DC 5 Bytes  JMP 001401F8 
.text           C:\windows\System32\svchost.exe[1044] USER32.dll!SetWindowsHookExA                                                     76546D0C 5 Bytes  JMP 00140600 
.text           C:\windows\System32\svchost.exe[1076] ntdll.dll!LdrUnloadDll                                                           77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\System32\svchost.exe[1076] ntdll.dll!LdrLoadDll                                                             77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\System32\svchost.exe[1076] kernel32.dll!GetBinaryTypeW + 70                                                 76AE69F4 1 Byte  [62]
.text           C:\windows\System32\svchost.exe[1076] USER32.dll!UnhookWindowsHookEx                                                   7651ADF9 5 Bytes  JMP 003D0A08 
.text           C:\windows\System32\svchost.exe[1076] USER32.dll!UnhookWinEvent                                                        7651B750 5 Bytes  JMP 003D03FC 
.text           C:\windows\System32\svchost.exe[1076] USER32.dll!SetWindowsHookExW                                                     7651E30C 5 Bytes  JMP 003D0804 
.text           C:\windows\System32\svchost.exe[1076] USER32.dll!SetWinEventHook                                                       765224DC 5 Bytes  JMP 003D01F8 
.text           C:\windows\System32\svchost.exe[1076] USER32.dll!SetWindowsHookExA                                                     76546D0C 5 Bytes  JMP 003D0600 
.text           C:\windows\system32\svchost.exe[1116] ntdll.dll!LdrUnloadDll                                                           77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[1116] ntdll.dll!LdrLoadDll                                                             77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[1116] kernel32.dll!GetBinaryTypeW + 70                                                 76AE69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[1116] USER32.dll!UnhookWindowsHookEx                                                   7651ADF9 5 Bytes  JMP 00B10A08 
.text           C:\windows\system32\svchost.exe[1116] USER32.dll!UnhookWinEvent                                                        7651B750 5 Bytes  JMP 00B103FC 
.text           C:\windows\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExW                                                     7651E30C 5 Bytes  JMP 00B10804 
.text           C:\windows\system32\svchost.exe[1116] USER32.dll!SetWinEventHook                                                       765224DC 5 Bytes  JMP 00B101F8 
.text           C:\windows\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExA                                                     76546D0C 5 Bytes  JMP 00B10600 
.text           C:\windows\system32\svchost.exe[1248] ntdll.dll!LdrUnloadDll                                                           77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[1248] ntdll.dll!LdrLoadDll                                                             77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[1248] kernel32.dll!GetBinaryTypeW + 70                                                 76AE69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[1248] USER32.dll!UnhookWindowsHookEx                                                   7651ADF9 5 Bytes  JMP 00470A08 
.text           C:\windows\system32\svchost.exe[1248] USER32.dll!UnhookWinEvent                                                        7651B750 5 Bytes  JMP 004703FC 
.text           C:\windows\system32\svchost.exe[1248] USER32.dll!SetWindowsHookExW                                                     7651E30C 5 Bytes  JMP 00470804 
.text           C:\windows\system32\svchost.exe[1248] USER32.dll!SetWinEventHook                                                       765224DC 5 Bytes  JMP 004701F8 
.text           C:\windows\system32\svchost.exe[1248] USER32.dll!SetWindowsHookExA                                                     76546D0C 5 Bytes  JMP 00470600 
.text           C:\windows\system32\atieclxx.exe[1280] ntdll.dll!LdrUnloadDll                                                          77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\windows\system32\atieclxx.exe[1280] ntdll.dll!LdrLoadDll                                                            77D3223E 5 Bytes  JMP 001601F8 
.text           C:\windows\system32\atieclxx.exe[1280] kernel32.dll!GetBinaryTypeW + 70                                                76AE69F4 1 Byte  [62]
.text           C:\windows\system32\atieclxx.exe[1280] USER32.dll!UnhookWindowsHookEx                                                  7651ADF9 5 Bytes  JMP 001F0A08 
.text           C:\windows\system32\atieclxx.exe[1280] USER32.dll!UnhookWinEvent                                                       7651B750 5 Bytes  JMP 001F03FC 
.text           C:\windows\system32\atieclxx.exe[1280] USER32.dll!SetWindowsHookExW                                                    7651E30C 5 Bytes  JMP 001F0804 
.text           C:\windows\system32\atieclxx.exe[1280] USER32.dll!SetWinEventHook                                                      765224DC 5 Bytes  JMP 001F01F8 
.text           C:\windows\system32\atieclxx.exe[1280] USER32.dll!SetWindowsHookExA                                                    76546D0C 5 Bytes  JMP 001F0600 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] ntdll.dll!LdrUnloadDll                77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] ntdll.dll!LdrLoadDll                  77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] kernel32.dll!GetBinaryTypeW + 70      76AE69F4 1 Byte  [62]
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] USER32.dll!UnhookWindowsHookEx        7651ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] USER32.dll!UnhookWinEvent             7651B750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] USER32.dll!SetWindowsHookExW          7651E30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] USER32.dll!SetWinEventHook            765224DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] USER32.dll!SetWindowsHookExA          76546D0C 5 Bytes  JMP 001F0600 
.text           C:\windows\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll                                                           77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll                                                             77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 70                                                 76AE69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[1396] USER32.dll!UnhookWindowsHookEx                                                   7651ADF9 5 Bytes  JMP 02750A08 
.text           C:\windows\system32\svchost.exe[1396] USER32.dll!UnhookWinEvent                                                        7651B750 5 Bytes  JMP 027503FC 
.text           C:\windows\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExW                                                     7651E30C 5 Bytes  JMP 02750804 
.text           C:\windows\system32\svchost.exe[1396] USER32.dll!SetWinEventHook                                                       765224DC 5 Bytes  JMP 027501F8 
.text           C:\windows\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExA                                                     76546D0C 5 Bytes  JMP 02750600 
.text           C:\windows\system32\igfxsrvc.exe[1412] ntdll.dll!LdrUnloadDll                                                          77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\windows\system32\igfxsrvc.exe[1412] ntdll.dll!LdrLoadDll                                                            77D3223E 5 Bytes  JMP 001601F8 
.text           C:\windows\system32\igfxsrvc.exe[1412] kernel32.dll!GetBinaryTypeW + 70                                                76AE69F4 1 Byte  [62]
.text           C:\windows\system32\igfxsrvc.exe[1412] USER32.dll!UnhookWindowsHookEx                                                  7651ADF9 5 Bytes  JMP 001F0A08 
.text           C:\windows\system32\igfxsrvc.exe[1412] USER32.dll!UnhookWinEvent                                                       7651B750 5 Bytes  JMP 001F03FC 
.text           C:\windows\system32\igfxsrvc.exe[1412] USER32.dll!SetWindowsHookExW                                                    7651E30C 5 Bytes  JMP 001F0804 
.text           C:\windows\system32\igfxsrvc.exe[1412] USER32.dll!SetWinEventHook                                                      765224DC 5 Bytes  JMP 001F01F8 
.text           C:\windows\system32\igfxsrvc.exe[1412] USER32.dll!SetWindowsHookExA                                                    76546D0C 5 Bytes  JMP 001F0600 
.text           C:\windows\system32\svchost.exe[1532] ntdll.dll!LdrUnloadDll                                                           77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[1532] ntdll.dll!LdrLoadDll                                                             77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[1532] kernel32.dll!GetBinaryTypeW + 70                                                 76AE69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[1532] USER32.dll!UnhookWindowsHookEx                                                   7651ADF9 5 Bytes  JMP 00130A08 
.text           C:\windows\system32\svchost.exe[1532] USER32.dll!UnhookWinEvent                                                        7651B750 5 Bytes  JMP 001303FC 
.text           C:\windows\system32\svchost.exe[1532] USER32.dll!SetWindowsHookExW                                                     7651E30C 5 Bytes  JMP 00130804 
.text           C:\windows\system32\svchost.exe[1532] USER32.dll!SetWinEventHook                                                       765224DC 5 Bytes  JMP 001301F8 
.text           C:\windows\system32\svchost.exe[1532] USER32.dll!SetWindowsHookExA                                                     76546D0C 5 Bytes  JMP 00130600 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1560] ntdll.dll!LdrUnloadDll                                        77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1560] ntdll.dll!LdrLoadDll                                          77D3223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1560] kernel32.dll!GetBinaryTypeW + 70                              76AE69F4 1 Byte  [62]
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1560] USER32.dll!UnhookWindowsHookEx                                7651ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1560] USER32.dll!UnhookWinEvent                                     7651B750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1560] USER32.dll!SetWindowsHookExW                                  7651E30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1560] USER32.dll!SetWinEventHook                                    765224DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1560] USER32.dll!SetWindowsHookExA                                  76546D0C 5 Bytes  JMP 001F0600 
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1584] kernel32.dll!SetUnhandledExceptionFilter                      76ACF4FB 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1584] kernel32.dll!GetBinaryTypeW + 70                              76AE69F4 1 Byte  [62]
.text           C:\windows\system32\wbem\unsecapp.exe[1636] ntdll.dll!LdrUnloadDll                                                     77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\wbem\unsecapp.exe[1636] ntdll.dll!LdrLoadDll                                                       77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\wbem\unsecapp.exe[1636] kernel32.dll!GetBinaryTypeW + 70                                           76AE69F4 1 Byte  [62]
.text           C:\windows\system32\wbem\unsecapp.exe[1636] USER32.dll!UnhookWindowsHookEx                                             7651ADF9 5 Bytes  JMP 000F0A08 
.text           C:\windows\system32\wbem\unsecapp.exe[1636] USER32.dll!UnhookWinEvent                                                  7651B750 5 Bytes  JMP 000F03FC 
.text           C:\windows\system32\wbem\unsecapp.exe[1636] USER32.dll!SetWindowsHookExW                                               7651E30C 5 Bytes  JMP 000F0804 
.text           C:\windows\system32\wbem\unsecapp.exe[1636] USER32.dll!SetWinEventHook                                                 765224DC 5 Bytes  JMP 000F01F8 
.text           C:\windows\system32\wbem\unsecapp.exe[1636] USER32.dll!SetWindowsHookExA                                               76546D0C 5 Bytes  JMP 000F0600 
.text           C:\Program Files\Samsung\Kies\KiesHelper.exe[1756] KERNEL32.dll!GetBinaryTypeW + 70                                    76AE69F4 1 Byte  [62]
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1796] ntdll.dll!LdrUnloadDll                  77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1796] ntdll.dll!LdrLoadDll                    77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1796] kernel32.dll!GetBinaryTypeW + 70        76AE69F4 1 Byte  [62]
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1796] USER32.dll!UnhookWindowsHookEx          7651ADF9 5 Bytes  JMP 001A0A08 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1796] USER32.dll!UnhookWinEvent               7651B750 5 Bytes  JMP 001A03FC 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1796] USER32.dll!SetWindowsHookExW            7651E30C 5 Bytes  JMP 001A0804 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1796] USER32.dll!SetWinEventHook              765224DC 5 Bytes  JMP 001A01F8 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1796] USER32.dll!SetWindowsHookExA            76546D0C 5 Bytes  JMP 001A0600 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1832] ntdll.dll!LdrUnloadDll                                      77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1832] ntdll.dll!LdrLoadDll                                        77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1832] kernel32.dll!GetBinaryTypeW + 70                            76AE69F4 1 Byte  [62]
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1832] USER32.dll!UnhookWindowsHookEx                              7651ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1832] USER32.dll!UnhookWinEvent                                   7651B750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1832] USER32.dll!SetWindowsHookExW                                7651E30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1832] USER32.dll!SetWinEventHook                                  765224DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1832] USER32.dll!SetWindowsHookExA                                76546D0C 5 Bytes  JMP 001F0600 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] ntdll.dll!LdrUnloadDll                                77D2C86E 5 Bytes  JMP 001703FC 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] ntdll.dll!LdrLoadDll                                  77D3223E 5 Bytes  JMP 001701F8 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] kernel32.dll!GetBinaryTypeW + 70                      76AE69F4 1 Byte  [62]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] USER32.dll!UnhookWindowsHookEx                        7651ADF9 5 Bytes  JMP 00210A08 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] USER32.dll!UnhookWinEvent                             7651B750 5 Bytes  JMP 002103FC 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] USER32.dll!SetWindowsHookExW                          7651E30C 5 Bytes  JMP 00210804 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] USER32.dll!SetWinEventHook                            765224DC 5 Bytes  JMP 002101F8 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] USER32.dll!SetWindowsHookExA                          76546D0C 5 Bytes  JMP 00210600 
.text           C:\windows\system32\svchost.exe[1880] ntdll.dll!LdrUnloadDll                                                           77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[1880] ntdll.dll!LdrLoadDll                                                             77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[1880] kernel32.dll!GetBinaryTypeW + 70                                                 76AE69F4 1 Byte  [62]
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1936] ntdll.dll!LdrUnloadDll                          77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1936] ntdll.dll!LdrLoadDll                            77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1936] kernel32.dll!GetBinaryTypeW + 70                76AE69F4 1 Byte  [62]
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1936] USER32.dll!UnhookWindowsHookEx                  7651ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1936] USER32.dll!UnhookWinEvent                       7651B750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1936] USER32.dll!SetWindowsHookExW                    7651E30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1936] USER32.dll!SetWinEventHook                      765224DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1936] USER32.dll!SetWindowsHookExA                    76546D0C 5 Bytes  JMP 001F0600 
.text           C:\windows\System32\spoolsv.exe[2024] ntdll.dll!LdrUnloadDll                                                           77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\System32\spoolsv.exe[2024] ntdll.dll!LdrLoadDll                                                             77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\System32\spoolsv.exe[2024] kernel32.dll!GetBinaryTypeW + 70                                                 76AE69F4 1 Byte  [62]
.text           C:\windows\System32\spoolsv.exe[2024] USER32.dll!UnhookWindowsHookEx                                                   7651ADF9 5 Bytes  JMP 000E0A08 
.text           C:\windows\System32\spoolsv.exe[2024] USER32.dll!UnhookWinEvent                                                        7651B750 5 Bytes  JMP 000E03FC 
.text           C:\windows\System32\spoolsv.exe[2024] USER32.dll!SetWindowsHookExW                                                     7651E30C 5 Bytes  JMP 000E0804 
.text           C:\windows\System32\spoolsv.exe[2024] USER32.dll!SetWinEventHook                                                       765224DC 5 Bytes  JMP 000E01F8 
.text           C:\windows\System32\spoolsv.exe[2024] USER32.dll!SetWindowsHookExA                                                     76546D0C 5 Bytes  JMP 000E0600 
.text           C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2144] ntdll.dll!DbgUiRemoteBreakin                  77D6F17D 1 Byte  [C3]
.text           C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2144] KERNEL32.dll!GetBinaryTypeW + 70              76AE69F4 1 Byte  [62]
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2200] ntdll.dll!LdrUnloadDll                 77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2200] ntdll.dll!LdrLoadDll                   77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2200] kernel32.dll!GetBinaryTypeW + 70       76AE69F4 1 Byte  [62]
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2200] USER32.dll!UnhookWindowsHookEx         7651ADF9 5 Bytes  JMP 00180A08 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2200] USER32.dll!UnhookWinEvent              7651B750 5 Bytes  JMP 001803FC 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2200] USER32.dll!SetWindowsHookExW           7651E30C 5 Bytes  JMP 00180804 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2200] USER32.dll!SetWinEventHook             765224DC 5 Bytes  JMP 001801F8 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2200] USER32.dll!SetWindowsHookExA           76546D0C 5 Bytes  JMP 00180600 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] ntdll.dll!LdrUnloadDll                                     77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] ntdll.dll!LdrLoadDll                                       77D3223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] kernel32.dll!GetBinaryTypeW + 70                           76AE69F4 1 Byte  [62]
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] USER32.dll!SetWindowLongA                                  76518BA3 5 Bytes  JMP 59D9B866 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] USER32.dll!UnhookWindowsHookEx                             7651ADF9 5 Bytes  JMP 00100A08 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] USER32.dll!UnhookWinEvent                                  7651B750 5 Bytes  JMP 001003FC 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] USER32.dll!SetWindowsHookExW                               7651E30C 5 Bytes  JMP 00100804 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] USER32.dll!SetWinEventHook                                 765224DC 5 Bytes  JMP 001001F8 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] USER32.dll!SetWindowLongW                                  76524449 5 Bytes  JMP 59D9B7F8 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] USER32.dll!GetWindowInfo                                   76524B5E 5 Bytes  JMP 59B4D96E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] USER32.dll!TrackPopupMenu                                  76532228 5 Bytes  JMP 59B4DF19 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2388] USER32.dll!SetWindowsHookExA                               76546D0C 5 Bytes  JMP 00100600 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2616] ntdll.dll!LdrUnloadDll                                       77D2C86E 5 Bytes  JMP 000503FC 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2616] ntdll.dll!LdrLoadDll                                         77D3223E 5 Bytes  JMP 000501F8 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2616] kernel32.dll!GetBinaryTypeW + 70                             76AE69F4 1 Byte  [62]
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2616] USER32.dll!UnhookWindowsHookEx                               7651ADF9 5 Bytes  JMP 000F0A08 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2616] USER32.dll!UnhookWinEvent                                    7651B750 5 Bytes  JMP 000F03FC 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2616] USER32.dll!SetWindowsHookExW                                 7651E30C 5 Bytes  JMP 000F0804 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2616] USER32.dll!SetWinEventHook                                   765224DC 5 Bytes  JMP 000F01F8 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2616] USER32.dll!SetWindowsHookExA                                 76546D0C 5 Bytes  JMP 000F0600 
.text           C:\windows\system32\conhost.exe[2624] ntdll.dll!LdrUnloadDll                                                           77D2C86E 5 Bytes  JMP 000303FC 
.text           C:\windows\system32\conhost.exe[2624] ntdll.dll!LdrLoadDll                                                             77D3223E 5 Bytes  JMP 000301F8 
.text           C:\windows\system32\conhost.exe[2624] kernel32.dll!GetBinaryTypeW + 70                                                 76AE69F4 1 Byte  [62]
.text           C:\windows\system32\conhost.exe[2624] USER32.dll!UnhookWindowsHookEx                                                   7651ADF9 5 Bytes  JMP 00050A08 
.text           C:\windows\system32\conhost.exe[2624] USER32.dll!UnhookWinEvent                                                        7651B750 5 Bytes  JMP 000503FC 
.text           C:\windows\system32\conhost.exe[2624] USER32.dll!SetWindowsHookExW                                                     7651E30C 5 Bytes  JMP 00050804 
.text           C:\windows\system32\conhost.exe[2624] USER32.dll!SetWinEventHook                                                       765224DC 5 Bytes  JMP 000501F8 
.text           C:\windows\system32\conhost.exe[2624] USER32.dll!SetWindowsHookExA                                                     76546D0C 5 Bytes  JMP 00050600 
.text           C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2648] ntdll.dll!LdrUnloadDll                                       77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2648] ntdll.dll!LdrLoadDll                                         77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2648] kernel32.dll!GetBinaryTypeW + 70                             76AE69F4 1 Byte  [62]
.text           C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2648] USER32.dll!UnhookWindowsHookEx                               7651ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2648] USER32.dll!UnhookWinEvent                                    7651B750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2648] USER32.dll!SetWindowsHookExW                                 7651E30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2648] USER32.dll!SetWinEventHook                                   765224DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2648] USER32.dll!SetWindowsHookExA                                 76546D0C 5 Bytes  JMP 001F0600 
.text           C:\windows\system32\Dwm.exe[2784] ntdll.dll!LdrUnloadDll                                                               77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\Dwm.exe[2784] ntdll.dll!LdrLoadDll                                                                 77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\Dwm.exe[2784] kernel32.dll!GetBinaryTypeW + 70                                                     76AE69F4 1 Byte  [62]
.text           C:\windows\system32\Dwm.exe[2784] USER32.dll!UnhookWindowsHookEx                                                       7651ADF9 5 Bytes  JMP 000F0A08 
.text           C:\windows\system32\Dwm.exe[2784] USER32.dll!UnhookWinEvent                                                            7651B750 5 Bytes  JMP 000F03FC 
.text           C:\windows\system32\Dwm.exe[2784] USER32.dll!SetWindowsHookExW                                                         7651E30C 5 Bytes  JMP 000F0804 
.text           C:\windows\system32\Dwm.exe[2784] USER32.dll!SetWinEventHook                                                           765224DC 5 Bytes  JMP 000F01F8 
.text           C:\windows\system32\Dwm.exe[2784] USER32.dll!SetWindowsHookExA                                                         76546D0C 5 Bytes  JMP 000F0600 
.text           C:\windows\system32\taskhost.exe[2792] ntdll.dll!LdrUnloadDll                                                          77D2C86E 5 Bytes  JMP 000503FC 
.text           C:\windows\system32\taskhost.exe[2792] ntdll.dll!LdrLoadDll                                                            77D3223E 5 Bytes  JMP 000501F8 
.text           C:\windows\system32\taskhost.exe[2792] kernel32.dll!GetBinaryTypeW + 70                                                76AE69F4 1 Byte  [62]
.text           C:\windows\system32\taskhost.exe[2792] USER32.dll!UnhookWindowsHookEx                                                  7651ADF9 5 Bytes  JMP 000E0A08 
.text           C:\windows\system32\taskhost.exe[2792] USER32.dll!UnhookWinEvent                                                       7651B750 5 Bytes  JMP 000E03FC 
.text           C:\windows\system32\taskhost.exe[2792] USER32.dll!SetWindowsHookExW                                                    7651E30C 5 Bytes  JMP 000E0804 
.text           C:\windows\system32\taskhost.exe[2792] USER32.dll!SetWinEventHook                                                      765224DC 5 Bytes  JMP 000E01F8 
.text           C:\windows\system32\taskhost.exe[2792] USER32.dll!SetWindowsHookExA                                                    76546D0C 5 Bytes  JMP 000E0600 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2816] KERNEL32.dll!GetBinaryTypeW + 70                   76AE69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[3124] ntdll.dll!LdrUnloadDll                                                           77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[3124] ntdll.dll!LdrLoadDll                                                             77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[3124] kernel32.dll!GetBinaryTypeW + 70                                                 76AE69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[3124] USER32.dll!UnhookWindowsHookEx                                                   7651ADF9 5 Bytes  JMP 008E0A08 
.text           C:\windows\system32\svchost.exe[3124] USER32.dll!UnhookWinEvent                                                        7651B750 5 Bytes  JMP 008E03FC 
.text           C:\windows\system32\svchost.exe[3124] USER32.dll!SetWindowsHookExW                                                     7651E30C 5 Bytes  JMP 008E0804 
.text           C:\windows\system32\svchost.exe[3124] USER32.dll!SetWinEventHook                                                       765224DC 5 Bytes  JMP 008E01F8 
.text           C:\windows\system32\svchost.exe[3124] USER32.dll!SetWindowsHookExA                                                     76546D0C 5 Bytes  JMP 008E0600 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!LdrUnloadDll                               77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!LdrLoadDll                                 77D3223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] kernel32.dll!GetBinaryTypeW + 70                     76AE69F4 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!UnhookWindowsHookEx                       7651ADF9 5 Bytes  JMP 00BB0A08 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!UnhookWinEvent                            7651B750 5 Bytes  JMP 00BB03FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!SetWindowsHookExW                         7651E30C 5 Bytes  JMP 00BB0804 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!SetWinEventHook                           765224DC 5 Bytes  JMP 00BB01F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!SetWindowsHookExA                         76546D0C 5 Bytes  JMP 00BB0600 
.text           C:\windows\system32\svchost.exe[3260] ntdll.dll!LdrUnloadDll                                                           77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[3260] ntdll.dll!LdrLoadDll                                                             77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[3260] kernel32.dll!GetBinaryTypeW + 70                                                 76AE69F4 1 Byte  [62]
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3296] ntdll.dll!LdrUnloadDll                                          77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3296] ntdll.dll!LdrLoadDll                                            77D3223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3296] kernel32.dll!GetBinaryTypeW + 70                                76AE69F4 1 Byte  [62]
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3296] USER32.dll!UnhookWindowsHookEx                                  7651ADF9 5 Bytes  JMP 00080A08 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3296] USER32.dll!UnhookWinEvent                                       7651B750 5 Bytes  JMP 000803FC 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3296] USER32.dll!SetWindowsHookExW                                    7651E30C 5 Bytes  JMP 00080804 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3296] USER32.dll!SetWinEventHook                                      765224DC 5 Bytes  JMP 000801F8 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3296] USER32.dll!SetWindowsHookExA                                    76546D0C 5 Bytes  JMP 00080600 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3320] ntdll.dll!LdrUnloadDll                  77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3320] ntdll.dll!LdrLoadDll                    77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3320] kernel32.dll!GetBinaryTypeW + 70        76AE69F4 1 Byte  [62]
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3320] USER32.dll!UnhookWindowsHookEx          7651ADF9 5 Bytes  JMP 00240A08 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3320] USER32.dll!UnhookWinEvent               7651B750 5 Bytes  JMP 002403FC 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3320] USER32.dll!SetWindowsHookExW            7651E30C 5 Bytes  JMP 00240804 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3320] USER32.dll!SetWinEventHook              765224DC 5 Bytes  JMP 002401F8 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3320] USER32.dll!SetWindowsHookExA            76546D0C 5 Bytes  JMP 00240600 
.text           C:\windows\system32\SearchIndexer.exe[3432] ntdll.dll!LdrUnloadDll                                                     77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\SearchIndexer.exe[3432] ntdll.dll!LdrLoadDll                                                       77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\SearchIndexer.exe[3432] kernel32.dll!GetBinaryTypeW + 70                                           76AE69F4 1 Byte  [62]
.text           C:\windows\system32\SearchIndexer.exe[3432] USER32.dll!UnhookWindowsHookEx                                             7651ADF9 5 Bytes  JMP 00090A08 
.text           C:\windows\system32\SearchIndexer.exe[3432] USER32.dll!UnhookWinEvent                                                  7651B750 5 Bytes  JMP 000903FC 
.text           C:\windows\system32\SearchIndexer.exe[3432] USER32.dll!SetWindowsHookExW                                               7651E30C 5 Bytes  JMP 00090804 
.text           C:\windows\system32\SearchIndexer.exe[3432] USER32.dll!SetWinEventHook                                                 765224DC 5 Bytes  JMP 000901F8 
.text           C:\windows\system32\SearchIndexer.exe[3432] USER32.dll!SetWindowsHookExA                                               76546D0C 5 Bytes  JMP 00090600 
.text           C:\windows\Explorer.EXE[3532] ntdll.dll!LdrUnloadDll                                                                   77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\Explorer.EXE[3532] ntdll.dll!LdrLoadDll                                                                     77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\Explorer.EXE[3532] kernel32.dll!GetBinaryTypeW + 70                                                         76AE69F4 1 Byte  [62]
.text           C:\windows\Explorer.EXE[3532] USER32.dll!UnhookWindowsHookEx                                                           7651ADF9 5 Bytes  JMP 00110A08 
.text           C:\windows\Explorer.EXE[3532] USER32.dll!UnhookWinEvent                                                                7651B750 5 Bytes  JMP 001103FC 
.text           C:\windows\Explorer.EXE[3532] USER32.dll!SetWindowsHookExW                                                             7651E30C 5 Bytes  JMP 00110804 
.text           C:\windows\Explorer.EXE[3532] USER32.dll!SetWinEventHook                                                               765224DC 5 Bytes  JMP 001101F8 
.text           C:\windows\Explorer.EXE[3532] USER32.dll!SetWindowsHookExA                                                             76546D0C 5 Bytes  JMP 00110600 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3680] ntdll.dll!LdrUnloadDll                                      77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3680] ntdll.dll!LdrLoadDll                                        77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3680] kernel32.dll!GetBinaryTypeW + 70                            76AE69F4 1 Byte  [62]
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3680] USER32.dll!UnhookWindowsHookEx                              7651ADF9 5 Bytes  JMP 00180A08 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3680] USER32.dll!UnhookWinEvent                                   7651B750 5 Bytes  JMP 001803FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3680] USER32.dll!SetWindowsHookExW                                7651E30C 5 Bytes  JMP 00180804 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3680] USER32.dll!SetWinEventHook                                  765224DC 5 Bytes  JMP 001801F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3680] USER32.dll!SetWindowsHookExA                                76546D0C 5 Bytes  JMP 00180600 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3740] KERNEL32.dll!GetBinaryTypeW + 70                   76AE69F4 1 Byte  [62]
.text           C:\windows\system32\AUDIODG.EXE[3768] kernel32.dll!GetBinaryTypeW + 70                                                 76AE69F4 1 Byte  [62]
.text           C:\Windows\WindowsMobile\wmdc.exe[3792] ntdll.dll!LdrUnloadDll                                                         77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\WindowsMobile\wmdc.exe[3792] ntdll.dll!LdrLoadDll                                                           77D3223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\WindowsMobile\wmdc.exe[3792] kernel32.dll!GetBinaryTypeW + 70                                               76AE69F4 1 Byte  [62]
.text           C:\Windows\WindowsMobile\wmdc.exe[3792] USER32.dll!UnhookWindowsHookEx                                                 7651ADF9 5 Bytes  JMP 00190A08 
.text           C:\Windows\WindowsMobile\wmdc.exe[3792] USER32.dll!UnhookWinEvent                                                      7651B750 5 Bytes  JMP 001903FC 
.text           C:\Windows\WindowsMobile\wmdc.exe[3792] USER32.dll!SetWindowsHookExW                                                   7651E30C 5 Bytes  JMP 00190804 
.text           C:\Windows\WindowsMobile\wmdc.exe[3792] USER32.dll!SetWinEventHook                                                     765224DC 5 Bytes  JMP 001901F8 
.text           C:\Windows\WindowsMobile\wmdc.exe[3792] USER32.dll!SetWindowsHookExA                                                   76546D0C 5 Bytes  JMP 00190600 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3800] ntdll.dll!LdrUnloadDll                                           77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3800] ntdll.dll!LdrLoadDll                                             77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3800] kernel32.dll!GetBinaryTypeW + 70                                 76AE69F4 1 Byte  [62]
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3800] USER32.dll!UnhookWindowsHookEx                                   7651ADF9 5 Bytes  JMP 00300A08 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3800] USER32.dll!UnhookWinEvent                                        7651B750 5 Bytes  JMP 003003FC 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3800] USER32.dll!SetWindowsHookExW                                     7651E30C 5 Bytes  JMP 00300804 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3800] USER32.dll!SetWinEventHook                                       765224DC 5 Bytes  JMP 003001F8 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3800] USER32.dll!SetWindowsHookExA                                     76546D0C 5 Bytes  JMP 00300600 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] ntdll.dll!LdrUnloadDll                          77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] ntdll.dll!LdrLoadDll                            77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] kernel32.dll!GetBinaryTypeW + 70                76AE69F4 1 Byte  [62]
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] USER32.dll!UnhookWindowsHookEx                  7651ADF9 5 Bytes  JMP 002F0A08 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] USER32.dll!UnhookWinEvent                       7651B750 5 Bytes  JMP 002F03FC 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] USER32.dll!SetWindowsHookExW                    7651E30C 5 Bytes  JMP 002F0804 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] USER32.dll!SetWinEventHook                      765224DC 5 Bytes  JMP 002F01F8 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] USER32.dll!SetWindowsHookExA                    76546D0C 5 Bytes  JMP 002F0600 
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3912] ntdll.dll!LdrUnloadDll                                           77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3912] ntdll.dll!LdrLoadDll                                             77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3912] kernel32.dll!GetBinaryTypeW + 70                                 76AE69F4 1 Byte  [62]
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3912] USER32.dll!UnhookWindowsHookEx                                   7651ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3912] USER32.dll!UnhookWinEvent                                        7651B750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3912] USER32.dll!SetWindowsHookExW                                     7651E30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3912] USER32.dll!SetWinEventHook                                       765224DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3912] USER32.dll!SetWindowsHookExA                                     76546D0C 5 Bytes  JMP 001F0600 
.text           C:\Windows\System32\igfxpers.exe[3960] ntdll.dll!LdrUnloadDll                                                          77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Windows\System32\igfxpers.exe[3960] ntdll.dll!LdrLoadDll                                                            77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Windows\System32\igfxpers.exe[3960] kernel32.dll!GetBinaryTypeW + 70                                                76AE69F4 1 Byte  [62]
.text           C:\Windows\System32\igfxpers.exe[3960] USER32.dll!UnhookWindowsHookEx                                                  7651ADF9 5 Bytes  JMP 00310A08 
.text           C:\Windows\System32\igfxpers.exe[3960] USER32.dll!UnhookWinEvent                                                       7651B750 5 Bytes  JMP 003103FC 
.text           C:\Windows\System32\igfxpers.exe[3960] USER32.dll!SetWindowsHookExW                                                    7651E30C 5 Bytes  JMP 00310804 
.text           C:\Windows\System32\igfxpers.exe[3960] USER32.dll!SetWinEventHook                                                      765224DC 5 Bytes  JMP 003101F8 
.text           C:\Windows\System32\igfxpers.exe[3960] USER32.dll!SetWindowsHookExA                                                    76546D0C 5 Bytes  JMP 00310600 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4000] ntdll.dll!LdrUnloadDll                                      77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4000] ntdll.dll!LdrLoadDll                                        77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4000] kernel32.dll!GetBinaryTypeW + 70                            76AE69F4 1 Byte  [62]
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4000] USER32.dll!UnhookWindowsHookEx                              7651ADF9 5 Bytes  JMP 00190A08 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4000] USER32.dll!UnhookWinEvent                                   7651B750 5 Bytes  JMP 001903FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4000] USER32.dll!SetWindowsHookExW                                7651E30C 5 Bytes  JMP 00190804 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4000] USER32.dll!SetWinEventHook                                  765224DC 5 Bytes  JMP 001901F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4000] USER32.dll!SetWindowsHookExA                                76546D0C 5 Bytes  JMP 00190600 
.text           C:\windows\system32\wbem\wmiprvse.exe[4036] ntdll.dll!LdrUnloadDll                                                     77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\wbem\wmiprvse.exe[4036] ntdll.dll!LdrLoadDll                                                       77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\wbem\wmiprvse.exe[4036] kernel32.dll!GetBinaryTypeW + 70                                           76AE69F4 1 Byte  [62]
.text           C:\windows\system32\wbem\wmiprvse.exe[4036] USER32.dll!UnhookWindowsHookEx                                             7651ADF9 5 Bytes  JMP 000A0A08 
.text           C:\windows\system32\wbem\wmiprvse.exe[4036] USER32.dll!UnhookWinEvent                                                  7651B750 5 Bytes  JMP 000A03FC 
.text           C:\windows\system32\wbem\wmiprvse.exe[4036] USER32.dll!SetWindowsHookExW                                               7651E30C 5 Bytes  JMP 000A0804 
.text           C:\windows\system32\wbem\wmiprvse.exe[4036] USER32.dll!SetWinEventHook                                                 765224DC 5 Bytes  JMP 000A01F8 
.text           C:\windows\system32\wbem\wmiprvse.exe[4036] USER32.dll!SetWindowsHookExA                                               76546D0C 5 Bytes  JMP 000A0600 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] ntdll.dll!LdrUnloadDll                                   77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] ntdll.dll!LdrLoadDll                                     77D3223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] kernel32.dll!GetBinaryTypeW + 70                         76AE69F4 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] USER32.dll!UnhookWindowsHookEx                           7651ADF9 5 Bytes  JMP 00120A08 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] USER32.dll!UnhookWinEvent                                7651B750 5 Bytes  JMP 001203FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] USER32.dll!SetWindowsHookExW                             7651E30C 5 Bytes  JMP 00120804 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] USER32.dll!SetWinEventHook                               765224DC 5 Bytes  JMP 001201F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] USER32.dll!SetWindowsHookExA                             76546D0C 5 Bytes  JMP 00120600 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[4080] ntdll.dll!LdrUnloadDll                                     77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[4080] ntdll.dll!LdrLoadDll                                       77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[4080] kernel32.dll!GetBinaryTypeW + 70                           76AE69F4 1 Byte  [62]
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[4080] USER32.dll!UnhookWindowsHookEx                             7651ADF9 5 Bytes  JMP 00200A08 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[4080] USER32.dll!UnhookWinEvent                                  7651B750 5 Bytes  JMP 002003FC 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[4080] USER32.dll!SetWindowsHookExW                               7651E30C 5 Bytes  JMP 00200804 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[4080] USER32.dll!SetWinEventHook                                 765224DC 5 Bytes  JMP 002001F8 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[4080] USER32.dll!SetWindowsHookExA                               76546D0C 5 Bytes  JMP 00200600 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4092] ntdll.dll!LdrUnloadDll                    77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4092] ntdll.dll!LdrLoadDll                      77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4092] kernel32.dll!GetBinaryTypeW + 70          76AE69F4 1 Byte  [62]
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4092] USER32.dll!UnhookWindowsHookEx            7651ADF9 5 Bytes  JMP 004D0A08 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4092] USER32.dll!UnhookWinEvent                 7651B750 5 Bytes  JMP 004D03FC 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4092] USER32.dll!SetWindowsHookExW              7651E30C 5 Bytes  JMP 004D0804 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4092] USER32.dll!SetWinEventHook                765224DC 5 Bytes  JMP 004D01F8 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4092] USER32.dll!SetWindowsHookExA              76546D0C 5 Bytes  JMP 004D0600 
.text           C:\Program Files\msi\Live Update 5\LU5.exe[4224] ntdll.dll!LdrUnloadDll                                                77D2C86E 5 Bytes  JMP 001703FC 
.text           C:\Program Files\msi\Live Update 5\LU5.exe[4224] ntdll.dll!LdrLoadDll                                                  77D3223E 5 Bytes  JMP 001701F8 
.text           C:\Program Files\msi\Live Update 5\LU5.exe[4224] kernel32.dll!GetBinaryTypeW + 70                                      76AE69F4 1 Byte  [62]
.text           C:\Program Files\msi\Live Update 5\LU5.exe[4224] USER32.dll!UnhookWindowsHookEx                                        7651ADF9 5 Bytes  JMP 00200A08 
.text           C:\Program Files\msi\Live Update 5\LU5.exe[4224] USER32.dll!UnhookWinEvent                                             7651B750 5 Bytes  JMP 002003FC 
.text           C:\Program Files\msi\Live Update 5\LU5.exe[4224] USER32.dll!SetWindowsHookExW                                          7651E30C 5 Bytes  JMP 00200804 
.text           C:\Program Files\msi\Live Update 5\LU5.exe[4224] USER32.dll!SetWinEventHook                                            765224DC 5 Bytes  JMP 002001F8 
.text           C:\Program Files\msi\Live Update 5\LU5.exe[4224] USER32.dll!SetWindowsHookExA                                          76546D0C 5 Bytes  JMP 00200600 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4336] ntdll.dll!LdrUnloadDll                77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4336] ntdll.dll!LdrLoadDll                  77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4336] kernel32.dll!GetBinaryTypeW + 70      76AE69F4 1 Byte  [62]
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4336] USER32.dll!UnhookWindowsHookEx        7651ADF9 5 Bytes  JMP 00200A08 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4336] USER32.dll!UnhookWinEvent             7651B750 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4336] USER32.dll!SetWindowsHookExW          7651E30C 5 Bytes  JMP 00200804 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4336] USER32.dll!SetWinEventHook            765224DC 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4336] USER32.dll!SetWindowsHookExA          76546D0C 5 Bytes  JMP 00200600 
.text           C:\windows\servicing\TrustedInstaller.exe[4468] ntdll.dll!LdrUnloadDll                                                 77D2C86E 5 Bytes  JMP 000503FC 
.text           C:\windows\servicing\TrustedInstaller.exe[4468] ntdll.dll!LdrLoadDll                                                   77D3223E 5 Bytes  JMP 000501F8 
.text           C:\windows\servicing\TrustedInstaller.exe[4468] kernel32.dll!GetBinaryTypeW + 70                                       76AE69F4 1 Byte  [62]
.text           C:\windows\servicing\TrustedInstaller.exe[4468] USER32.dll!UnhookWindowsHookEx                                         7651ADF9 5 Bytes  JMP 000F0A08 
.text           C:\windows\servicing\TrustedInstaller.exe[4468] USER32.dll!UnhookWinEvent                                              7651B750 5 Bytes  JMP 000F03FC 
.text           C:\windows\servicing\TrustedInstaller.exe[4468] USER32.dll!SetWindowsHookExW                                           7651E30C 5 Bytes  JMP 000F0804 
.text           C:\windows\servicing\TrustedInstaller.exe[4468] USER32.dll!SetWinEventHook                                             765224DC 5 Bytes  JMP 000F01F8 
.text           C:\windows\servicing\TrustedInstaller.exe[4468] USER32.dll!SetWindowsHookExA                                           76546D0C 5 Bytes  JMP 000F0600 
.text           C:\windows\explorer.exe[4524] ntdll.dll!LdrUnloadDll                                                                   77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\explorer.exe[4524] ntdll.dll!LdrLoadDll                                                                     77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\explorer.exe[4524] kernel32.dll!GetBinaryTypeW + 70                                                         76AE69F4 1 Byte  [62]
.text           C:\windows\explorer.exe[4524] USER32.dll!UnhookWindowsHookEx                                                           7651ADF9 5 Bytes  JMP 00250A08 
.text           C:\windows\explorer.exe[4524] USER32.dll!UnhookWinEvent                                                                7651B750 5 Bytes  JMP 002503FC 
.text           C:\windows\explorer.exe[4524] USER32.dll!SetWindowsHookExW                                                             7651E30C 5 Bytes  JMP 00250804 
.text           C:\windows\explorer.exe[4524] USER32.dll!SetWinEventHook                                                               765224DC 5 Bytes  JMP 002501F8 
.text           C:\windows\explorer.exe[4524] USER32.dll!SetWindowsHookExA                                                             76546D0C 5 Bytes  JMP 00250600 
.text           C:\Users\Ari\Downloads\03hl90c8.exe[4744] ntdll.dll!LdrUnloadDll                                                       77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Users\Ari\Downloads\03hl90c8.exe[4744] ntdll.dll!LdrLoadDll                                                         77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Users\Ari\Downloads\03hl90c8.exe[4744] kernel32.dll!GetBinaryTypeW + 70                                             76AE69F4 1 Byte  [62]
.text           C:\Users\Ari\Downloads\03hl90c8.exe[4744] USER32.dll!UnhookWindowsHookEx                                               7651ADF9 5 Bytes  JMP 00310A08 
.text           C:\Users\Ari\Downloads\03hl90c8.exe[4744] USER32.dll!UnhookWinEvent                                                    7651B750 5 Bytes  JMP 003103FC 
.text           C:\Users\Ari\Downloads\03hl90c8.exe[4744] USER32.dll!SetWindowsHookExW                                                 7651E30C 5 Bytes  JMP 00310804 
.text           C:\Users\Ari\Downloads\03hl90c8.exe[4744] USER32.dll!SetWinEventHook                                                   765224DC 5 Bytes  JMP 003101F8 
.text           C:\Users\Ari\Downloads\03hl90c8.exe[4744] USER32.dll!SetWindowsHookExA                                                 76546D0C 5 Bytes  JMP 00310600 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4784] ntdll.dll!LdrUnloadDll                                      77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4784] ntdll.dll!LdrLoadDll                                        77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4784] kernel32.dll!GetBinaryTypeW + 70                            76AE69F4 1 Byte  [62]
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4784] USER32.dll!UnhookWindowsHookEx                              7651ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4784] USER32.dll!UnhookWinEvent                                   7651B750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4784] USER32.dll!SetWindowsHookExW                                7651E30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4784] USER32.dll!SetWinEventHook                                  765224DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4784] USER32.dll!SetWindowsHookExA                                76546D0C 5 Bytes  JMP 001F0600 
.text           C:\windows\System32\svchost.exe[5220] ntdll.dll!LdrUnloadDll                                                           77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\System32\svchost.exe[5220] ntdll.dll!LdrLoadDll                                                             77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\System32\svchost.exe[5220] kernel32.dll!GetBinaryTypeW + 70                                                 76AE69F4 1 Byte  [62]
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5344] ntdll.dll!LdrUnloadDll                                      77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5344] ntdll.dll!LdrLoadDll                                        77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5344] kernel32.dll!GetBinaryTypeW + 70                            76AE69F4 1 Byte  [62]
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5344] USER32.dll!UnhookWindowsHookEx                              7651ADF9 5 Bytes  JMP 00300A08 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5344] USER32.dll!UnhookWinEvent                                   7651B750 5 Bytes  JMP 003003FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5344] USER32.dll!SetWindowsHookExW                                7651E30C 5 Bytes  JMP 00300804 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5344] USER32.dll!SetWinEventHook                                  765224DC 5 Bytes  JMP 003001F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5344] USER32.dll!SetWindowsHookExA                                76546D0C 5 Bytes  JMP 00300600 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[5876] ntdll.dll!LdrUnloadDll                    77D2C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[5876] ntdll.dll!LdrLoadDll                      77D3223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[5876] kernel32.dll!SetUnhandledExceptionFilter  76ACF4FB 5 Bytes  JMP 00468140 C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe (DeviceManager.exe/Mobileleader Co., Ltd.)
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[5876] kernel32.dll!GetBinaryTypeW + 70          76AE69F4 1 Byte  [62]
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[5876] USER32.dll!UnhookWindowsHookEx            7651ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[5876] USER32.dll!UnhookWinEvent                 7651B750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[5876] USER32.dll!SetWindowsHookExW              7651E30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[5876] USER32.dll!SetWinEventHook                765224DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[5876] USER32.dll!SetWindowsHookExA              76546D0C 5 Bytes  JMP 001F0600 
.text           C:\windows\system32\taskeng.exe[6052] ntdll.dll!LdrUnloadDll                                                           77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\taskeng.exe[6052] ntdll.dll!LdrLoadDll                                                             77D3223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\taskeng.exe[6052] kernel32.dll!GetBinaryTypeW + 70                                                 76AE69F4 1 Byte  [62]
.text           C:\windows\system32\taskeng.exe[6052] USER32.dll!UnhookWindowsHookEx                                                   7651ADF9 5 Bytes  JMP 000F0A08 
.text           C:\windows\system32\taskeng.exe[6052] USER32.dll!UnhookWinEvent                                                        7651B750 5 Bytes  JMP 000F03FC 
.text           C:\windows\system32\taskeng.exe[6052] USER32.dll!SetWindowsHookExW                                                     7651E30C 5 Bytes  JMP 000F0804 
.text           C:\windows\system32\taskeng.exe[6052] USER32.dll!SetWinEventHook                                                       765224DC 5 Bytes  JMP 000F01F8 
.text           C:\windows\system32\taskeng.exe[6052] USER32.dll!SetWindowsHookExA                                                     76546D0C 5 Bytes  JMP 000F0600 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[6096] ntdll.dll!LdrUnloadDll                                              77D2C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[6096] ntdll.dll!LdrLoadDll                                                77D3223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[6096] kernel32.dll!GetBinaryTypeW + 70                                    76AE69F4 1 Byte  [62]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[6096] USER32.dll!UnhookWindowsHookEx                                      7651ADF9 5 Bytes  JMP 00080A08 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[6096] USER32.dll!UnhookWinEvent                                           7651B750 5 Bytes  JMP 000803FC 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[6096] USER32.dll!SetWindowsHookExW                                        7651E30C 5 Bytes  JMP 00080804 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[6096] USER32.dll!SetWinEventHook                                          765224DC 5 Bytes  JMP 000801F8 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[6096] USER32.dll!SetWindowsHookExA                                        76546D0C 5 Bytes  JMP 00080600 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                        [749B24CB] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                   [7499562E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                  [749956EC] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree]                                         [749B2546] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                               [749A85AA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                 [749A4D5E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                [749A5105] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                               [749A51DA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                      [749A6707] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                [749A8301] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                           [749A8850] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                         [749A90B1] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                               [749AE254] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[3532] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                   [749A4C90] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipAlloc]                                        [749B24CB] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdiplusStartup]                                   [7499562E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdiplusShutdown]                                  [749956EC] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipFree]                                         [749B2546] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics]                               [749A85AA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipDisposeImage]                                 [749A4D5E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipGetImageWidth]                                [749A5105] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipGetImageHeight]                               [749A51DA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                      [749A6707] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC]                                [749A8301] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode]                           [749A8850] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode]                         [749A90B1] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI]                               [749AE254] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\explorer.exe[4524] @ C:\windows\explorer.exe [gdiplus.dll!GdipCloneImage]                                   [749A4C90] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000050                                                                                      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002421d25b11                                            
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002421d25b11 (not active ControlSet)                        

---- EOF - GMER 1.0.15 ----
         
osam.txt
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:54:20 on 24.06.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 8.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart  (File not found)

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aswFsBlk" (aswFsBlk) - ? - aswFsBlk.sys  (File not found)
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - ? - C:\windows\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - ? - C:\windows\system32\drivers\aswTdi.sys  (File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Ari\AppData\Local\Temp\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\windows\system32\drivers\mbam.sys
"MSI_MSIBIOS_010507" (MSI_MSIBIOS_010507) - "Your Corporation" - C:\Program Files\MSI\Live Update 5\msibios32_100507.sys
"NTIOLib_1_0_4" (NTIOLib_1_0_4) - "MSI" - C:\Program Files\msi\Live Update 5\NTIOLib.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR 3.61 Multi\rarext.dll  (File found, but it contains no detailed information)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\windows\WindowsMobile\INetRepl.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\windows\WindowsMobile\INetRepl.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corp." - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"KiesHelper" - "Samsung" - C:\Program Files\Samsung\Kies\KiesHelper.exe /s
"KiesPDLR" - ? - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"hpqSRMon" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
"Live Update 5" - ? - C:\Program Files\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"MGSysCtrl" - ? - C:\Program Files\System Control Manager\MGSysCtrl.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Micro Star SCM" (Micro Star SCM) - "Micro-Star International Co., Ltd." - C:\Program Files\System Control Manager\MSIService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZinw12.dll
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZipm12.dll
"SeaPort" (SeaPort) - "Microsoft Corp." - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
aswMBR.txt
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-24 19:08:18
-----------------------------
19:08:18.817    OS Version: Windows 6.1.7601 Service Pack 1
19:08:18.817    Number of processors: 4 586 0x2502
19:08:18.820    ComputerName: ARI-MSI  UserName: Ari
19:08:20.258    Initialize success
19:08:20.344    AVAST engine defs: 11071801
19:08:25.662    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:08:25.665    Disk 0 Vendor: FUJITSU_ 0000 Size: 476940MB BusType: 3
19:08:25.717    Disk 0 MBR read successfully
19:08:25.720    Disk 0 MBR scan
19:08:25.724    Disk 0 Windows 7 default MBR code
19:08:25.734    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
19:08:25.752    Disk 0 Partition 2 80 (A) 27 Hidden NTFS WinRE NTFS          100 MB offset 20973568
19:08:25.774    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       279952 MB offset 21178368
19:08:25.805    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       186645 MB offset 594521164
19:08:25.816    Disk 0 scanning sectors +976771120
19:08:25.885    Disk 0 scanning C:\windows\system32\drivers
19:08:34.282    Service scanning
19:09:03.070    Modules scanning
19:09:13.977    Disk 0 trace - called modules:
19:09:13.995    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
19:09:14.000    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x874eeac8]
19:09:14.004    3 CLASSPNP.SYS[8c5a159e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86682028]
19:09:14.010    Scan finished successfully
19:25:15.626    Disk 0 MBR has been saved successfully to "C:\Users\Ari\Desktop\MBR.dat"
19:25:15.632    The log file has been saved successfully to "C:\Users\Ari\Desktop\aswMBR.txt"
         
__________________


Alt 25.06.2012, 09:45   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
__________________

Alt 26.06.2012, 13:28   #19
McManaman
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



Malwarebytes

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.19.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Ari :: ARI-MSI [Administrator]

Schutz: Aktiviert

25.06.2012 11:44:34
mbam-log-2012-06-25 (11-44-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 326420
Laufzeit: 1 Stunde(n), 16 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

SUPERAntiSpyware
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/26/2012 at 01:04 PM

Application Version : 5.1.1002

Core Rules Database Version : 8794
Trace Rules Database Version: 6606

Scan type       : Complete Scan
Total Scan Time : 01:23:38

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 1006
Memory threats detected   : 0
Registry items scanned    : 35570
Registry threats detected : 0
File items scanned        : 130872
File threats detected     : 590

Adware.Tracking Cookie
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\ari@adx.chip[1].txt [ /adx.chip ]
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\EXQEBCD7.txt [ /atdmt.com ]
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\NIZRVE5N.txt [ /tracking.quisma.com ]
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\O6HY735T.txt [ /apmebf.com ]
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\U71V1S83.txt [ /www.zanox-affiliate.de ]
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\J6NHQCHO.txt [ /ad.dyntracker.de ]
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\5XCW7I2D.txt [ /mediaplex.com ]
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\GFDTNHTX.txt [ /dyntracker.com ]
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\WVFF3Z3X.txt [ /ad.zanox.com ]
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\TT23OVXF.txt [ /smartadserver.com ]
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\RZT4U2TP.txt [ /zanox.com ]
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\OYH1Z058.txt [ /track.adform.net ]
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\IACM9A7H.txt [ /fastclick.net ]
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\6XHOX3YX.txt [ /doubleclick.net ]
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\H6U9M0IT.txt [ /adform.net ]
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\XJCO3YCZ.txt [ /zanox-affiliate.de ]
	C:\USERS\ARI\AppData\Roaming\Microsoft\Windows\Cookies\Low\ari@zanox[1].txt [ Cookie:ari@zanox.com/ ]
	C:\USERS\ARI\AppData\Roaming\Microsoft\Windows\Cookies\Low\ari@doubleclick[1].txt [ Cookie:ari@doubleclick.net/ ]
	C:\USERS\ARI\AppData\Roaming\Microsoft\Windows\Cookies\Low\ari@webmasterplan[2].txt [ Cookie:ari@webmasterplan.com/ ]
	C:\USERS\ARI\Cookies\EXQEBCD7.txt [ Cookie:ari@atdmt.com/ ]
	C:\USERS\ARI\Cookies\ari@adx.chip[1].txt [ Cookie:ari@adx.chip.de/ ]
	C:\USERS\ARI\Cookies\U71V1S83.txt [ Cookie:ari@www.zanox-affiliate.de/ ]
	C:\USERS\ARI\Cookies\J6NHQCHO.txt [ Cookie:ari@ad.dyntracker.de/ ]
	C:\USERS\ARI\Cookies\GFDTNHTX.txt [ Cookie:ari@dyntracker.com/ ]
	C:\USERS\ARI\Cookies\WVFF3Z3X.txt [ Cookie:ari@ad.zanox.com/ ]
	C:\USERS\ARI\Cookies\TT23OVXF.txt [ Cookie:ari@smartadserver.com/ ]
	C:\USERS\ARI\Cookies\RZT4U2TP.txt [ Cookie:ari@zanox.com/ ]
	C:\USERS\ARI\Cookies\OYH1Z058.txt [ Cookie:ari@track.adform.net/ ]
	C:\USERS\ARI\Cookies\6XHOX3YX.txt [ Cookie:ari@doubleclick.net/ ]
	C:\USERS\ARI\Cookies\H6U9M0IT.txt [ Cookie:ari@adform.net/ ]
	C:\USERS\ARI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ARI@TRAFFICTRACK[1].TXT [ /TRAFFICTRACK ]
	.invitemedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.creativdiscount.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.gostats.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	adsrv.admediate.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	adsrv.admediate.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.stepstone.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	rotator.adjuggler.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	rotator.adjuggler.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.biz [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.autoscout24.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.audiag.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.kontera.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.clicksor.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.clicksor.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.sexcheck.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.a.revenuemax.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.cunda.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	fl01.ct2.comclick.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	fl01.ct2.comclick.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	fl01.ct2.comclick.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.vodafonegroup.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	stat.dealtime.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.shopping.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.mswmw7mobilemainprod.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.klicktel.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.aok.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.jobscanner.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.beiersdorf.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.tedi-discount.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.monstercom.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.tedi-discount.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.guj.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.deutschepostag.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.financescout24.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.finanzportal20.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.verticaltechmedia.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.verticaltechmedia.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.thomascookag.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.hansenet.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	stats.datengarten.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.de.at.atwola.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adxpose.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.tchibo.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.cmpmedica.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	e2.emediate.se [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	software-download.mediamarkt.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.mediamarkt-fotoservice.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.wlw.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.nextag.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.nextag.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.nordclick.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	pw1.nordclick.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.getclicky.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.static.getclicky.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6aekickc5mlo.stats.esomniture.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.myhammer.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad.adition.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad.adition.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.amazonservices.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.tracking.hermesworld.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	media.stage-entertainment.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	adserver.tiervermittlung.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	adserver.tiervermittlung.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	adserver.tiervermittlung.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ads1.heimtierheim.eu [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.lokalportal24de.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	adserver.5schritte.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	adserver2.clipkit.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.mobile.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	adserver.wolterskluwer.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.klicktel.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.sim-technik.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.komtrack.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.komtrack.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracker.pegsanalytics.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracker.pegsanalytics.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	server.adform.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.secmedia.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.secmedia.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.bruegelmann.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.bruegelmann.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adpeppermedia.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	media.gan-online.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.fahrrad.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.fahrrad.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.looser.coachandmedia.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.looser.coachandmedia.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad.adserver01.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	media.gan-online.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.files.bannersnack.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.files.bannersnack.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.urbia.wwe-media.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	delivery.atkmedia.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.dyntracker.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.conrad.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	partners.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad.dyntracker.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.dealtime.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	studivz.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	studivz.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.cewecolor.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.mediamarkt.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.mediamarkt.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.rionordgmbh.122.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad.dyntracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad.dyntracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad.dyntracker.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	server.adform.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.avgtechnologies.112.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.tracking.mindshare.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	adserver.w3anythink.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	adserver.w3anythink.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	adserver.w3anythink.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad.adserver01.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	a.visualrevenue.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ARI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Y344OQN.DEFAULT\COOKIES.SQLITE ]
         

Alt 26.06.2012, 15:02   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.06.2012, 15:11   #21
McManaman
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



Vielen vielen Dank.

Bis auf dass die Dateien noch alle unbrauchbar sind, geht wieder alles. Die Bild-Dateien habe ich bereits alle wieder umbenannt, so dass sie sich wieder öffnen lassen. Bei allen anderen Dateien bin ich noch dabei.

Bei mir wurden nur die Dateien umbenannt, ganz wilde Namen wie DnAqqfvGeyOJT und so. Dazu wurde noch die Dateierweiterung gelöscht. Mal sehen was ich davon wieder hinbekomme.

Alt 26.06.2012, 15:24   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Windows-Verschlüsselungs-Trojaner auf Win7
administrator, anti-malware, appdata, audiodg.exe, autostart, avira searchfree toolbar, branding, bösartige, ccc.exe, code, dateien, dateisystem, daten, device driver, document, erfolgreich, explorer, gelöscht, heuristiks/extra, heuristiks/shuriken, locker, malwarebytes, microsoft, minute, mom.exe, ntdll.dll, quarantäne, registrierung, roaming, searchscopes, software, speicher, test, trojan.fakealert, trojaner, version, version=1.0, win7, windows



Ähnliche Themen: Windows-Verschlüsselungs-Trojaner auf Win7


  1. Hilfe Win7 mit Verschlüsselungs Trojaner mit Dateibezeichnung AaynjEyLjEqnQrJgQNv
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (15)
  2. SUISA-Trojaner (Verschlüsselungs-Trojaner) befall auf HP-Pro-Laptop Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (19)
  3. Windows-Verschlüsselungs-Trojaner unter Windows 7 auf einem MAC
    Log-Analyse und Auswertung - 14.06.2012 (3)
  4. Windows Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (1)
  5. Windows Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (7)
  6. Willkomen bei Windows Update, Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 06.06.2012 (1)
  7. 100€ Windows Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.06.2012 (33)
  8. Windows- Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (10)
  9. Windows Verschlüsselungs-Trojaner / OTL log
    Log-Analyse und Auswertung - 22.05.2012 (6)
  10. windows verschlüsselungs trojaner win7
    Log-Analyse und Auswertung - 20.05.2012 (1)
  11. Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (19)
  12. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  13. Verschlüsselungs-Trojaner Win7
    Plagegeister aller Art und deren Bekämpfung - 03.05.2012 (3)
  14. Windows Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.05.2012 (6)
  15. Windows verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 30.04.2012 (23)
  16. "Willkommen bei Windows Update Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 27.04.2012 (3)
  17. Windows Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 25.04.2012 (1)

Zum Thema Windows-Verschlüsselungs-Trojaner auf Win7 - SRy ich hab mich in meinen Bausteinen verklickt Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht - Windows-Verschlüsselungs-Trojaner auf Win7...
Archiv
Du betrachtest: Windows-Verschlüsselungs-Trojaner auf Win7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.