| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ihavenet Rootkit eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.08.2013, 18:37
| #1 |
| |  ihavenet Rootkit eingefangen Hallo, ich versuche gerade ein "ihavenet" rootkit auf einem Win7 Rechner zu entfernen Die Kaspersky Rescue disk scheint auch nichts zu finden. Hier ein Scan mit GMER Bitte helft! Was ist da los und warum findet die Rescue Disk nichts? Ist ein ziemlich neuer Rechner. <pre style='color:#141312;background-color:#ffffff;'> GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-08-25 18:07:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB Running: 9bmzl1ix.exe; Driver: C:\Users\Dippi\AppData\Local\Temp\pgloapoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764d1465 2 bytes [4D, 76] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764d14bb 2 bytes [4D, 76] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764d1465 2 bytes [4D, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764d14bb 2 bytes [4D, 76] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077b611f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077b61390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077b6143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077b6158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077b6191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077b61b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077b61bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077b61d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077b61eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077b61edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077b61f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077b61fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077b61fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077b62272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077b62301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077b62792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077b627b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077b627d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077b6282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077b62890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077b62d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077b62d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077b63023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077b6323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077b633c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077b63a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077b63ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077b63b85 8 bytes [F8, 69, F9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077b63d23 8 bytes {CALL 0xfff96e} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077b64190 8 bytes [88, 69, F9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bb1380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bb1500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bb1530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bb1700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bb1f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000730a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000730a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000730a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000730a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000730a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000730a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000730a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000730a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000730a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000730a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077b611f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077b61390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077b6143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077b6158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077b6191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077b61b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077b61bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077b61d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077b61eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077b61edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077b61f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077b61fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077b61fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077b62272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077b62301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077b62792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077b627b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077b627d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077b6282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077b62890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077b62d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077b62d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077b63023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077b6323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077b633c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077b63a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077b63ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077b63b85 8 bytes [F8, 69, F9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077b63d23 8 bytes {CALL 0xfff96e} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077b64190 8 bytes [88, 69, F9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bb1380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bb1500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bb1530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bb1700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bb1f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000730a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000730a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000730a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000730a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000730a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000730a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000730a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000730a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000730a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000730a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077b611f5 8 bytes {JMP 0xd} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077b61390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077b6143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077b6158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077b6191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077b61b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077b61bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077b61d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077b61eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077b61edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077b61f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077b61fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077b61fd7 8 bytes {JMP 0xb} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077b62272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077b62301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077b62792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077b627b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077b627d2 8 bytes {JMP 0x10}</pre> O T L l o g f i l e c r e a t e d o n : 2 5 . 0 8 . 2 0 1 3 1 8 : 0 8 : 5 8 - R u n 1 O T L b y O l d T i m e r - V e r s i o n 3 . 2 . 6 9 . 0 F o l d e r = C : \ U s e r s \ D i p p i \ D o w n l o a d s 6 4 b i t - P r o f e s s i o n a l S e r v i c e P a c k 1 ( V e r s i o n = 6 . 1 . 7 6 0 1 ) - T y p e = N T W o r k s t a t i o n I n t e r n e t E x p l o r e r ( V e r s i o n = 9 . 1 0 . 9 2 0 0 . 1 6 6 6 0 ) L o c a l e : 0 0 0 0 0 4 0 7 | C o u n t r y : D e u t s c h l a n d | L a n g u a g e : D E U | D a t e F o r m a t : d d . M M . y y y y 7 , 9 0 G b T o t a l P h y s i c a l M e m o r y | 5 , 4 6 G b A v a i l a b l e P h y s i c a l M e m o r y | 6 9 , 1 6 % M e m o r y f r e e 1 5 , 8 0 G b P a g i n g F i l e | 1 3 , 3 9 G b A v a i l a b l e i n P a g i n g F i l e | 8 4 , 7 5 % P a g i n g F i l e f r e e P a g i n g f i l e l o c a t i o n ( s ) : ? : \ p a g e f i l e . s y s [ b i n a r y d a t a ] % S y s t e m D r i v e % = C : | % S y s t e m R o o t % = C : \ W i n d o w s | % P r o g r a m F i l e s % = C : \ P r o g r a m F i l e s ( x 8 6 ) D r i v e C : | 6 9 8 , 5 4 G b T o t a l S p a c e | 6 4 7 , 9 1 G b F r e e S p a c e | 9 2 , 7 5 % S p a c e F r e e | P a r t i t i o n T y p e : N T F S C o m p u t e r N a m e : D I P P I - P C | U s e r N a m e : D i p p i | L o g g e d i n a s A d m i n i s t r a t o r . B o o t M o d e : N o r m a l | S c a n M o d e : A l l u s e r s | I n c l u d e 6 4 b i t S c a n s C o m p a n y N a m e W h i t e l i s t : O f f | S k i p M i c r o s o f t F i l e s : O f f | N o C o m p a n y N a m e W h i t e l i s t : O n | F i l e A g e = 3 0 D a y s [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = P r o c e s s e s ( S a f e L i s t ) = = = = = = = = = = [ / c o l o r ] P R C - [ 2 0 1 3 . 0 8 . 2 5 1 8 : 0 1 : 2 7 | 0 0 0 , 6 0 2 , 1 1 2 | - - - - | M ] ( O l d T i m e r T o o l s ) - - C : \ U s e r s \ D i p p i \ D o w n l o a d s \ O T L . e x e P R C - [ 2 0 1 3 . 0 8 . 2 5 1 7 : 5 7 : 0 1 | 0 0 0 , 3 7 7 , 8 5 6 | - - - - | M ] ( ) - - C : \ U s e r s \ D i p p i \ D o w n l o a d s \ 9 b m z l 1 i x . e x e P R C - [ 2 0 1 3 . 0 8 . 2 5 1 7 : 1 0 : 3 8 | 0 0 0 , 2 7 6 , 3 7 6 | - - - - | M ] ( M o z i l l a C o r p o r a t i o n ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a F i r e f o x \ f i r e f o x . e x e P R C - [ 2 0 1 3 . 0 7 . 1 5 1 9 : 0 5 : 1 1 | 0 0 1 , 8 6 1 , 5 1 2 | - - - - | M ] ( A d o b e S y s t e m s , I n c . ) - - C : \ W i n d o w s \ S y s W O W 6 4 \ M a c r o m e d \ F l a s h \ F l a s h P l a y e r P l u g i n _ 1 1 _ 8 _ 8 0 0 _ 9 4 . e x e P R C - [ 2 0 1 3 . 0 6 . 1 3 1 1 : 1 7 : 5 1 | 0 0 4 , 1 5 0 , 1 1 2 | - - - - | M ] ( T e a m V i e w e r G m b H ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ T e a m V i e w e r \ V e r s i o n 8 \ T e a m V i e w e r _ S e r v i c e . e x e P R C - [ 2 0 1 3 . 0 5 . 1 1 1 2 : 3 7 : 2 6 | 0 0 0 , 0 6 5 , 6 4 0 | - - - - | M ] ( A d o b e S y s t e m s I n c o r p o r a t e d ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ C o m m o n F i l e s \ A d o b e \ A R M \ 1 . 0 \ a r m s v c . e x e P R C - [ 2 0 1 2 . 1 0 . 1 7 2 1 : 3 6 : 1 8 | 0 0 4 , 9 6 0 , 1 9 2 | - - - - | M ] ( D e u t s c h e T e l e k o m A G ) - - C : \ U s e r s \ D i p p i \ A p p D a t a \ L o c a l \ D T A G \ D t o r . e x e P R C - [ 2 0 1 2 . 0 8 . 1 3 1 1 : 0 8 : 0 8 | 0 1 0 , 3 7 6 , 7 0 4 | - - - - | M ] ( O p e n O f f i c e . o r g ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ O p e n O f f i c e . o r g 3 \ p r o g r a m \ s o f f i c e . e x e P R C - [ 2 0 1 2 . 0 8 . 1 3 1 1 : 0 8 : 0 8 | 0 1 0 , 3 6 8 , 5 1 2 | - - - - | M ] ( O p e n O f f i c e . o r g ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ O p e n O f f i c e . o r g 3 \ p r o g r a m \ s o f f i c e . b i n P R C - [ 2 0 1 2 . 0 3 . 1 8 2 1 : 5 3 : 0 0 | 0 0 2 , 4 5 8 , 9 4 4 | R - - - | M ] ( N V I D I A C o r p o r a t i o n ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ N V I D I A C o r p o r a t i o n \ N V I D I A U p d a t e C o r e \ d a e m o n u . e x e P R C - [ 2 0 1 2 . 0 3 . 1 5 0 6 : 4 8 : 2 2 | 0 0 0 , 3 6 2 , 8 4 0 | R - - - | M ] ( I n t e l C o r p o r a t i o n ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ U N S \ U N S . e x e P R C - [ 2 0 1 2 . 0 3 . 1 5 0 6 : 4 8 : 2 0 | 0 0 0 , 2 7 6 , 8 2 4 | R - - - | M ] ( I n t e l C o r p o r a t i o n ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ L M S \ L M S . e x e P R C - [ 2 0 1 2 . 0 3 . 1 5 0 6 : 4 8 : 1 4 | 0 0 0 , 1 2 7 , 3 2 0 | R - - - | M ] ( ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ F W S e r v i c e \ I n t e l M e F W S e r v i c e . e x e P R C - [ 2 0 1 2 . 0 3 . 1 5 0 6 : 4 8 : 0 6 | 0 0 0 , 1 6 2 , 6 4 8 | R - - - | M ] ( I n t e l C o r p o r a t i o n ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ D A L \ j h i _ s e r v i c e . e x e P R C - [ 2 0 1 2 . 0 2 . 2 6 2 1 : 0 1 : 5 6 | 0 0 0 , 2 9 1 , 6 0 8 | R - - - | M ] ( I n t e l C o r p o r a t i o n ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) U S B 3 . 0 e X t e n s i b l e H o s t C o n t r o l l e r D r i v e r \ A p p l i c a t i o n \ i u s b 3 m o n . e x e P R C - [ 2 0 1 2 . 0 2 . 0 1 1 6 : 2 9 : 5 8 | 0 0 0 , 0 1 3 , 5 9 2 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) R a p i d S t o r a g e T e c h n o l o g y \ I A S t o r D a t a M g r S v c . e x e P R C - [ 2 0 1 2 . 0 2 . 0 1 1 6 : 2 9 : 5 6 | 0 0 0 , 2 8 4 , 4 4 0 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) R a p i d S t o r a g e T e c h n o l o g y \ I A S t o r I c o n . e x e P R C - [ 2 0 1 0 . 0 3 . 1 8 1 3 : 1 6 : 2 8 | 0 0 0 , 1 3 0 , 3 8 4 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ M i c r o s o f t . N E T \ F r a m e w o r k \ v 4 . 0 . 3 0 3 1 9 \ m s c o r s v w . e x e [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = M o d u l e s ( N o C o m p a n y N a m e ) = = = = = = = = = = [ / c o l o r ] M O D - [ 2 0 1 3 . 0 8 . 2 5 1 7 : 5 7 : 0 1 | 0 0 0 , 3 7 7 , 8 5 6 | - - - - | M ] ( ) - - C : \ U s e r s \ D i p p i \ D o w n l o a d s \ 9 b m z l 1 i x . e x e M O D - [ 2 0 1 3 . 0 8 . 2 5 1 7 : 1 0 : 2 7 | 0 0 3 , 5 5 1 , 6 4 0 | - - - - | M ] ( ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a F i r e f o x \ m o z j s . d l l M O D - [ 2 0 1 3 . 0 8 . 1 9 1 9 : 2 9 : 3 3 | 0 1 1 , 9 1 4 , 7 5 2 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ S y s t e m . W e b \ 8 d c 1 c 1 8 2 c d 1 f 1 0 c d 2 a b c f e c d 0 1 f e 9 e e b \ S y s t e m . W e b . n i . d l l M O D - [ 2 0 1 3 . 0 8 . 1 9 1 9 : 2 9 : 2 8 | 0 0 0 , 7 7 1 , 5 8 4 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ S y s t e m . R u n t i m e . R e m o # \ e 0 6 d b d a f b 3 8 c 3 8 5 1 7 a e f 6 1 a c 4 1 e 2 f d 9 d \ S y s t e m . R u n t i m e . R e m o t i n g . n i . d l l M O D - [ 2 0 1 3 . 0 8 . 1 9 1 9 : 2 9 : 0 8 | 0 1 2 , 4 3 6 , 4 8 0 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ S y s t e m . W i n d o w s . F o r m s \ 2 8 e a 3 4 7 a 9 5 2 d 2 0 9 5 9 a c 6 a e 0 2 d 7 4 5 7 d 3 9 \ S y s t e m . W i n d o w s . F o r m s . n i . d l l M O D - [ 2 0 1 3 . 0 8 . 1 9 1 9 : 2 9 : 0 3 | 0 0 1 , 5 9 3 , 3 4 4 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ S y s t e m . D r a w i n g \ 5 a a 4 4 b c e 7 9 3 3 e 4 d e 0 9 d 9 3 5 8 4 8 f 8 6 8 a 4 b \ S y s t e m . D r a w i n g . n i . d l l M O D - [ 2 0 1 3 . 0 8 . 1 9 1 9 : 2 8 : 5 3 | 0 0 3 , 3 4 8 , 4 8 0 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ W i n d o w s B a s e \ 1 f 6 f 2 2 0 f 9 e f e 9 3 6 d 1 1 5 8 c 7 9 b 9 d 4 b 4 5 1 f \ W i n d o w s B a s e . n i . d l l M O D - [ 2 0 1 3 . 0 8 . 1 9 1 9 : 2 8 : 4 9 | 0 0 5 , 4 6 4 , 0 6 4 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ S y s t e m . X m l \ 0 9 d b 7 8 d 6 0 6 8 5 4 3 d f 0 1 8 6 2 a 0 2 3 a c a 7 8 5 a \ S y s t e m . X m l . n i . d l l M O D - [ 2 0 1 3 . 0 8 . 1 9 1 9 : 2 8 : 4 6 | 0 0 0 , 9 7 8 , 4 3 2 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ S y s t e m . C o n f i g u r a t i o n \ 8 f 7 d 8 3 1 2 6 a 3 c f 2 8 3 e 5 a c 9 7 f 2 d 6 d 9 9 f 1 2 \ S y s t e m . C o n f i g u r a t i o n . n i . d l l M O D - [ 2 0 1 3 . 0 8 . 1 9 1 9 : 2 8 : 4 5 | 0 0 7 , 9 8 9 , 7 6 0 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ S y s t e m \ 5 d 2 2 a 3 0 e 5 8 7 e 2 c a c 1 0 6 b 8 1 f b 3 5 1 e 7 c 0 8 \ S y s t e m . n i . d l l M O D - [ 2 0 1 3 . 0 7 . 2 0 1 1 : 2 7 : 3 2 | 0 0 0 , 0 1 4 , 3 3 6 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ I A S t o r C o m m o n \ 4 5 5 8 1 1 3 8 b 3 6 f d 3 3 8 c 8 7 8 1 3 3 9 0 7 7 5 b 6 5 f \ I A S t o r C o m m o n . n i . d l l M O D - [ 2 0 1 3 . 0 7 . 1 5 1 9 : 0 5 : 1 0 | 0 1 6 , 1 6 6 , 2 8 0 | - - - - | M ] ( ) - - C : \ W i n d o w s \ S y s W O W 6 4 \ M a c r o m e d \ F l a s h \ N P S W F 3 2 _ 1 1 _ 8 _ 8 0 0 _ 9 4 . d l l M O D - [ 2 0 1 3 . 0 7 . 1 5 1 2 : 1 1 : 1 7 | 0 1 1 , 4 9 9 , 5 2 0 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ m s c o r l i b \ 9 a 6 c 1 b 7 a f 1 8 b 4 d 5 a 9 1 d c 7 f 8 d 6 6 1 7 5 2 2 f \ m s c o r l i b . n i . d l l M O D - [ 2 0 1 2 . 0 8 . 1 0 1 6 : 5 1 : 3 2 | 0 0 0 , 9 8 5 , 0 8 8 | - - - - | M ] ( ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ O p e n O f f i c e . o r g 3 \ p r o g r a m \ l i b x m l 2 . d l l M O D - [ 2 0 1 0 . 1 1 . 2 1 0 8 : 4 9 : 2 2 | 0 0 0 , 0 3 2 , 7 6 8 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ G A C _ M S I L \ S y s t e m . R u n t i m e . R e m o t i n g . r e s o u r c e s \ 2 . 0 . 0 . 0 _ d e _ b 7 7 a 5 c 5 6 1 9 3 4 e 0 8 9 \ S y s t e m . R u n t i m e . R e m o t i n g . r e s o u r c e s . d l l M O D - [ 2 0 1 0 . 1 1 . 1 3 0 1 : 2 6 : 0 8 | 0 0 0 , 3 1 5 , 3 9 2 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ G A C _ M S I L \ m s c o r l i b . r e s o u r c e s \ 2 . 0 . 0 . 0 _ d e _ b 7 7 a 5 c 5 6 1 9 3 4 e 0 8 9 \ m s c o r l i b . r e s o u r c e s . d l l [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = S e r v i c e s ( S a f e L i s t ) = = = = = = = = = = [ / c o l o r ] S R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 0 9 . 0 7 . 1 4 0 3 : 4 0 : 0 1 | 0 0 0 , 1 9 3 , 5 3 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ a p p m g m t s . d l l - - ( A p p M g m t ) S R V - [ 2 0 1 3 . 0 8 . 2 5 1 7 : 1 0 : 3 8 | 0 0 0 , 1 1 7 , 6 5 6 | - - - - | M ] ( M o z i l l a F o u n d a t i o n ) [ O n _ D e m a n d | S t o p p e d ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a M a i n t e n a n c e S e r v i c e \ m a i n t e n a n c e s e r v i c e . e x e - - ( M o z i l l a M a i n t e n a n c e ) S R V - [ 2 0 1 3 . 0 8 . 2 5 1 3 : 3 4 : 2 0 | 0 0 0 , 2 5 7 , 4 1 6 | - - - - | M ] ( A d o b e S y s t e m s I n c o r p o r a t e d ) [ O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s W O W 6 4 \ M a c r o m e d \ F l a s h \ F l a s h P l a y e r U p d a t e S e r v i c e . e x e - - ( A d o b e F l a s h P l a y e r U p d a t e S v c ) S R V - [ 2 0 1 3 . 0 6 . 1 7 1 2 : 3 5 : 5 0 | 0 0 0 , 2 1 4 , 5 1 2 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) [ A u t o | S t o p p e d ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ a v p . e x e - - ( A V P ) S R V - [ 2 0 1 3 . 0 6 . 1 3 1 1 : 1 7 : 5 1 | 0 0 4 , 1 5 0 , 1 1 2 | - - - - | M ] ( T e a m V i e w e r G m b H ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ T e a m V i e w e r \ V e r s i o n 8 \ T e a m V i e w e r _ S e r v i c e . e x e - - ( T e a m V i e w e r 8 ) S R V - [ 2 0 1 3 . 0 5 . 1 1 1 2 : 3 7 : 2 6 | 0 0 0 , 0 6 5 , 6 4 0 | - - - - | M ] ( A d o b e S y s t e m s I n c o r p o r a t e d ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ C o m m o n F i l e s \ A d o b e \ A R M \ 1 . 0 \ a r m s v c . e x e - - ( A d o b e A R M s e r v i c e ) S R V - [ 2 0 1 2 . 1 2 . 1 4 0 2 : 4 2 : 1 0 | 0 0 0 , 2 7 7 , 6 1 6 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s W O W 6 4 \ I n t e l C p H e c i S v c . e x e - - ( c p h s ) S R V - [ 2 0 1 2 . 0 3 . 2 9 0 7 : 5 7 : 3 6 | 0 0 2 , 6 6 9 , 8 4 0 | - - - - | M ] ( I n t e l � C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m m e \ I n t e l \ W i F i \ b i n \ Z e r o C o n f i g S e r v i c e . e x e - - ( Z e r o C o n f i g S e r v i c e ) S R V - [ 2 0 1 2 . 0 3 . 2 9 0 7 : 5 7 : 2 4 | 0 0 0 , 2 7 3 , 1 6 8 | - - - - | M ] ( ) [ O n _ D e m a n d | S t o p p e d ] - - C : \ P r o g r a m m e \ I n t e l \ W i F i \ b i n \ P a n D h c p D n s . e x e - - ( M y W i F i D H C P D N S ) S R V - [ 2 0 1 2 . 0 3 . 2 9 0 7 : 5 7 : 1 4 | 0 0 0 , 6 2 6 , 9 6 0 | - - - - | M ] ( I n t e l ( R ) C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m m e \ I n t e l \ W i F i \ b i n \ E v t E n g . e x e - - ( E v t E n g ) S R V - [ 2 0 1 2 . 0 3 . 2 9 0 7 : 5 7 : 1 0 | 0 0 0 , 1 4 8 , 7 5 2 | - - - - | M ] ( I n t e l ( R ) C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m m e \ C o m m o n F i l e s \ I n t e l \ W i r e l e s s C o m m o n \ R e g S r v c . e x e - - ( R e g S r v c ) S R V - [ 2 0 1 2 . 0 3 . 1 8 2 1 : 5 3 : 0 0 | 0 0 2 , 4 5 8 , 9 4 4 | R - - - | M ] ( N V I D I A C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ N V I D I A C o r p o r a t i o n \ N V I D I A U p d a t e C o r e \ d a e m o n u . e x e - - ( n v U p d a t u s S e r v i c e ) S R V - [ 2 0 1 2 . 0 3 . 1 5 0 6 : 4 8 : 2 2 | 0 0 0 , 3 6 2 , 8 4 0 | R - - - | M ] ( I n t e l C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ U N S \ U N S . e x e - - ( U N S ) S R V - [ 2 0 1 2 . 0 3 . 1 5 0 6 : 4 8 : 2 0 | 0 0 0 , 2 7 6 , 8 2 4 | R - - - | M ] ( I n t e l C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ L M S \ L M S . e x e - - ( L M S ) S R V - [ 2 0 1 2 . 0 3 . 1 5 0 6 : 4 8 : 1 4 | 0 0 0 , 1 2 7 , 3 2 0 | R - - - | M ] ( ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ F W S e r v i c e \ I n t e l M e F W S e r v i c e . e x e - - ( I n t e l ( R ) S R V - [ 2 0 1 2 . 0 3 . 1 5 0 6 : 4 8 : 0 6 | 0 0 0 , 1 6 2 , 6 4 8 | R - - - | M ] ( I n t e l C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ D A L \ j h i _ s e r v i c e . e x e - - ( j h i _ s e r v i c e ) S R V - [ 2 0 1 2 . 0 3 . 0 7 2 1 : 5 8 : 4 2 | 0 0 0 , 4 9 2 , 0 3 2 | - - - - | M ] ( ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m m e \ Q u a l c o m m A t h e r o s \ K i l l e r N e t w o r k M a n a g e r \ B F N S e r v i c e . e x e - - ( Q u a l c o m m A t h e r o s K i l l e r S e r v i c e ) S R V - [ 2 0 1 2 . 0 2 . 0 2 2 2 : 2 9 : 5 2 | 0 0 0 , 6 2 8 , 4 4 8 | - - - - | M ] ( I n t e l ( R ) C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m m e \ I n t e l \ i C L S C l i e n t \ H e c i S e r v e r . e x e - - ( I n t e l ( R ) S R V - [ 2 0 1 2 . 0 2 . 0 1 1 6 : 2 9 : 5 8 | 0 0 0 , 0 1 3 , 5 9 2 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) R a p i d S t o r a g e T e c h n o l o g y \ I A S t o r D a t a M g r S v c . e x e - - ( I A S t o r D a t a M g r S v c ) S R V - [ 2 0 1 2 . 0 1 . 1 7 1 6 : 1 2 : 2 8 | 0 0 0 , 1 3 5 , 9 5 2 | - - - - | M ] ( I n t e l ( R ) C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m m e \ I n t e l \ B l u e t o o t h H S \ B T H S S e c u r i t y M g r . e x e - - ( B T H S S e c u r i t y M g r ) S R V - [ 2 0 1 2 . 0 1 . 0 9 1 2 : 3 9 : 4 4 | 0 0 0 , 6 5 9 , 9 6 8 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m m e \ I n t e l \ B l u e t o o t h H S \ B T H S A m p P a l S e r v i c e . e x e - - ( A M P P A L R 3 ) S R V - [ 2 0 1 1 . 1 2 . 0 7 0 9 : 3 8 : 1 0 | 0 0 2 , 4 2 9 , 5 4 4 | R - - - | M ] ( R e a l s i l M i c r o e l e c t r o n i c s I n c . ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ R e a l t e k \ R e a l t e k P C I E C a r d R e a d e r \ R I c o n M a n . e x e - - ( I c o n M a n _ R ) S R V - [ 2 0 1 0 . 0 3 . 1 8 1 3 : 1 6 : 2 8 | 0 0 0 , 1 3 0 , 3 8 4 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ W i n d o w s \ M i c r o s o f t . N E T \ F r a m e w o r k \ v 4 . 0 . 3 0 3 1 9 \ m s c o r s v w . e x e - - ( c l r _ o p t i m i z a t i o n _ v 4 . 0 . 3 0 3 1 9 _ 3 2 ) S R V - [ 2 0 1 0 . 0 1 . 0 9 2 1 : 3 4 : 2 4 | 0 0 4 , 9 2 5 , 1 8 4 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ O n _ D e m a n d | S t o p p e d ] - - C : \ P r o g r a m m e \ C o m m o n F i l e s \ M i c r o s o f t S h a r e d \ O f f i c e S o f t w a r e P r o t e c t i o n P l a t f o r m \ O S P P S V C . E X E - - ( o s p p s v c ) S R V - [ 2 0 0 9 . 0 6 . 1 0 2 3 : 2 3 : 0 9 | 0 0 0 , 0 6 6 , 3 8 4 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ D i s a b l e d | S t o p p e d ] - - C : \ W i n d o w s \ M i c r o s o f t . N E T \ F r a m e w o r k \ v 2 . 0 . 5 0 7 2 7 \ m s c o r s v w . e x e - - ( c l r _ o p t i m i z a t i o n _ v 2 . 0 . 5 0 7 2 7 _ 3 2 ) [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = D r i v e r S e r v i c e s ( S a f e L i s t ) = = = = = = = = = = [ / c o l o r ] D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 3 . 0 8 . 2 5 1 7 : 3 0 : 3 2 | 0 0 0 , 6 1 9 , 6 1 6 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) [ F i l e _ S y s t e m | S y s t e m | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l i f . s y s - - ( K L I F ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 3 . 0 6 . 1 0 1 2 : 2 7 : 5 6 | 0 0 0 , 0 3 0 , 3 0 4 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) [ K e r n e l | S y s t e m | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l i m 6 . s y s - - ( K L I M 6 ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 3 . 0 6 . 0 6 1 7 : 3 8 : 2 0 | 0 0 0 , 1 7 8 , 7 8 4 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) [ K e r n e l | S y s t e m | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k n e p s . s y s - - ( k n e p s ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 3 . 0 5 . 1 4 1 7 : 3 4 : 4 4 | 0 0 0 , 0 5 5 , 9 0 4 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) [ K e r n e l | S y s t e m | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l t d i . s y s - - ( k l t d i ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 3 . 0 5 . 0 6 0 9 : 2 2 : 2 2 | 0 0 0 , 4 5 8 , 3 3 6 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) [ K e r n e l | B o o t | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l 1 . s y s - - ( k l 1 ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 3 . 0 5 . 0 5 2 2 : 4 2 : 1 2 | 0 0 0 , 0 2 9 , 2 8 0 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l k b d f l t . s y s - - ( k l k b d f l t ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 3 . 0 5 . 0 5 2 2 : 4 2 : 0 6 | 0 0 0 , 0 2 9 , 2 8 0 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l m o u f l t . s y s - - ( k l m o u f l t ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 3 . 0 4 . 1 2 1 5 : 3 4 : 4 8 | 0 0 0 , 0 1 5 , 4 5 6 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) [ K e r n e l | S y s t e m | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l p d . s y s - - ( k l p d ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 1 2 . 1 4 0 2 : 4 2 : 2 2 | 0 0 5 , 3 5 3 , 8 8 8 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ i g d k m d 6 4 . s y s - - ( i g f x ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 8 . 2 3 1 6 : 1 0 : 2 0 | 0 0 0 , 0 1 9 , 4 5 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ r d p v i d e o m i n i p o r t . s y s - - ( R d p V i d e o M i n i p o r t ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 8 . 2 3 1 6 : 0 8 : 2 6 | 0 0 0 , 0 3 0 , 2 0 8 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ T s U s b G D . s y s - - ( T s U s b G D ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 8 . 2 3 1 6 : 0 7 : 3 5 | 0 0 0 , 0 5 7 , 8 5 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ T s U s b F l t . s y s - - ( T s U s b F l t ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 7 . 1 7 1 8 : 1 2 : 0 8 | 0 0 0 , 0 6 2 , 7 8 4 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ H E C I x 6 4 . s y s - - ( M E I x 6 4 ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 3 . 1 8 2 1 : 5 3 : 0 0 | 0 0 0 , 0 2 8 , 9 9 2 | - - - - | M ] ( N V I D I A C o r p o r a t i o n ) [ K e r n e l | B o o t | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ n v p c i f l t . s y s - - ( n v p c i f l t ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 3 . 1 2 1 4 : 0 6 : 4 6 | 0 1 1 , 4 7 1 , 8 7 2 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ N e t w s w 0 0 . s y s - - ( N E T w N s 6 4 ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 3 . 0 7 2 1 : 5 9 : 4 6 | 0 0 0 , 0 7 5 , 8 8 0 | - - - - | M ] ( B i g f o o t N e t w o r k s , I n c . ) [ K e r n e l | S y s t e m | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ b f l w f x 6 4 . s y s - - ( B f L w f ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 3 . 0 7 2 1 : 5 9 : 4 4 | 0 0 0 , 1 6 1 , 6 1 6 | - - - - | M ] ( Q u a l c o m m A t h e r o s , I n c . ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ e 2 2 W 7 x 6 4 . s y s - - ( L 1 C ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 3 . 0 1 0 8 : 4 6 : 1 6 | 0 0 0 , 0 2 3 , 4 0 8 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ R e c o g n i z e r | B o o t | U n k n o w n ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ f s _ r e c . s y s - - ( F s _ R e c ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 2 . 2 9 1 2 : 3 1 : 1 6 | 0 0 0 , 1 4 3 , 1 4 4 | - - - - | M ] ( E L A N M i c r o e l e c t r o n i c s C o r p . ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ E T D . s y s - - ( E T D ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 2 . 2 6 2 1 : 0 1 : 0 0 | 0 0 0 , 7 8 8 , 7 6 0 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ i u s b 3 x h c . s y s - - ( i u s b 3 x h c ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 2 . 2 6 2 1 : 0 1 : 0 0 | 0 0 0 , 3 5 6 , 1 2 0 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ i u s b 3 h u b . s y s - - ( i u s b 3 h u b ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 2 . 2 6 2 1 : 0 1 : 0 0 | 0 0 0 , 0 1 6 , 1 5 2 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ K e r n e l | B o o t | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ i u s b 3 h c s . s y s - - ( i u s b 3 h c s ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 2 . 0 1 1 6 : 1 6 : 4 0 | 0 0 0 , 5 6 8 , 6 0 0 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ K e r n e l | B o o t | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ i a S t o r . s y s - - ( i a S t o r ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 1 . 0 9 1 2 : 3 2 : 4 0 | 0 0 0 , 1 9 5 , 5 8 4 | - - - - | M ] ( W i n d o w s ( R ) W i n 7 D D K p r o v i d e r ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ A m p P a l . s y s - - ( A M P P A L P ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 1 . 0 9 1 2 : 3 2 : 4 0 | 0 0 0 , 1 9 5 , 5 8 4 | - - - - | M ] ( W i n d o w s ( R ) W i n 7 D D K p r o v i d e r ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ A m p P a l . s y s - - ( A M P P A L ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 1 . 0 3 0 5 : 2 1 : 4 4 | 0 0 0 , 3 4 0 , 0 7 2 | R - - - | M ] ( R e a l t e k S e m i c o n d u c t o r C o r p . ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ R t s P S t o r . s y s - - ( R S P C I E S T O R ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 1 . 1 2 . 0 5 2 2 : 2 3 : 0 8 | 0 0 0 , 3 3 1 , 2 6 4 | - - - - | M ] ( I n t e l ( R ) C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ I n t c D A u d . s y s - - ( I n t c D A u d ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 1 . 0 3 . 1 1 0 8 : 4 1 : 1 2 | 0 0 0 , 1 0 7 , 9 0 4 | - - - - | M ] ( A d v a n c e d M i c r o D e v i c e s ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ a m d s a t a . s y s - - ( a m d s a t a ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 1 . 0 3 . 1 1 0 8 : 4 1 : 1 2 | 0 0 0 , 0 2 7 , 0 0 8 | - - - - | M ] ( A d v a n c e d M i c r o D e v i c e s ) [ K e r n e l | B o o t | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ a m d x a t a . s y s - - ( a m d x a t a ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 0 . 1 1 . 2 1 0 5 : 2 3 : 4 8 | 0 0 0 , 0 7 1 , 1 6 8 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ d m v s c . s y s - - ( d m v s c ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 0 . 1 1 . 2 1 0 5 : 2 3 : 4 7 | 0 0 0 , 1 0 9 , 0 5 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ s d b u s . s y s - - ( s d b u s ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 0 . 1 1 . 2 1 0 5 : 2 3 : 4 7 | 0 0 0 , 0 7 8 , 7 2 0 | - - - - | M ] ( H e w l e t t - P a c k a r d C o m p a n y ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ H p S A M D . s y s - - ( H p S A M D ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 0 9 . 1 1 . 1 8 0 1 : 1 2 : 0 0 | 0 0 0 , 0 3 2 , 3 4 4 | - - - - | M ] ( C r e a t i v e T e c h n o l o g y L t d . ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ M B f i l t 6 4 . s y s - - ( M B f i l t ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 0 9 . 0 7 . 1 4 0 3 : 5 2 : 2 0 | 0 0 0 , 1 9 4 , 1 2 8 | - - - - | M ] ( A M D T e c h n o l o g i e s I n c . ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ a m d s b s . s y s - - ( a m d s b s ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 0 9 . 0 7 . 1 4 0 3 : 4 8 : 0 4 | 0 0 0 , 0 6 5 , 6 0 0 | - - - - | M ] ( L S I C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ l s i _ s a s 2 . s y s - - ( L S I _ S A S 2 ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 0 9 . 0 7 . 1 4 0 3 : 4 5 : 5 5 | 0 0 0 , 0 2 4 , 6 5 6 | - - - - | M ] ( P r o m i s e T e c h n o l o g y ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ s t e x s t o r . s y s - - ( s t e x s t o r ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 0 9 . 0 6 . 1 0 2 2 : 3 4 : 3 3 | 0 0 3 , 2 8 6 , 0 1 6 | - - - - | M ] ( B r o a d c o m C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ e v b d a . s y s - - ( e b d r v ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 0 9 . 0 6 . 1 0 2 2 : 3 4 : 2 8 | 0 0 0 , 4 6 8 , 4 8 0 | - - - - | M ] ( B r o a d c o m C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ b x v b d a . s y s - - ( b 0 6 b d r v ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 0 9 . 0 6 . 1 0 2 2 : 3 4 : 2 3 | 0 0 0 , 2 7 0 , 8 4 8 | - - - - | M ] ( B r o a d c o m C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ b 5 7 n d 6 0 a . s y s - - ( b 5 7 n d 6 0 a ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 0 9 . 0 6 . 1 0 2 2 : 3 1 : 5 9 | 0 0 0 , 0 3 1 , 2 3 2 | - - - - | M ] ( H a u p p a u g e C o m p u t e r W o r k s , I n c . ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ h c w 8 5 c i r . s y s - - ( h c w 8 5 c i r ) D R V - [ 2 0 0 9 . 0 7 . 1 4 0 3 : 1 9 : 1 0 | 0 0 0 , 0 1 9 , 0 0 8 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ F i l e _ S y s t e m | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s W O W 6 4 \ d r i v e r s \ w i m m o u n t . s y s - - ( W I M M o u n t ) [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = S t a n d a r d R e g i s t r y ( S a f e L i s t ) = = = = = = = = = = [ / c o l o r ] [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = I n t e r n e t E x p l o r e r = = = = = = = = = = [ / c o l o r ] I E : [ b ] 6 4 b i t : [ / b ] - H K L M \ . . \ S e a r c h S c o p e s , D e f a u l t S c o p e = { 0 6 3 3 E E 9 3 - D 7 7 6 - 4 7 2 f - A 0 F F - E 1 4 1 6 B 8 B 2 E 3 A } I E : [ b ] 6 4 b i t : [ / b ] - H K L M \ . . \ S e a r c h S c o p e s \ { 0 6 3 3 E E 9 3 - D 7 7 6 - 4 7 2 f - A 0 F F - E 1 4 1 6 B 8 B 2 E 3 A } : " U R L " = h t t p : / / w w w . b i n g . c o m / s e a r c h ? q = { s e a r c h T e r m s } & F O R M = I E 8 S R C I E - H K L M \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , L o c a l P a g e = C : \ W i n d o w s \ S y s W O W 6 4 \ b l a n k . h t m I E - H K L M \ . . \ S e a r c h S c o p e s , D e f a u l t S c o p e = { 0 6 3 3 E E 9 3 - D 7 7 6 - 4 7 2 f - A 0 F F - E 1 4 1 6 B 8 B 2 E 3 A } I E - H K L M \ . . \ S e a r c h S c o p e s \ { 0 6 3 3 E E 9 3 - D 7 7 6 - 4 7 2 f - A 0 F F - E 1 4 1 6 B 8 B 2 E 3 A } : " U R L " = h t t p : / / w w w . b i n g . c o m / s e a r c h ? q = { s e a r c h T e r m s } & F O R M = I E 8 S R C I E - H K U \ . D E F A U L T \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s : " P r o x y E n a b l e " = 0 I E - H K U \ S - 1 - 5 - 1 8 \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s : " P r o x y E n a b l e " = 0 I E - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 0 \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , S t a r t P a g e = h t t p : / / w w w . g o o g l e . d e / I E - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 0 \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , S t a r t P a g e R e d i r e c t C a c h e = h t t p : / / d e . m s n . c o m / ? o c i d = i e h p I E - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 0 \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , S t a r t P a g e R e d i r e c t C a c h e A c c e p t L a n g s = d e I E - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 0 \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , S t a r t P a g e R e d i r e c t C a c h e _ T I M E S T A M P = 6 E 1 5 3 D C 9 3 C 3 8 C E 0 1 [ b i n a r y d a t a ] I E - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 0 \ . . \ S e a r c h S c o p e s , D e f a u l t S c o p e = { 0 6 3 3 E E 9 3 - D 7 7 6 - 4 7 2 f - A 0 F F - E 1 4 1 6 B 8 B 2 E 3 A } I E - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 0 \ . . \ S e a r c h S c o p e s \ { 0 6 3 3 E E 9 3 - D 7 7 6 - 4 7 2 f - A 0 F F - E 1 4 1 6 B 8 B 2 E 3 A } : " U R L " = h t t p : / / w w w . b i n g . c o m / s e a r c h ? q = { s e a r c h T e r m s } & s r c = I E - S e a r c h B o x & F O R M = I E 1 0 S R I E - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 0 \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s : " P r o x y E n a b l e " = 0 I E - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 1 \ . . \ S e a r c h S c o p e s , D e f a u l t S c o p e = { 0 6 3 3 E E 9 3 - D 7 7 6 - 4 7 2 f - A 0 F F - E 1 4 1 6 B 8 B 2 E 3 A } I E - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 1 \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s : " P r o x y E n a b l e " = 0 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = F i r e F o x = = = = = = = = = = [ / c o l o r ] F F - p r e f s . j s . . e x t e n s i o n s . e n a b l e d A d d o n s : % 7 B 9 7 2 c e 4 c 6 - 7 e 0 8 - 4 4 7 4 - a 2 8 5 - 3 2 0 8 1 9 8 c e 6 f d % 7 D : 2 3 . 0 . 1 F F - u s e r . j s - F i l e n o t f o u n d F F : [ b ] 6 4 b i t : [ / b ] - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ a d o b e . c o m / F l a s h P l a y e r : C : \ W i n d o w s \ s y s t e m 3 2 \ M a c r o m e d \ F l a s h \ N P S W F 6 4 _ 1 1 _ 8 _ 8 0 0 _ 9 4 . d l l F i l e n o t f o u n d F F : [ b ] 6 4 b i t : [ / b ] - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ M i c r o s o f t . c o m / N p C t r l , v e r s i o n = 1 . 0 : c : \ P r o g r a m F i l e s \ M i c r o s o f t S i l v e r l i g h t \ 5 . 1 . 2 0 5 1 3 . 0 \ n p c t r l . d l l ( M i c r o s o f t C o r p o r a t i o n ) F F : [ b ] 6 4 b i t : [ / b ] - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ m i c r o s o f t . c o m / O f f i c e A u t h z , v e r s i o n = 1 4 . 0 : C : \ P R O G R A ~ 1 \ M I C R O S ~ 2 \ O f f i c e 1 4 \ N P A U T H Z . D L L ( M i c r o s o f t C o r p o r a t i o n ) F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ a d o b e . c o m / F l a s h P l a y e r : C : \ W i n d o w s \ S y s W O W 6 4 \ M a c r o m e d \ F l a s h \ N P S W F 3 2 _ 1 1 _ 8 _ 8 0 0 _ 9 4 . d l l ( ) F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ i n t e l - w e b a p i . i n t e l . c o m / I n t e l W e b A P I i p t ; v e r s i o n = 2 . 0 . 5 9 : C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ I P T \ n p I n t e l W e b A P I I P T . d l l ( I n t e l C o r p o r a t i o n ) F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ i n t e l - w e b a p i . i n t e l . c o m / I n t e l W e b A P I u p d a t e r : C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ I P T \ n p I n t e l W e b A P I U p d a t e r . d l l ( I n t e l C o r p o r a t i o n ) F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ M i c r o s o f t . c o m / N p C t r l , v e r s i o n = 1 . 0 : c : \ P r o g r a m F i l e s ( x 8 6 ) \ M i c r o s o f t S i l v e r l i g h t \ 5 . 1 . 2 0 5 1 3 . 0 \ n p c t r l . d l l ( M i c r o s o f t C o r p o r a t i o n ) F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ m i c r o s o f t . c o m / O f f i c e A u t h z , v e r s i o n = 1 4 . 0 : C : \ P R O G R A ~ 2 \ M I C R O S ~ 2 \ O f f i c e 1 4 \ N P A U T H Z . D L L ( M i c r o s o f t C o r p o r a t i o n ) F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ m i c r o s o f t . c o m / S h a r e P o i n t , v e r s i o n = 1 4 . 0 : C : \ P R O G R A ~ 2 \ M I C R O S ~ 2 \ O f f i c e 1 4 \ N P S P W R A P . D L L ( M i c r o s o f t C o r p o r a t i o n ) F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ A d o b e R e a d e r : C : \ P r o g r a m F i l e s ( x 8 6 ) \ A d o b e \ R e a d e r 1 1 . 0 \ R e a d e r \ A I R \ n p p d f 3 2 . d l l ( A d o b e S y s t e m s I n c . ) F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ F i r e f o x \ E x t e n s i o n s \ \ u r l _ a d v i s o r @ k a s p e r s k y . c o m : C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ F F E x t \ u r l _ a d v i s o r @ k a s p e r s k y . c o m [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 5 : 5 4 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ F i r e f o x \ E x t e n s i o n s \ \ v i r t u a l _ k e y b o a r d @ k a s p e r s k y . c o m : C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ F F E x t \ v i r t u a l _ k e y b o a r d @ k a s p e r s k y . c o m [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 5 : 5 5 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ F i r e f o x \ E x t e n s i o n s \ \ c o n t e n t _ b l o c k e r @ k a s p e r s k y . c o m : C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ F F E x t \ c o n t e n t _ b l o c k e r @ k a s p e r s k y . c o m [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 5 : 4 2 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ M o z i l l a F i r e f o x 2 3 . 0 . 1 \ e x t e n s i o n s \ \ C o m p o n e n t s : C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a F i r e f o x \ c o m p o n e n t s F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ M o z i l l a F i r e f o x 2 3 . 0 . 1 \ e x t e n s i o n s \ \ P l u g i n s : C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a F i r e f o x \ p l u g i n s F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ M o z i l l a T h u n d e r b i r d 1 7 . 0 . 8 \ e x t e n s i o n s \ \ C o m p o n e n t s : C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a T h u n d e r b i r d \ c o m p o n e n t s [ 2 0 1 3 . 0 8 . 1 3 1 8 : 1 1 : 2 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ M o z i l l a T h u n d e r b i r d 1 7 . 0 . 8 \ e x t e n s i o n s \ \ P l u g i n s : C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a T h u n d e r b i r d \ p l u g i n s F F - H K E Y _ C U R R E N T _ U S E R \ s o f t w a r e \ m o z i l l a \ M o z i l l a F i r e f o x 2 3 . 0 . 1 \ e x t e n s i o n s \ \ C o m p o n e n t s : C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a F i r e f o x \ c o m p o n e n t s F F - H K E Y _ C U R R E N T _ U S E R \ s o f t w a r e \ m o z i l l a \ M o z i l l a F i r e f o x 2 3 . 0 . 1 \ e x t e n s i o n s \ \ P l u g i n s : C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a F i r e f o x \ p l u g i n s F F - H K E Y _ C U R R E N T _ U S E R \ s o f t w a r e \ m o z i l l a \ M o z i l l a T h u n d e r b i r d 1 7 . 0 . 8 \ e x t e n s i o n s \ \ C o m p o n e n t s : C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a T h u n d e r b i r d \ c o m p o n e n t s [ 2 0 1 3 . 0 8 . 1 3 1 8 : 1 1 : 2 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] F F - H K E Y _ C U R R E N T _ U S E R \ s o f t w a r e \ m o z i l l a \ M o z i l l a T h u n d e r b i r d 1 7 . 0 . 8 \ e x t e n s i o n s \ \ P l u g i n s : C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a T h u n d e r b i r d \ p l u g i n s [ 2 0 1 3 . 0 4 . 1 3 1 4 : 2 5 : 1 4 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] ( N o n a m e f o u n d ) - - C : \ U s e r s \ D i p p i \ A p p D a t a \ R o a m i n g \ m o z i l l a \ E x t e n s i o n s [ 2 0 1 3 . 0 8 . 2 5 1 3 : 3 5 : 3 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] ( N o n a m e f o u n d ) - - C : \ U s e r s \ D i p p i \ A p p D a t a \ R o a m i n g \ m o z i l l a \ F i r e f o x \ P r o f i l e s \ z s d f 2 w c n . d e f a u l t \ e x t e n s i o n s [ 2 0 1 3 . 0 8 . 2 5 1 3 : 3 5 : 3 1 | 0 0 1 , 3 1 2 , 9 0 7 | - - - - | M ] ( ) ( N o n a m e f o u n d ) - - C : \ U s e r s \ D i p p i \ A p p D a t a \ R o a m i n g \ m o z i l l a \ f i r e f o x \ p r o f i l e s \ z s d f 2 w c n . d e f a u l t \ e x t e n s i o n s \ f i r e f o x @ g h o s t e r y . c o m . x p i [ 2 0 1 3 . 0 5 . 2 0 1 7 : 3 1 : 3 4 | 0 0 0 , 3 9 2 , 8 0 6 | - - - - | M ] ( ) ( N o n a m e f o u n d ) - - C : \ U s e r s \ D i p p i \ A p p D a t a \ R o a m i n g \ m o z i l l a \ f i r e f o x \ p r o f i l e s \ z s d f 2 w c n . d e f a u l t \ e x t e n s i o n s \ j i d 1 - F 9 U J 2 t h w o A m 5 g Q @ j e t p a c k . x p i [ 2 0 1 3 . 0 7 . 3 1 2 0 : 2 3 : 5 5 | 0 0 0 , 8 2 4 , 3 0 2 | - - - - | M ] ( ) ( N o n a m e f o u n d ) - - C : \ U s e r s \ D i p p i \ A p p D a t a \ R o a m i n g \ m o z i l l a \ f i r e f o x \ p r o f i l e s \ z s d f 2 w c n . d e f a u l t \ e x t e n s i o n s \ { d 1 0 d 0 b f 8 - f 5 b 5 - c 8 b 4 - a 8 b 2 - 2 b 9 8 7 9 e 0 8 c 5 d } . x p i [ 2 0 1 3 . 0 8 . 2 5 1 7 : 1 0 : 2 2 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] ( N o n a m e f o u n d ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ m o z i l l a f i r e f o x \ b r o w s e r \ e x t e n s i o n s [ 2 0 1 3 . 0 8 . 2 5 1 7 : 1 0 : 3 9 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] ( D e f a u l t ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ m o z i l l a f i r e f o x \ b r o w s e r \ e x t e n s i o n s \ { 9 7 2 c e 4 c 6 - 7 e 0 8 - 4 4 7 4 - a 2 8 5 - 3 2 0 8 1 9 8 c e 6 f d } O 1 H O S T S F i l e : ( [ 2 0 0 9 . 0 6 . 1 0 2 3 : 0 0 : 2 6 | 0 0 0 , 0 0 0 , 8 2 4 | - - - - | M ] ) - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ e t c \ h o s t s O 2 : [ b ] 6 4 b i t : [ / b ] - B H O : ( C o n t e n t B l o c k e r P l u g i n ) - { 5 5 6 4 C C 7 3 - E F A 7 - 4 C B F - 9 1 8 A - 5 C F 7 F B B F F F 4 F } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ x 6 4 \ I E E x t \ C o n t e n t B l o c k e r \ i e _ c o n t e n t _ b l o c k e r _ p l u g i n . d l l ( K a s p e r s k y L a b Z A O ) O 2 : [ b ] 6 4 b i t : [ / b ] - B H O : ( V i r t u a l K e y b o a r d P l u g i n ) - { 7 3 4 5 5 5 7 5 - E 4 0 C - 4 3 3 C - 9 7 8 4 - C 7 8 D C 7 7 6 1 4 5 5 } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ x 6 4 \ I E E x t \ V i r t u a l K e y b o a r d \ i e _ v i r t u a l _ k e y b o a r d _ p l u g i n . d l l ( K a s p e r s k y L a b Z A O ) O 2 : [ b ] 6 4 b i t : [ / b ] - B H O : ( O f f i c e D o c u m e n t C a c h e H a n d l e r ) - { B 4 F 3 A 8 3 5 - 0 E 2 1 - 4 9 5 9 - B A 2 2 - 4 2 B 3 0 0 8 E 0 2 F F } - C : \ P r o g r a m m e \ M i c r o s o f t O f f i c e \ O f f i c e 1 4 \ U R L R E D I R . D L L ( M i c r o s o f t C o r p o r a t i o n ) O 2 : [ b ] 6 4 b i t : [ / b ] - B H O : ( U R L A d v i s o r P l u g i n ) - { E 3 3 C F 6 0 2 - D 9 4 5 - 4 6 1 A - 8 3 F 0 - 8 1 9 F 7 6 A 1 9 9 F 8 } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ x 6 4 \ I E E x t \ U r l A d v i s o r \ k l w t b b h o . d l l ( K a s p e r s k y L a b Z A O ) O 2 - B H O : ( C o n t e n t B l o c k e r P l u g i n ) - { 5 5 6 4 C C 7 3 - E F A 7 - 4 C B F - 9 1 8 A - 5 C F 7 F B B F F F 4 F } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ I E E x t \ C o n t e n t B l o c k e r \ i e _ c o n t e n t _ b l o c k e r _ p l u g i n . d l l ( K a s p e r s k y L a b Z A O ) O 2 - B H O : ( V i r t u a l K e y b o a r d P l u g i n ) - { 7 3 4 5 5 5 7 5 - E 4 0 C - 4 3 3 C - 9 7 8 4 - C 7 8 D C 7 7 6 1 4 5 5 } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ I E E x t \ V i r t u a l K e y b o a r d \ i e _ v i r t u a l _ k e y b o a r d _ p l u g i n . d l l ( K a s p e r s k y L a b Z A O ) O 2 - B H O : ( O f f i c e D o c u m e n t C a c h e H a n d l e r ) - { B 4 F 3 A 8 3 5 - 0 E 2 1 - 4 9 5 9 - B A 2 2 - 4 2 B 3 0 0 8 E 0 2 F F } - C : \ P R O G R A ~ 2 \ M I C R O S ~ 2 \ O f f i c e 1 4 \ U R L R E D I R . D L L ( M i c r o s o f t C o r p o r a t i o n ) O 2 - B H O : ( U R L A d v i s o r P l u g i n ) - { E 3 3 C F 6 0 2 - D 9 4 5 - 4 6 1 A - 8 3 F 0 - 8 1 9 F 7 6 A 1 9 9 F 8 } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ I E E x t \ U r l A d v i s o r \ k l w t b b h o . d l l ( K a s p e r s k y L a b Z A O ) O 4 : [ b ] 6 4 b i t : [ / b ] - H K L M . . \ R u n : [ E T D C t r l ] C : \ P r o g r a m m e \ E l a n t e c h \ E T D C t r l . e x e ( E L A N M i c r o e l e c t r o n i c s C o r p . ) O 4 : [ b ] 6 4 b i t : [ / b ] - H K L M . . \ R u n : [ H o t K e y s C m d s ] C : \ W i n d o w s \ S y s N a t i v e \ h k c m d . e x e ( I n t e l C o r p o r a t i o n ) O 4 : [ b ] 6 4 b i t : [ / b ] - H K L M . . \ R u n : [ I g f x T r a y ] C : \ W i n d o w s \ S y s N a t i v e \ i g f x t r a y . e x e ( I n t e l C o r p o r a t i o n ) O 4 : [ b ] 6 4 b i t : [ / b ] - H K L M . . \ R u n : [ P e r s i s t e n c e ] C : \ W i n d o w s \ S y s N a t i v e \ i g f x p e r s . e x e ( I n t e l C o r p o r a t i o n ) O 4 : [ b ] 6 4 b i t : [ / b ] - H K L M . . \ R u n : [ R T H D V C P L ] C : \ P r o g r a m F i l e s \ R e a l t e k \ A u d i o \ H D A \ R A V C p l 6 4 . e x e ( R e a l t e k S e m i c o n d u c t o r ) O 4 - H K L M . . \ R u n : [ I A S t o r I c o n ] C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) R a p i d S t o r a g e T e c h n o l o g y \ I A S t o r I c o n L a u n c h . e x e ( I n t e l C o r p o r a t i o n ) O 4 - H K L M . . \ R u n : [ U S B 3 M O N ] C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) U S B 3 . 0 e X t e n s i b l e H o s t C o n t r o l l e r D r i v e r \ A p p l i c a t i o n \ i u s b 3 m o n . e x e ( I n t e l C o r p o r a t i o n ) O 4 - H K U \ S - 1 - 5 - 1 9 . . \ R u n : [ S i d e b a r ] C : \ P r o g r a m F i l e s ( x 8 6 ) \ W i n d o w s S i d e b a r \ S i d e b a r . e x e ( M i c r o s o f t C o r p o r a t i o n ) O 4 - H K U \ S - 1 - 5 - 2 0 . . \ R u n : [ S i d e b a r ] C : \ P r o g r a m F i l e s ( x 8 6 ) \ W i n d o w s S i d e b a r \ S i d e b a r . e x e ( M i c r o s o f t C o r p o r a t i o n ) O 4 - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 0 . . \ R u n : [ D T A G S S D V D R e p o r t ] C : \ U s e r s \ D i p p i \ A p p D a t a \ L o c a l \ D t a g \ D t o r . e x e ( D e u t s c h e T e l e k o m A G ) O 4 - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 0 . . \ R u n : [ J S I J L A X J L ] C : \ U s e r s \ D i p p i \ A p p D a t a \ R o a m i n g \ i s c s i u m g . d l l ( ) O 4 - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 1 . . \ R u n : [ S i d e b a r ] C : \ P r o g r a m F i l e s ( x 8 6 ) \ W i n d o w s S i d e b a r \ S i d e b a r . e x e ( M i c r o s o f t C o r p o r a t i o n ) O 4 - H K U \ S - 1 - 5 - 1 9 . . \ R u n O n c e : [ m c t a d m i n ] C : \ W i n d o w s \ S y s t e m 3 2 \ m c t a d m i n . e x e F i l e n o t f o u n d O 4 - H K U \ S - 1 - 5 - 2 0 . . \ R u n O n c e : [ m c t a d m i n ] C : \ W i n d o w s \ S y s t e m 3 2 \ m c t a d m i n . e x e F i l e n o t f o u n d O 4 - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 1 . . \ R u n O n c e : [ m c t a d m i n ] C : \ W i n d o w s \ S y s t e m 3 2 \ m c t a d m i n . e x e F i l e n o t f o u n d O 4 - S t a r t u p : C : \ U s e r s \ D i p p i \ A p p D a t a \ R o a m i n g \ M i c r o s o f t \ W i n d o w s \ S t a r t M e n u \ P r o g r a m s \ S t a r t u p \ O p e n O f f i c e . o r g 3 . 4 . 1 . l n k = C : \ P r o g r a m F i l e s ( x 8 6 ) \ O p e n O f f i c e . o r g 3 \ p r o g r a m \ q u i c k s t a r t . e x e ( ) O 6 - H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ p o l i c i e s \ E x p l o r e r : N o A c t i v e D e s k t o p = 1 O 6 - H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ p o l i c i e s \ E x p l o r e r : N o A c t i v e D e s k t o p C h a n g e s = 1 O 6 - H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ p o l i c i e s \ S y s t e m : C o n s e n t P r o m p t B e h a v i o r A d m i n = 5 O 6 - H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ p o l i c i e s \ S y s t e m : C o n s e n t P r o m p t B e h a v i o r U s e r = 3 O 8 : [ b ] 6 4 b i t : [ / b ] - E x t r a c o n t e x t m e n u i t e m : A n O n e N o t e s & e n d e n - r e s : / / C : \ P R O G R A ~ 2 \ M I C R O S ~ 2 \ O f f i c e 1 4 \ O N B t t n I E . d l l / 1 0 5 F i l e n o t f o u n d O 8 : [ b ] 6 4 b i t : [ / b ] - E x t r a c o n t e x t m e n u i t e m : N a c h M i c r o s o f t E & x c e l e x p o r t i e r e n - r e s : / / C : \ P R O G R A ~ 2 \ M I C R O S ~ 2 \ O f f i c e 1 4 \ E X C E L . E X E / 3 0 0 0 F i l e n o t f o u n d O 8 - E x t r a c o n t e x t m e n u i t e m : A n O n e N o t e s & e n d e n - r e s : / / C : \ P R O G R A ~ 2 \ M I C R O S ~ 2 \ O f f i c e 1 4 \ O N B t t n I E . d l l / 1 0 5 F i l e n o t f o u n d O 8 - E x t r a c o n t e x t m e n u i t e m : N a c h M i c r o s o f t E & x c e l e x p o r t i e r e n - r e s : / / C : \ P R O G R A ~ 2 \ M I C R O S ~ 2 \ O f f i c e 1 4 \ E X C E L . E X E / 3 0 0 0 F i l e n o t f o u n d O 9 : [ b ] 6 4 b i t : [ / b ] - E x t r a B u t t o n : V i r t u e l l e T a s t a t u r - { 0 C 4 C C 0 8 9 - D 3 0 6 - 4 4 0 D - 9 7 7 2 - 4 6 4 E 2 2 6 F 6 5 3 9 } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ x 6 4 \ I E E x t \ V i r t u a l K e y b o a r d \ i e _ v i r t u a l _ k e y b o a r d _ p l u g i n . d l l ( K a s p e r s k y L a b Z A O ) O 9 : [ b ] 6 4 b i t : [ / b ] - E x t r a B u t t o n : A n O n e N o t e s e n d e n - { 2 6 7 0 0 0 0 A - 7 3 5 0 - 4 f 3 c - 8 0 8 1 - 5 6 6 3 E E 0 C 6 C 4 9 } - C : \ P r o g r a m m e \ M i c r o s o f t O f f i c e \ O f f i c e 1 4 \ O N B t t n I E . d l l ( M i c r o s o f t C o r p o r a t i o n ) O 9 : [ b ] 6 4 b i t : [ / b ] - E x t r a ' T o o l s ' m e n u i t e m : A n O n e N o t e s & e n d e n - { 2 6 7 0 0 0 0 A - 7 3 5 0 - 4 f 3 c - 8 0 8 1 - 5 6 6 3 E E 0 C 6 C 4 9 } - C : \ P r o g r a m m e \ M i c r o s o f t O f f i c e \ O f f i c e 1 4 \ O N B t t n I E . d l l ( M i c r o s o f t C o r p o r a t i o n ) O 9 : [ b ] 6 4 b i t : [ / b ] - E x t r a B u t t o n : V e r k n � p f t e & O n e N o t e - N o t i z e n - { 7 8 9 F E 8 6 F - 6 F C 4 - 4 6 A 1 - 9 8 4 9 - E D E 0 D B 0 C 9 5 C A } - C : \ P r o g r a m m e \ M i c r o s o f t O f f i c e \ O f f i c e 1 4 \ O N B t t n I E L i n k e d N o t e s . d l l ( M i c r o s o f t C o r p o r a t i o n ) O 9 : [ b ] 6 4 b i t : [ / b ] - E x t r a ' T o o l s ' m e n u i t e m : V e r k n � p f t e & O n e N o t e - N o t i z e n - { 7 8 9 F E 8 6 F - 6 F C 4 - 4 6 A 1 - 9 8 4 9 - E D E 0 D B 0 C 9 5 C A } - C : \ P r o g r a m m e \ M i c r o s o f t O f f i c e \ O f f i c e 1 4 \ O N B t t n I E L i n k e d N o t e s . d l l ( M i c r o s o f t C o r p o r a t i o n ) O 9 : [ b ] 6 4 b i t : [ / b ] - E x t r a B u t t o n : L i n k - U n t e r s u c h u n g - { C C F 1 5 1 D 8 - D 0 8 9 - 4 4 9 F - A 5 A 4 - D 9 9 0 9 0 5 3 F 2 0 F } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ x 6 4 \ I E E x t \ U r l A d v i s o r \ k l w t b b h o . d l l ( K a s p e r s k y L a b Z A O ) O 9 - E x t r a B u t t o n : V i r t u e l l e T a s t a t u r - { 0 C 4 C C 0 8 9 - D 3 0 6 - 4 4 0 D - 9 7 7 2 - 4 6 4 E 2 2 6 F 6 5 3 9 } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ I E E x t \ V i r t u a l K e y b o a r d \ i e _ v i r t u a l _ k e y b o a r d _ p l u g i n . d l l ( K a s p e r s k y L a b Z A O ) O 9 - E x t r a B u t t o n : L i n k - U n t e r s u c h u n g - { C C F 1 5 1 D 8 - D 0 8 9 - 4 4 9 F - A 5 A 4 - D 9 9 0 9 0 5 3 F 2 0 F } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ I E E x t \ U r l A d v i s o r \ k l w t b b h o . d l l ( K a s p e r s k y L a b Z A O ) O 1 0 : [ b ] 6 4 b i t : [ / b ] - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s 6 4 \ 0 0 0 0 0 0 0 0 0 0 0 1 - C : \ W i n d o w s \ S y s N a t i v e \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 0 : [ b ] 6 4 b i t : [ / b ] - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s 6 4 \ 0 0 0 0 0 0 0 0 0 0 0 2 - C : \ W i n d o w s \ S y s N a t i v e \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 0 : [ b ] 6 4 b i t : [ / b ] - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s 6 4 \ 0 0 0 0 0 0 0 0 0 0 0 3 - C : \ W i n d o w s \ S y s N a t i v e \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 0 : [ b ] 6 4 b i t : [ / b ] - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s 6 4 \ 0 0 0 0 0 0 0 0 0 0 0 4 - C : \ W i n d o w s \ S y s N a t i v e \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 0 : [ b ] 6 4 b i t : [ / b ] - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s 6 4 \ 0 0 0 0 0 0 0 0 0 0 1 5 - C : \ W i n d o w s \ S y s N a t i v e \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 0 - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s \ 0 0 0 0 0 0 0 0 0 0 0 1 - C : \ W i n d o w s \ S y s W O W 6 4 \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 0 - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s \ 0 0 0 0 0 0 0 0 0 0 0 2 - C : \ W i n d o w s \ S y s W O W 6 4 \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 0 - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s \ 0 0 0 0 0 0 0 0 0 0 0 3 - C : \ W i n d o w s \ S y s W O W 6 4 \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 0 - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s \ 0 0 0 0 0 0 0 0 0 0 0 4 - C : \ W i n d o w s \ S y s W O W 6 4 \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 0 - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s \ 0 0 0 0 0 0 0 0 0 0 1 5 - C : \ W i n d o w s \ S y s W O W 6 4 \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 3 [ b ] 6 4 b i t : [ / b ] - g o p h e r P r e f i x : m i s s i n g O 1 3 - g o p h e r P r e f i x : m i s s i n g O 1 7 - H K L M \ S y s t e m \ C C S \ S e r v i c e s \ T c p i p \ P a r a m e t e r s : D h c p N a m e S e r v e r = 1 9 2 . 1 6 8 . 2 . 1 O 1 7 - H K L M \ S y s t e m \ C C S \ S e r v i c e s \ T c p i p \ P a r a m e t e r s \ I n t e r f a c e s \ { A 2 F 7 7 D 1 F - 7 A 6 E - 4 3 3 9 - 9 9 0 4 - A B 4 8 6 C B 8 5 B 4 8 } : D h c p N a m e S e r v e r = 1 9 2 . 1 6 8 . 2 . 1 O 1 8 : [ b ] 6 4 b i t : [ / b ] - P r o t o c o l \ H a n d l e r \ m s - h e l p - N o C L S I D v a l u e f o u n d O 1 8 : [ b ] 6 4 b i t : [ / b ] - P r o t o c o l \ F i l t e r \ t e x t / x m l { 8 0 7 5 7 3 E 5 - 5 1 4 6 - 1 1 D 5 - A 6 7 2 - 0 0 B 0 D 0 2 2 E 9 4 5 } - C : \ P r o g r a m m e \ C o m m o n F i l e s \ M i c r o s o f t S h a r e d \ O F F I C E 1 4 \ M S O X M L M F . D L L ( M i c r o s o f t C o r p o r a t i o n ) O 2 0 : [ b ] 6 4 b i t : [ / b ] - A p p I n i t _ D L L s : ( C : \ W i n d o w s \ s y s t e m 3 2 \ n v i n i t x . d l l ) - C : \ W i n d o w s \ S y s N a t i v e \ n v i n i t x . d l l ( N V I D I A C o r p o r a t i o n ) O 2 0 - A p p I n i t _ D L L s : ( C : \ W i n d o w s \ S y s W O W 6 4 \ n v i n i t . d l l ) - C : \ W i n d o w s \ S y s W O W 6 4 \ n v i n i t . d l l ( N V I D I A C o r p o r a t i o n ) O 2 0 : [ b ] 6 4 b i t : [ / b ] - H K L M W i n l o g o n : S h e l l - ( e x p l o r e r . e x e ) - C : \ W i n d o w s \ e x p l o r e r . e x e ( M i c r o s o f t C o r p o r a t i o n ) O 2 0 : [ b ] 6 4 b i t : [ / b ] - H K L M W i n l o g o n : U s e r I n i t - ( C : \ W i n d o w s \ s y s t e m 3 2 \ u s e r i n i t . e x e ) - C : \ W i n d o w s \ S y s N a t i v e \ u s e r i n i t . e x e ( M i c r o s o f t C o r p o r a t i o n ) O 2 0 - H K L M W i n l o g o n : S h e l l - ( e x p l o r e r . e x e ) - C : \ W i n d o w s \ S y s W o w 6 4 \ e x p l o r e r . e x e ( M i c r o s o f t C o r p o r a t i o n ) O 2 0 - H K L M W i n l o g o n : U s e r I n i t - ( u s e r i n i t . e x e ) - C : \ W i n d o w s \ S y s W o w 6 4 \ u s e r i n i t . e x e ( M i c r o s o f t C o r p o r a t i o n ) O 2 0 : [ b ] 6 4 b i t : [ / b ] - W i n l o g o n \ N o t i f y \ i g f x c u i : D l l N a m e - ( i g f x d e v . d l l ) - C : \ W i n d o w s \ S y s N a t i v e \ i g f x d e v . d l l ( I n t e l C o r p o r a t i o n ) O 2 1 : [ b ] 6 4 b i t : [ / b ] - S S O D L : W e b C h e c k - { E 6 F B 5 E 2 0 - D E 3 5 - 1 1 C F - 9 C 8 7 - 0 0 A A 0 0 5 1 2 7 E D } - N o C L S I D v a l u e f o u n d . O 2 1 - S S O D L : W e b C h e c k - { E 6 F B 5 E 2 0 - D E 3 5 - 1 1 C F - 9 C 8 7 - 0 0 A A 0 0 5 1 2 7 E D } - N o C L S I D v a l u e f o u n d . O 3 2 - H K L M C D R o m : A u t o R u n - 1 O 3 3 - M o u n t P o i n t s 2 \ { 7 5 e 8 8 4 d 3 - a 4 5 b - 1 1 e 2 - 8 4 c 7 - 8 0 6 e 6 f 6 e 6 9 6 3 } \ S h e l l - " " = A u t o R u n O 3 3 - M o u n t P o i n t s 2 \ { 7 5 e 8 8 4 d 3 - a 4 5 b - 1 1 e 2 - 8 4 c 7 - 8 0 6 e 6 f 6 e 6 9 6 3 } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = D : \ C D S e t u p . e x e O 3 4 - H K L M B o o t E x e c u t e : ( a u t o c h e c k a u t o c h k * ) O 3 5 : [ b ] 6 4 b i t : [ / b ] - H K L M \ . . c o m f i l e [ o p e n ] - - " % 1 " % * O 3 5 : [ b ] 6 4 b i t : [ / b ] - H K L M \ . . e x e f i l e [ o p e n ] - - " % 1 " % * O 3 5 - H K L M \ . . c o m f i l e [ o p e n ] - - " % 1 " % * O 3 5 - H K L M \ . . e x e f i l e [ o p e n ] - - " % 1 " % * O 3 7 : [ b ] 6 4 b i t : [ / b ] - H K L M \ . . . c o m [ @ = c o m f i l e ] - - " % 1 " % * O 3 7 : [ b ] 6 4 b i t : [ / b ] - H K L M \ . . . e x e [ @ = e x e f i l e ] - - " % 1 " % * O 3 7 - H K L M \ . . . c o m [ @ = c o m f i l e ] - - " % 1 " % * O 3 7 - H K L M \ . . . e x e [ @ = e x e f i l e ] - - " % 1 " % * O 3 8 - S u b S y s t e m s \ \ W i n d o w s : ( S e r v e r D l l = w i n s r v : U s e r S e r v e r D l l I n i t i a l i z a t i o n , 3 ) O 3 8 - S u b S y s t e m s \ \ W i n d o w s : ( S e r v e r D l l = w i n s r v : C o n S e r v e r D l l I n i t i a l i z a t i o n , 2 ) O 3 8 - S u b S y s t e m s \ \ W i n d o w s : ( S e r v e r D l l = s x s s r v , 4 ) [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = F i l e s / F o l d e r s - C r e a t e d W i t h i n 3 0 D a y s = = = = = = = = = = [ / c o l o r ] [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 6 : 2 6 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t M e n u \ P r o g r a m s \ K a s p e r s k y A n t i - V i r u s [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 6 : 1 9 | 0 0 0 , 1 1 0 , 1 7 6 | - - - - | C ] ( K a s p e r s k y L a b Z A O ) - - C : \ W i n d o w s \ S y s N a t i v e \ k l f p h c . d l l [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 5 : 4 4 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ W i n d o w s \ E L A M B K U P [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 5 : 4 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ P r o g r a m D a t a \ K a s p e r s k y L a b [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 5 : 4 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 5 : 3 5 | 0 0 0 , 6 1 9 , 6 1 6 | - - - - | C ] ( K a s p e r s k y L a b Z A O ) - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l i f . s y s [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 5 : 3 5 | 0 0 0 , 1 1 2 , 2 2 4 | - - - - | C ] ( K a s p e r s k y L a b Z A O ) - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l f l t . s y s [ 2 0 1 3 . 0 8 . 2 5 1 7 : 1 0 : 2 2 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a F i r e f o x [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 2 | 0 0 0 , 5 2 6 , 3 3 6 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ i e u i . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 2 | 0 0 0 , 3 9 1 , 1 6 8 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i e u i . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 1 | 0 0 0 , 0 6 7 , 0 7 2 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ i e s e t u p . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 1 | 0 0 0 , 0 6 1 , 4 4 0 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i e s e t u p . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 1 | 0 0 0 , 0 3 9 , 9 3 6 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ i e r n o n c e . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 1 | 0 0 0 , 0 3 3 , 2 8 0 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i e r n o n c e . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 0 | 0 0 0 , 1 3 6 , 7 0 4 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ i e s y s p r e p . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 0 | 0 0 0 , 1 0 9 , 0 5 6 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i e s y s p r e p . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 0 | 0 0 0 , 0 8 9 , 6 0 0 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ R e g i s t e r I E P K E Y s . e x e [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 0 | 0 0 0 , 0 7 1 , 6 8 0 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ R e g i s t e r I E P K E Y s . e x e [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 0 | 0 0 0 , 0 5 1 , 7 1 2 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ i e 4 u i n i t . e x e [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 1 8 | 0 0 0 , 8 5 5 , 5 5 2 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ j s c r i p t . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 1 8 | 0 0 0 , 6 9 0 , 6 8 8 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ j s c r i p t . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 1 8 | 0 0 0 , 6 0 3 , 1 3 6 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ m s f e e d s . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 1 7 | 0 0 3 , 9 5 8 , 7 8 4 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ j s c r i p t 9 . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 2 7 : 3 2 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ W i n d o w s \ S y s N a t i v e \ M R T [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 3 6 | 0 0 1 , 4 7 2 , 5 1 2 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ c r y p t 3 2 . d l l [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 3 5 | 0 0 0 , 2 2 4 , 2 5 6 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ w i n t r u s t . d l l [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 3 5 | 0 0 0 , 1 3 9 , 7 7 6 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ c r y p t n e t . d l l [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 2 3 | 0 0 1 , 8 8 8 , 7 6 8 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ W M V D E C O D . D L L [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 2 2 | 0 0 1 , 6 2 0 , 9 9 2 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ W M V D E C O D . D L L [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 2 1 | 0 0 1 , 2 1 7 , 0 2 4 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ r p c r t 4 . d l l [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 2 0 | 0 0 5 , 5 5 0 , 5 2 8 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ n t o s k r n l . e x e [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 2 0 | 0 0 3 , 9 6 8 , 9 6 0 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ n t k r n l p a . e x e [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 2 0 | 0 0 3 , 9 1 3 , 6 6 4 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ n t o s k r n l . e x e [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 1 9 | 0 0 1 , 7 3 2 , 0 3 2 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ n t d l l . d l l [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 1 9 | 0 0 0 , 2 4 3 , 7 1 2 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ w o w 6 4 . d l l [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 1 9 | 0 0 0 , 0 1 4 , 3 3 6 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ n t v d m 6 4 . d l l [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 1 8 | 0 0 0 , 0 2 5 , 6 0 0 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ s e t u p 1 6 . e x e [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 1 8 | 0 0 0 , 0 0 7 , 6 8 0 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i n s t n m . e x e [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 1 8 | 0 0 0 , 0 0 5 , 1 2 0 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ w o w 3 2 . d l l [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 1 7 | 0 0 0 , 0 0 2 , 0 4 8 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ u s e r . e x e [ 2 0 1 3 . 0 8 . 1 3 1 8 : 1 1 : 2 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a T h u n d e r b i r d [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = F i l e s - M o d i f i e d W i t h i n 3 0 D a y s = = = = = = = = = = [ / c o l o r ] [ 2 0 1 3 . 0 8 . 2 5 1 7 : 5 5 : 4 5 | 0 0 0 , 0 0 0 , 0 0 0 | - - - - | M ] ( ) - - C : \ U s e r s \ D i p p i \ d e f o g g e r _ r e e n a b l e [ 2 0 1 3 . 0 8 . 2 5 1 7 : 3 4 : 0 1 | 0 0 0 , 0 0 0 , 8 8 4 | - - - - | M ] ( ) - - C : \ W i n d o w s \ t a s k s \ A d o b e F l a s h P l a y e r U p d a t e r . j o b [ 2 0 1 3 . 0 8 . 2 5 1 7 : 3 0 : 5 2 | 0 0 0 , 0 2 0 , 4 8 0 | - H - - | M ] ( ) - - C : \ W i n d o w s \ S y s N a t i v e \ 7 B 2 9 6 F B 0 - 3 7 6 B - 4 9 7 e - B 0 1 2 - 9 C 4 5 0 E 1 B 7 3 2 7 - 5 P - 1 . C 7 4 8 3 4 5 6 - A 2 8 9 - 4 3 9 d - 8 1 1 5 - 6 0 1 6 3 2 D 0 0 5 A 0 [ 2 0 1 3 . 0 8 . 2 5 1 7 : 3 0 : 5 2 | 0 0 0 , 0 2 0 , 4 8 0 | - H - - | M ] ( ) - - C : \ W i n d o w s \ S y s N a t i v e \ 7 B 2 9 6 F B 0 - 3 7 6 B - 4 9 7 e - B 0 1 2 - 9 C 4 5 0 E 1 B 7 3 2 7 - 5 P - 0 . C 7 4 8 3 4 5 6 - A 2 8 9 - 4 3 9 d - 8 1 1 5 - 6 0 1 6 3 2 D 0 0 5 A 0 [ 2 0 1 3 . 0 8 . 2 5 1 7 : 3 0 : 3 2 | 0 0 0 , 6 1 9 , 6 1 6 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l i f . s y s [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 6 : 1 9 | 0 0 0 , 0 0 1 , 0 8 9 | - - - - | M ] ( ) - - C : \ U s e r s \ P u b l i c \ D e s k t o p \ K a s p e r s k y A n t i - V i r u s . l n k [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 3 : 0 2 | 0 0 0 , 0 0 0 , 8 2 8 | - - - - | M ] ( ) - - C : \ W i n d o w s \ t a s k s \ I S M - U p d a t e S e r v i c e - 4 e 0 0 2 0 5 a - 2 a b 1 - 4 4 2 3 - 8 f 7 7 - c c 2 5 b 8 2 c d e 1 d - L o g o n . j o b [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 2 : 4 6 | 0 0 0 , 0 6 7 , 5 8 4 | - - S - | M ] ( ) - - C : \ W i n d o w s \ b o o t s t a t . d a t [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 2 : 3 8 | 2 0 6 6 , 4 3 6 , 0 9 5 | - H S - | M ] ( ) - - C : \ h i b e r f i l . s y s [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 1 : 4 7 | 0 0 0 , 0 0 1 , 9 1 2 | - - - - | M ] ( ) - - C : \ W i n d o w s \ e p p l a u n c h e r . m i f [ 2 0 1 3 . 0 8 . 2 5 1 3 : 3 4 : 1 9 | 0 0 0 , 6 9 2 , 1 0 4 | - - - - | M ] ( A d o b e S y s t e m s I n c o r p o r a t e d ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ F l a s h P l a y e r A p p . e x e [ 2 0 1 3 . 0 8 . 2 5 1 3 : 3 4 : 1 9 | 0 0 0 , 0 7 1 , 0 4 8 | - - - - | M ] ( A d o b e S y s t e m s I n c o r p o r a t e d ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ F l a s h P l a y e r C P L A p p . c p l [ 2 0 1 3 . 0 8 . 2 5 1 3 : 3 4 : 0 7 | 0 1 7 , 1 3 9 , 0 8 0 | - - - - | M ] ( A d o b e S y s t e m s I n c o r p o r a t e d ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ F l a s h P l a y e r I n s t a l l e r . e x e [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 0 : 0 1 | 0 0 1 , 5 2 0 , 5 5 4 | - - - - | M ] ( ) - - C : \ W i n d o w s \ S y s N a t i v e \ P e r f S t r i n g B a c k u p . I N I [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 0 : 0 1 | 0 0 0 , 6 5 4 , 3 5 6 | - - - - | M ] ( ) - - C : \ W i n d o w s \ S y s N a t i v e \ p e r f h 0 0 7 . d a t [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 0 : 0 1 | 0 0 0 , 6 1 6 , 1 9 8 | - - - - | M ] ( ) - - C : \ W i n d o w s \ S y s N a t i v e \ p e r f h 0 0 9 . d a t [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 0 : 0 1 | 0 0 0 , 1 3 0 , 1 9 6 | - - - - | M ] ( ) - - C : \ W i n d o w s \ S y s N a t i v e \ p e r f c 0 0 7 . d a t [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 0 : 0 1 | 0 0 0 , 1 0 6 , 5 7 8 | - - - - | M ] ( ) - - C : \ W i n d o w s \ S y s N a t i v e \ p e r f c 0 0 9 . d a t [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = F i l e s C r e a t e d - N o C o m p a n y N a m e = = = = = = = = = = [ / c o l o r ] [ 2 0 1 3 . 0 8 . 2 5 1 7 : 5 5 : 4 5 | 0 0 0 , 0 0 0 , 0 0 0 | - - - - | C ] ( ) - - C : \ U s e r s \ D i p p i \ d e f o g g e r _ r e e n a b l e [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 6 : 2 6 | 0 0 0 , 0 0 1 , 0 8 9 | - - - - | C ] ( ) - - C : \ U s e r s \ P u b l i c \ D e s k t o p \ K a s p e r s k y A n t i - V i r u s . l n k [ 2 0 1 3 . 0 6 . 2 9 0 8 : 0 3 : 4 7 | 0 0 0 , 2 3 3 , 4 7 2 | R H S - | C ] ( ) - - C : \ U s e r s \ D i p p i \ A p p D a t a \ R o a m i n g \ i s c s i u m g . d l l [ 2 0 1 3 . 0 4 . 1 3 1 3 : 1 6 : 4 1 | 0 0 0 , 7 5 5 , 1 8 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i g k r n g 7 0 0 . b i n [ 2 0 1 3 . 0 4 . 1 3 1 3 : 1 6 : 4 1 | 0 0 0 , 5 6 1 , 5 0 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i g f c g 7 0 0 m . b i n [ 2 0 1 2 . 1 2 . 1 4 0 2 : 4 2 : 3 0 | 0 0 0 , 0 6 4 , 5 1 2 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i g d d e 3 2 . d l l [ 2 0 1 2 . 1 2 . 1 4 0 2 : 4 2 : 2 4 | 0 0 0 , 7 5 4 , 6 5 2 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i g c o d e c k r n g 7 0 0 . b i n [ 2 0 1 2 . 1 2 . 1 4 0 2 : 4 2 : 2 4 | 0 0 0 , 5 9 8 , 3 8 4 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i g v p k r n g 7 0 0 . b i n [ 2 0 1 2 . 0 2 . 0 2 2 2 : 0 8 : 2 6 | 0 0 0 , 0 0 1 , 5 3 6 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ I u s E v e n t L o g . d l l [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = Z e r o A c c e s s C h e c k = = = = = = = = = = [ / c o l o r ] [ 2 0 0 9 . 0 7 . 1 4 0 6 : 5 5 : 0 0 | 0 0 0 , 0 0 0 , 2 2 7 | R H S - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ D e s k t o p . i n i [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ C l a s s e s \ c l s i d \ { 4 2 a e d c 8 7 - 2 1 8 8 - 4 1 f d - b 9 a 3 - 0 c 9 6 6 f e a b e c 1 } \ I n P r o c S e r v e r 3 2 ] / 6 4 [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ C l a s s e s \ W o w 6 4 3 2 n o d e \ c l s i d \ { 4 2 a e d c 8 7 - 2 1 8 8 - 4 1 f d - b 9 a 3 - 0 c 9 6 6 f e a b e c 1 } \ I n P r o c S e r v e r 3 2 ] [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ C l a s s e s \ c l s i d \ { f b e b 8 a 0 5 - b e e e - 4 4 4 2 - 8 0 4 e - 4 0 9 d 6 c 4 5 1 5 e 9 } \ I n P r o c S e r v e r 3 2 ] / 6 4 [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ C l a s s e s \ W o w 6 4 3 2 n o d e \ c l s i d \ { f b e b 8 a 0 5 - b e e e - 4 4 4 2 - 8 0 4 e - 4 0 9 d 6 c 4 5 1 5 e 9 } \ I n P r o c S e r v e r 3 2 ] [ H K E Y _ L O C A L _ M A C H I N E \ S o f t w a r e \ C l a s s e s \ c l s i d \ { 4 2 a e d c 8 7 - 2 1 8 8 - 4 1 f d - b 9 a 3 - 0 c 9 6 6 f e a b e c 1 } \ I n P r o c S e r v e r 3 2 ] / 6 4 " " = C : \ W i n d o w s \ S y s N a t i v e \ s h e l l 3 2 . d l l - - [ 2 0 1 3 . 0 2 . 2 7 0 7 : 5 2 : 5 6 | 0 1 4 , 1 7 2 , 6 7 2 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) " T h r e a d i n g M o d e l " = A p a r t m e n t [ H K E Y _ L O C A L _ M A C H I N E \ S o f t w a r e \ W o w 6 4 3 2 N o d e \ C l a s s e s \ c l s i d \ { 4 2 a e d c 8 7 - 2 1 8 8 - 4 1 f d - b 9 a 3 - 0 c 9 6 6 f e a b e c 1 } \ I n P r o c S e r v e r 3 2 ] " " = % S y s t e m R o o t % \ s y s t e m 3 2 \ s h e l l 3 2 . d l l - - [ 2 0 1 3 . 0 2 . 2 7 0 6 : 5 5 : 0 5 | 0 1 2 , 8 7 2 , 7 0 4 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) " T h r e a d i n g M o d e l " = A p a r t m e n t [ H K E Y _ L O C A L _ M A C H I N E \ S o f t w a r e \ C l a s s e s \ c l s i d \ { 5 8 3 9 F C A 9 - 7 7 4 D - 4 2 A 1 - A C D A - D 6 A 7 9 0 3 7 F 5 7 F } \ I n P r o c S e r v e r 3 2 ] / 6 4 " " = C : \ W i n d o w s \ S y s N a t i v e \ w b e m \ f a s t p r o x . d l l - - [ 2 0 0 9 . 0 7 . 1 4 0 3 : 4 0 : 5 1 | 0 0 0 , 9 0 9 , 3 1 2 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) " T h r e a d i n g M o d e l " = F r e e [ H K E Y _ L O C A L _ M A C H I N E \ S o f t w a r e \ W o w 6 4 3 2 N o d e \ C l a s s e s \ c l s i d \ { 5 8 3 9 F C A 9 - 7 7 4 D - 4 2 A 1 - A C D A - D 6 A 7 9 0 3 7 F 5 7 F } \ I n P r o c S e r v e r 3 2 ] " " = % s y s t e m r o o t % \ s y s t e m 3 2 \ w b e m \ f a s t p r o x . d l l - - [ 2 0 1 0 . 1 1 . 2 1 0 5 : 2 4 : 2 5 | 0 0 0 , 6 0 6 , 2 0 8 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) " T h r e a d i n g M o d e l " = F r e e [ H K E Y _ L O C A L _ M A C H I N E \ S o f t w a r e \ C l a s s e s \ c l s i d \ { F 3 1 3 0 C D B - A A 5 2 - 4 C 3 A - A B 3 2 - 8 5 F F C 2 3 A F 9 C 1 } \ I n P r o c S e r v e r 3 2 ] / 6 4 " " = C : \ W i n d o w s \ S y s N a t i v e \ w b e m \ w b e m e s s . d l l - - [ 2 0 0 9 . 0 7 . 1 4 0 3 : 4 1 : 5 6 | 0 0 0 , 5 0 5 , 8 5 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) " T h r e a d i n g M o d e l " = B o t h [ H K E Y _ L O C A L _ M A C H I N E \ S o f t w a r e \ W o w 6 4 3 2 N o d e \ C l a s s e s \ c l s i d \ { F 3 1 3 0 C D B - A A 5 2 - 4 C 3 A - A B 3 2 - 8 5 F F C 2 3 A F 9 C 1 } \ I n P r o c S e r v e r 3 2 ] < E n d o f r e p o r t > |
| Themen zu ihavenet Rootkit eingefangen |
| appdata, bytes, c:\windows, cache, code, driver, firefox, gen, harddisk, ide, kaspersky, mozilla, neuer, nichts, ntdll.dll, nvidia, rechner, rootkit, scan, service, system, system32, temp, update, warum, win, win7 |
Baum-Darstellung