| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ihavenet Rootkit eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.08.2013, 18:37
| #1 |
| |  ihavenet Rootkit eingefangen Hallo, ich versuche gerade ein "ihavenet" rootkit auf einem Win7 Rechner zu entfernen Die Kaspersky Rescue disk scheint auch nichts zu finden. Hier ein Scan mit GMER Bitte helft! Was ist da los und warum findet die Rescue Disk nichts? Ist ein ziemlich neuer Rechner. <pre style='color:#141312;background-color:#ffffff;'> GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-08-25 18:07:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB Running: 9bmzl1ix.exe; Driver: C:\Users\Dippi\AppData\Local\Temp\pgloapoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764d1465 2 bytes [4D, 76] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764d14bb 2 bytes [4D, 76] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764d1465 2 bytes [4D, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764d14bb 2 bytes [4D, 76] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077b611f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077b61390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077b6143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077b6158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077b6191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077b61b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077b61bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077b61d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077b61eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077b61edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077b61f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077b61fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077b61fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077b62272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077b62301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077b62792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077b627b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077b627d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077b6282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077b62890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077b62d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077b62d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077b63023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077b6323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077b633c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077b63a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077b63ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077b63b85 8 bytes [F8, 69, F9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077b63d23 8 bytes {CALL 0xfff96e} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077b64190 8 bytes [88, 69, F9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bb1380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bb1500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bb1530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bb1700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bb1f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000730a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000730a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000730a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000730a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000730a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000730a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000730a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000730a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000730a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5316] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000730a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077b611f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077b61390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077b6143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077b6158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077b6191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077b61b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077b61bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077b61d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077b61eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077b61edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077b61f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077b61fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077b61fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077b62272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077b62301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077b62792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077b627b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077b627d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077b6282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077b62890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077b62d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077b62d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077b63023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077b6323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077b633c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077b63a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077b63ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077b63b85 8 bytes [F8, 69, F9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077b63d23 8 bytes {CALL 0xfff96e} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077b64190 8 bytes [88, 69, F9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bb1380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077bb1500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bb1530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bb1650 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077bb1700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bb1d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077bb1f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bb27e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000730a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000730a146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000730a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000730a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000730a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000730a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000730a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000730a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000730a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[1136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000730a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077b611f5 8 bytes {JMP 0xd} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077b61390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077b6143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077b6158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077b6191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077b61b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077b61bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077b61d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077b61eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077b61edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077b61f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077b61fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077b61fd7 8 bytes {JMP 0xb} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077b62272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077b62301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077b62792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077b627b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5996] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077b627d2 8 bytes {JMP 0x10}</pre> O T L l o g f i l e c r e a t e d o n : 2 5 . 0 8 . 2 0 1 3 1 8 : 0 8 : 5 8 - R u n 1 O T L b y O l d T i m e r - V e r s i o n 3 . 2 . 6 9 . 0 F o l d e r = C : \ U s e r s \ D i p p i \ D o w n l o a d s 6 4 b i t - P r o f e s s i o n a l S e r v i c e P a c k 1 ( V e r s i o n = 6 . 1 . 7 6 0 1 ) - T y p e = N T W o r k s t a t i o n I n t e r n e t E x p l o r e r ( V e r s i o n = 9 . 1 0 . 9 2 0 0 . 1 6 6 6 0 ) L o c a l e : 0 0 0 0 0 4 0 7 | C o u n t r y : D e u t s c h l a n d | L a n g u a g e : D E U | D a t e F o r m a t : d d . M M . y y y y 7 , 9 0 G b T o t a l P h y s i c a l M e m o r y | 5 , 4 6 G b A v a i l a b l e P h y s i c a l M e m o r y | 6 9 , 1 6 % M e m o r y f r e e 1 5 , 8 0 G b P a g i n g F i l e | 1 3 , 3 9 G b A v a i l a b l e i n P a g i n g F i l e | 8 4 , 7 5 % P a g i n g F i l e f r e e P a g i n g f i l e l o c a t i o n ( s ) : ? : \ p a g e f i l e . s y s [ b i n a r y d a t a ] % S y s t e m D r i v e % = C : | % S y s t e m R o o t % = C : \ W i n d o w s | % P r o g r a m F i l e s % = C : \ P r o g r a m F i l e s ( x 8 6 ) D r i v e C : | 6 9 8 , 5 4 G b T o t a l S p a c e | 6 4 7 , 9 1 G b F r e e S p a c e | 9 2 , 7 5 % S p a c e F r e e | P a r t i t i o n T y p e : N T F S C o m p u t e r N a m e : D I P P I - P C | U s e r N a m e : D i p p i | L o g g e d i n a s A d m i n i s t r a t o r . B o o t M o d e : N o r m a l | S c a n M o d e : A l l u s e r s | I n c l u d e 6 4 b i t S c a n s C o m p a n y N a m e W h i t e l i s t : O f f | S k i p M i c r o s o f t F i l e s : O f f | N o C o m p a n y N a m e W h i t e l i s t : O n | F i l e A g e = 3 0 D a y s [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = P r o c e s s e s ( S a f e L i s t ) = = = = = = = = = = [ / c o l o r ] P R C - [ 2 0 1 3 . 0 8 . 2 5 1 8 : 0 1 : 2 7 | 0 0 0 , 6 0 2 , 1 1 2 | - - - - | M ] ( O l d T i m e r T o o l s ) - - C : \ U s e r s \ D i p p i \ D o w n l o a d s \ O T L . e x e P R C - [ 2 0 1 3 . 0 8 . 2 5 1 7 : 5 7 : 0 1 | 0 0 0 , 3 7 7 , 8 5 6 | - - - - | M ] ( ) - - C : \ U s e r s \ D i p p i \ D o w n l o a d s \ 9 b m z l 1 i x . e x e P R C - [ 2 0 1 3 . 0 8 . 2 5 1 7 : 1 0 : 3 8 | 0 0 0 , 2 7 6 , 3 7 6 | - - - - | M ] ( M o z i l l a C o r p o r a t i o n ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a F i r e f o x \ f i r e f o x . e x e P R C - [ 2 0 1 3 . 0 7 . 1 5 1 9 : 0 5 : 1 1 | 0 0 1 , 8 6 1 , 5 1 2 | - - - - | M ] ( A d o b e S y s t e m s , I n c . ) - - C : \ W i n d o w s \ S y s W O W 6 4 \ M a c r o m e d \ F l a s h \ F l a s h P l a y e r P l u g i n _ 1 1 _ 8 _ 8 0 0 _ 9 4 . e x e P R C - [ 2 0 1 3 . 0 6 . 1 3 1 1 : 1 7 : 5 1 | 0 0 4 , 1 5 0 , 1 1 2 | - - - - | M ] ( T e a m V i e w e r G m b H ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ T e a m V i e w e r \ V e r s i o n 8 \ T e a m V i e w e r _ S e r v i c e . e x e P R C - [ 2 0 1 3 . 0 5 . 1 1 1 2 : 3 7 : 2 6 | 0 0 0 , 0 6 5 , 6 4 0 | - - - - | M ] ( A d o b e S y s t e m s I n c o r p o r a t e d ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ C o m m o n F i l e s \ A d o b e \ A R M \ 1 . 0 \ a r m s v c . e x e P R C - [ 2 0 1 2 . 1 0 . 1 7 2 1 : 3 6 : 1 8 | 0 0 4 , 9 6 0 , 1 9 2 | - - - - | M ] ( D e u t s c h e T e l e k o m A G ) - - C : \ U s e r s \ D i p p i \ A p p D a t a \ L o c a l \ D T A G \ D t o r . e x e P R C - [ 2 0 1 2 . 0 8 . 1 3 1 1 : 0 8 : 0 8 | 0 1 0 , 3 7 6 , 7 0 4 | - - - - | M ] ( O p e n O f f i c e . o r g ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ O p e n O f f i c e . o r g 3 \ p r o g r a m \ s o f f i c e . e x e P R C - [ 2 0 1 2 . 0 8 . 1 3 1 1 : 0 8 : 0 8 | 0 1 0 , 3 6 8 , 5 1 2 | - - - - | M ] ( O p e n O f f i c e . o r g ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ O p e n O f f i c e . o r g 3 \ p r o g r a m \ s o f f i c e . b i n P R C - [ 2 0 1 2 . 0 3 . 1 8 2 1 : 5 3 : 0 0 | 0 0 2 , 4 5 8 , 9 4 4 | R - - - | M ] ( N V I D I A C o r p o r a t i o n ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ N V I D I A C o r p o r a t i o n \ N V I D I A U p d a t e C o r e \ d a e m o n u . e x e P R C - [ 2 0 1 2 . 0 3 . 1 5 0 6 : 4 8 : 2 2 | 0 0 0 , 3 6 2 , 8 4 0 | R - - - | M ] ( I n t e l C o r p o r a t i o n ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ U N S \ U N S . e x e P R C - [ 2 0 1 2 . 0 3 . 1 5 0 6 : 4 8 : 2 0 | 0 0 0 , 2 7 6 , 8 2 4 | R - - - | M ] ( I n t e l C o r p o r a t i o n ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ L M S \ L M S . e x e P R C - [ 2 0 1 2 . 0 3 . 1 5 0 6 : 4 8 : 1 4 | 0 0 0 , 1 2 7 , 3 2 0 | R - - - | M ] ( ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ F W S e r v i c e \ I n t e l M e F W S e r v i c e . e x e P R C - [ 2 0 1 2 . 0 3 . 1 5 0 6 : 4 8 : 0 6 | 0 0 0 , 1 6 2 , 6 4 8 | R - - - | M ] ( I n t e l C o r p o r a t i o n ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ D A L \ j h i _ s e r v i c e . e x e P R C - [ 2 0 1 2 . 0 2 . 2 6 2 1 : 0 1 : 5 6 | 0 0 0 , 2 9 1 , 6 0 8 | R - - - | M ] ( I n t e l C o r p o r a t i o n ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) U S B 3 . 0 e X t e n s i b l e H o s t C o n t r o l l e r D r i v e r \ A p p l i c a t i o n \ i u s b 3 m o n . e x e P R C - [ 2 0 1 2 . 0 2 . 0 1 1 6 : 2 9 : 5 8 | 0 0 0 , 0 1 3 , 5 9 2 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) R a p i d S t o r a g e T e c h n o l o g y \ I A S t o r D a t a M g r S v c . e x e P R C - [ 2 0 1 2 . 0 2 . 0 1 1 6 : 2 9 : 5 6 | 0 0 0 , 2 8 4 , 4 4 0 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) R a p i d S t o r a g e T e c h n o l o g y \ I A S t o r I c o n . e x e P R C - [ 2 0 1 0 . 0 3 . 1 8 1 3 : 1 6 : 2 8 | 0 0 0 , 1 3 0 , 3 8 4 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ M i c r o s o f t . N E T \ F r a m e w o r k \ v 4 . 0 . 3 0 3 1 9 \ m s c o r s v w . e x e [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = M o d u l e s ( N o C o m p a n y N a m e ) = = = = = = = = = = [ / c o l o r ] M O D - [ 2 0 1 3 . 0 8 . 2 5 1 7 : 5 7 : 0 1 | 0 0 0 , 3 7 7 , 8 5 6 | - - - - | M ] ( ) - - C : \ U s e r s \ D i p p i \ D o w n l o a d s \ 9 b m z l 1 i x . e x e M O D - [ 2 0 1 3 . 0 8 . 2 5 1 7 : 1 0 : 2 7 | 0 0 3 , 5 5 1 , 6 4 0 | - - - - | M ] ( ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a F i r e f o x \ m o z j s . d l l M O D - [ 2 0 1 3 . 0 8 . 1 9 1 9 : 2 9 : 3 3 | 0 1 1 , 9 1 4 , 7 5 2 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ S y s t e m . W e b \ 8 d c 1 c 1 8 2 c d 1 f 1 0 c d 2 a b c f e c d 0 1 f e 9 e e b \ S y s t e m . W e b . n i . d l l M O D - [ 2 0 1 3 . 0 8 . 1 9 1 9 : 2 9 : 2 8 | 0 0 0 , 7 7 1 , 5 8 4 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ S y s t e m . R u n t i m e . R e m o # \ e 0 6 d b d a f b 3 8 c 3 8 5 1 7 a e f 6 1 a c 4 1 e 2 f d 9 d \ S y s t e m . R u n t i m e . R e m o t i n g . n i . d l l M O D - [ 2 0 1 3 . 0 8 . 1 9 1 9 : 2 9 : 0 8 | 0 1 2 , 4 3 6 , 4 8 0 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ S y s t e m . W i n d o w s . F o r m s \ 2 8 e a 3 4 7 a 9 5 2 d 2 0 9 5 9 a c 6 a e 0 2 d 7 4 5 7 d 3 9 \ S y s t e m . W i n d o w s . F o r m s . n i . d l l M O D - [ 2 0 1 3 . 0 8 . 1 9 1 9 : 2 9 : 0 3 | 0 0 1 , 5 9 3 , 3 4 4 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ S y s t e m . D r a w i n g \ 5 a a 4 4 b c e 7 9 3 3 e 4 d e 0 9 d 9 3 5 8 4 8 f 8 6 8 a 4 b \ S y s t e m . D r a w i n g . n i . d l l M O D - [ 2 0 1 3 . 0 8 . 1 9 1 9 : 2 8 : 5 3 | 0 0 3 , 3 4 8 , 4 8 0 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ W i n d o w s B a s e \ 1 f 6 f 2 2 0 f 9 e f e 9 3 6 d 1 1 5 8 c 7 9 b 9 d 4 b 4 5 1 f \ W i n d o w s B a s e . n i . d l l M O D - [ 2 0 1 3 . 0 8 . 1 9 1 9 : 2 8 : 4 9 | 0 0 5 , 4 6 4 , 0 6 4 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ S y s t e m . X m l \ 0 9 d b 7 8 d 6 0 6 8 5 4 3 d f 0 1 8 6 2 a 0 2 3 a c a 7 8 5 a \ S y s t e m . X m l . n i . d l l M O D - [ 2 0 1 3 . 0 8 . 1 9 1 9 : 2 8 : 4 6 | 0 0 0 , 9 7 8 , 4 3 2 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ S y s t e m . C o n f i g u r a t i o n \ 8 f 7 d 8 3 1 2 6 a 3 c f 2 8 3 e 5 a c 9 7 f 2 d 6 d 9 9 f 1 2 \ S y s t e m . C o n f i g u r a t i o n . n i . d l l M O D - [ 2 0 1 3 . 0 8 . 1 9 1 9 : 2 8 : 4 5 | 0 0 7 , 9 8 9 , 7 6 0 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ S y s t e m \ 5 d 2 2 a 3 0 e 5 8 7 e 2 c a c 1 0 6 b 8 1 f b 3 5 1 e 7 c 0 8 \ S y s t e m . n i . d l l M O D - [ 2 0 1 3 . 0 7 . 2 0 1 1 : 2 7 : 3 2 | 0 0 0 , 0 1 4 , 3 3 6 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ I A S t o r C o m m o n \ 4 5 5 8 1 1 3 8 b 3 6 f d 3 3 8 c 8 7 8 1 3 3 9 0 7 7 5 b 6 5 f \ I A S t o r C o m m o n . n i . d l l M O D - [ 2 0 1 3 . 0 7 . 1 5 1 9 : 0 5 : 1 0 | 0 1 6 , 1 6 6 , 2 8 0 | - - - - | M ] ( ) - - C : \ W i n d o w s \ S y s W O W 6 4 \ M a c r o m e d \ F l a s h \ N P S W F 3 2 _ 1 1 _ 8 _ 8 0 0 _ 9 4 . d l l M O D - [ 2 0 1 3 . 0 7 . 1 5 1 2 : 1 1 : 1 7 | 0 1 1 , 4 9 9 , 5 2 0 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ N a t i v e I m a g e s _ v 2 . 0 . 5 0 7 2 7 _ 3 2 \ m s c o r l i b \ 9 a 6 c 1 b 7 a f 1 8 b 4 d 5 a 9 1 d c 7 f 8 d 6 6 1 7 5 2 2 f \ m s c o r l i b . n i . d l l M O D - [ 2 0 1 2 . 0 8 . 1 0 1 6 : 5 1 : 3 2 | 0 0 0 , 9 8 5 , 0 8 8 | - - - - | M ] ( ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ O p e n O f f i c e . o r g 3 \ p r o g r a m \ l i b x m l 2 . d l l M O D - [ 2 0 1 0 . 1 1 . 2 1 0 8 : 4 9 : 2 2 | 0 0 0 , 0 3 2 , 7 6 8 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ G A C _ M S I L \ S y s t e m . R u n t i m e . R e m o t i n g . r e s o u r c e s \ 2 . 0 . 0 . 0 _ d e _ b 7 7 a 5 c 5 6 1 9 3 4 e 0 8 9 \ S y s t e m . R u n t i m e . R e m o t i n g . r e s o u r c e s . d l l M O D - [ 2 0 1 0 . 1 1 . 1 3 0 1 : 2 6 : 0 8 | 0 0 0 , 3 1 5 , 3 9 2 | - - - - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ G A C _ M S I L \ m s c o r l i b . r e s o u r c e s \ 2 . 0 . 0 . 0 _ d e _ b 7 7 a 5 c 5 6 1 9 3 4 e 0 8 9 \ m s c o r l i b . r e s o u r c e s . d l l [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = S e r v i c e s ( S a f e L i s t ) = = = = = = = = = = [ / c o l o r ] S R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 0 9 . 0 7 . 1 4 0 3 : 4 0 : 0 1 | 0 0 0 , 1 9 3 , 5 3 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ a p p m g m t s . d l l - - ( A p p M g m t ) S R V - [ 2 0 1 3 . 0 8 . 2 5 1 7 : 1 0 : 3 8 | 0 0 0 , 1 1 7 , 6 5 6 | - - - - | M ] ( M o z i l l a F o u n d a t i o n ) [ O n _ D e m a n d | S t o p p e d ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a M a i n t e n a n c e S e r v i c e \ m a i n t e n a n c e s e r v i c e . e x e - - ( M o z i l l a M a i n t e n a n c e ) S R V - [ 2 0 1 3 . 0 8 . 2 5 1 3 : 3 4 : 2 0 | 0 0 0 , 2 5 7 , 4 1 6 | - - - - | M ] ( A d o b e S y s t e m s I n c o r p o r a t e d ) [ O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s W O W 6 4 \ M a c r o m e d \ F l a s h \ F l a s h P l a y e r U p d a t e S e r v i c e . e x e - - ( A d o b e F l a s h P l a y e r U p d a t e S v c ) S R V - [ 2 0 1 3 . 0 6 . 1 7 1 2 : 3 5 : 5 0 | 0 0 0 , 2 1 4 , 5 1 2 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) [ A u t o | S t o p p e d ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ a v p . e x e - - ( A V P ) S R V - [ 2 0 1 3 . 0 6 . 1 3 1 1 : 1 7 : 5 1 | 0 0 4 , 1 5 0 , 1 1 2 | - - - - | M ] ( T e a m V i e w e r G m b H ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ T e a m V i e w e r \ V e r s i o n 8 \ T e a m V i e w e r _ S e r v i c e . e x e - - ( T e a m V i e w e r 8 ) S R V - [ 2 0 1 3 . 0 5 . 1 1 1 2 : 3 7 : 2 6 | 0 0 0 , 0 6 5 , 6 4 0 | - - - - | M ] ( A d o b e S y s t e m s I n c o r p o r a t e d ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ C o m m o n F i l e s \ A d o b e \ A R M \ 1 . 0 \ a r m s v c . e x e - - ( A d o b e A R M s e r v i c e ) S R V - [ 2 0 1 2 . 1 2 . 1 4 0 2 : 4 2 : 1 0 | 0 0 0 , 2 7 7 , 6 1 6 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s W O W 6 4 \ I n t e l C p H e c i S v c . e x e - - ( c p h s ) S R V - [ 2 0 1 2 . 0 3 . 2 9 0 7 : 5 7 : 3 6 | 0 0 2 , 6 6 9 , 8 4 0 | - - - - | M ] ( I n t e l � C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m m e \ I n t e l \ W i F i \ b i n \ Z e r o C o n f i g S e r v i c e . e x e - - ( Z e r o C o n f i g S e r v i c e ) S R V - [ 2 0 1 2 . 0 3 . 2 9 0 7 : 5 7 : 2 4 | 0 0 0 , 2 7 3 , 1 6 8 | - - - - | M ] ( ) [ O n _ D e m a n d | S t o p p e d ] - - C : \ P r o g r a m m e \ I n t e l \ W i F i \ b i n \ P a n D h c p D n s . e x e - - ( M y W i F i D H C P D N S ) S R V - [ 2 0 1 2 . 0 3 . 2 9 0 7 : 5 7 : 1 4 | 0 0 0 , 6 2 6 , 9 6 0 | - - - - | M ] ( I n t e l ( R ) C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m m e \ I n t e l \ W i F i \ b i n \ E v t E n g . e x e - - ( E v t E n g ) S R V - [ 2 0 1 2 . 0 3 . 2 9 0 7 : 5 7 : 1 0 | 0 0 0 , 1 4 8 , 7 5 2 | - - - - | M ] ( I n t e l ( R ) C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m m e \ C o m m o n F i l e s \ I n t e l \ W i r e l e s s C o m m o n \ R e g S r v c . e x e - - ( R e g S r v c ) S R V - [ 2 0 1 2 . 0 3 . 1 8 2 1 : 5 3 : 0 0 | 0 0 2 , 4 5 8 , 9 4 4 | R - - - | M ] ( N V I D I A C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ N V I D I A C o r p o r a t i o n \ N V I D I A U p d a t e C o r e \ d a e m o n u . e x e - - ( n v U p d a t u s S e r v i c e ) S R V - [ 2 0 1 2 . 0 3 . 1 5 0 6 : 4 8 : 2 2 | 0 0 0 , 3 6 2 , 8 4 0 | R - - - | M ] ( I n t e l C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ U N S \ U N S . e x e - - ( U N S ) S R V - [ 2 0 1 2 . 0 3 . 1 5 0 6 : 4 8 : 2 0 | 0 0 0 , 2 7 6 , 8 2 4 | R - - - | M ] ( I n t e l C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ L M S \ L M S . e x e - - ( L M S ) S R V - [ 2 0 1 2 . 0 3 . 1 5 0 6 : 4 8 : 1 4 | 0 0 0 , 1 2 7 , 3 2 0 | R - - - | M ] ( ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ F W S e r v i c e \ I n t e l M e F W S e r v i c e . e x e - - ( I n t e l ( R ) S R V - [ 2 0 1 2 . 0 3 . 1 5 0 6 : 4 8 : 0 6 | 0 0 0 , 1 6 2 , 6 4 8 | R - - - | M ] ( I n t e l C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ D A L \ j h i _ s e r v i c e . e x e - - ( j h i _ s e r v i c e ) S R V - [ 2 0 1 2 . 0 3 . 0 7 2 1 : 5 8 : 4 2 | 0 0 0 , 4 9 2 , 0 3 2 | - - - - | M ] ( ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m m e \ Q u a l c o m m A t h e r o s \ K i l l e r N e t w o r k M a n a g e r \ B F N S e r v i c e . e x e - - ( Q u a l c o m m A t h e r o s K i l l e r S e r v i c e ) S R V - [ 2 0 1 2 . 0 2 . 0 2 2 2 : 2 9 : 5 2 | 0 0 0 , 6 2 8 , 4 4 8 | - - - - | M ] ( I n t e l ( R ) C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m m e \ I n t e l \ i C L S C l i e n t \ H e c i S e r v e r . e x e - - ( I n t e l ( R ) S R V - [ 2 0 1 2 . 0 2 . 0 1 1 6 : 2 9 : 5 8 | 0 0 0 , 0 1 3 , 5 9 2 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) R a p i d S t o r a g e T e c h n o l o g y \ I A S t o r D a t a M g r S v c . e x e - - ( I A S t o r D a t a M g r S v c ) S R V - [ 2 0 1 2 . 0 1 . 1 7 1 6 : 1 2 : 2 8 | 0 0 0 , 1 3 5 , 9 5 2 | - - - - | M ] ( I n t e l ( R ) C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m m e \ I n t e l \ B l u e t o o t h H S \ B T H S S e c u r i t y M g r . e x e - - ( B T H S S e c u r i t y M g r ) S R V - [ 2 0 1 2 . 0 1 . 0 9 1 2 : 3 9 : 4 4 | 0 0 0 , 6 5 9 , 9 6 8 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m m e \ I n t e l \ B l u e t o o t h H S \ B T H S A m p P a l S e r v i c e . e x e - - ( A M P P A L R 3 ) S R V - [ 2 0 1 1 . 1 2 . 0 7 0 9 : 3 8 : 1 0 | 0 0 2 , 4 2 9 , 5 4 4 | R - - - | M ] ( R e a l s i l M i c r o e l e c t r o n i c s I n c . ) [ A u t o | R u n n i n g ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ R e a l t e k \ R e a l t e k P C I E C a r d R e a d e r \ R I c o n M a n . e x e - - ( I c o n M a n _ R ) S R V - [ 2 0 1 0 . 0 3 . 1 8 1 3 : 1 6 : 2 8 | 0 0 0 , 1 3 0 , 3 8 4 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ A u t o | R u n n i n g ] - - C : \ W i n d o w s \ M i c r o s o f t . N E T \ F r a m e w o r k \ v 4 . 0 . 3 0 3 1 9 \ m s c o r s v w . e x e - - ( c l r _ o p t i m i z a t i o n _ v 4 . 0 . 3 0 3 1 9 _ 3 2 ) S R V - [ 2 0 1 0 . 0 1 . 0 9 2 1 : 3 4 : 2 4 | 0 0 4 , 9 2 5 , 1 8 4 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ O n _ D e m a n d | S t o p p e d ] - - C : \ P r o g r a m m e \ C o m m o n F i l e s \ M i c r o s o f t S h a r e d \ O f f i c e S o f t w a r e P r o t e c t i o n P l a t f o r m \ O S P P S V C . E X E - - ( o s p p s v c ) S R V - [ 2 0 0 9 . 0 6 . 1 0 2 3 : 2 3 : 0 9 | 0 0 0 , 0 6 6 , 3 8 4 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ D i s a b l e d | S t o p p e d ] - - C : \ W i n d o w s \ M i c r o s o f t . N E T \ F r a m e w o r k \ v 2 . 0 . 5 0 7 2 7 \ m s c o r s v w . e x e - - ( c l r _ o p t i m i z a t i o n _ v 2 . 0 . 5 0 7 2 7 _ 3 2 ) [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = D r i v e r S e r v i c e s ( S a f e L i s t ) = = = = = = = = = = [ / c o l o r ] D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 3 . 0 8 . 2 5 1 7 : 3 0 : 3 2 | 0 0 0 , 6 1 9 , 6 1 6 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) [ F i l e _ S y s t e m | S y s t e m | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l i f . s y s - - ( K L I F ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 3 . 0 6 . 1 0 1 2 : 2 7 : 5 6 | 0 0 0 , 0 3 0 , 3 0 4 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) [ K e r n e l | S y s t e m | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l i m 6 . s y s - - ( K L I M 6 ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 3 . 0 6 . 0 6 1 7 : 3 8 : 2 0 | 0 0 0 , 1 7 8 , 7 8 4 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) [ K e r n e l | S y s t e m | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k n e p s . s y s - - ( k n e p s ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 3 . 0 5 . 1 4 1 7 : 3 4 : 4 4 | 0 0 0 , 0 5 5 , 9 0 4 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) [ K e r n e l | S y s t e m | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l t d i . s y s - - ( k l t d i ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 3 . 0 5 . 0 6 0 9 : 2 2 : 2 2 | 0 0 0 , 4 5 8 , 3 3 6 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) [ K e r n e l | B o o t | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l 1 . s y s - - ( k l 1 ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 3 . 0 5 . 0 5 2 2 : 4 2 : 1 2 | 0 0 0 , 0 2 9 , 2 8 0 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l k b d f l t . s y s - - ( k l k b d f l t ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 3 . 0 5 . 0 5 2 2 : 4 2 : 0 6 | 0 0 0 , 0 2 9 , 2 8 0 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l m o u f l t . s y s - - ( k l m o u f l t ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 3 . 0 4 . 1 2 1 5 : 3 4 : 4 8 | 0 0 0 , 0 1 5 , 4 5 6 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) [ K e r n e l | S y s t e m | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l p d . s y s - - ( k l p d ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 1 2 . 1 4 0 2 : 4 2 : 2 2 | 0 0 5 , 3 5 3 , 8 8 8 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ i g d k m d 6 4 . s y s - - ( i g f x ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 8 . 2 3 1 6 : 1 0 : 2 0 | 0 0 0 , 0 1 9 , 4 5 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ r d p v i d e o m i n i p o r t . s y s - - ( R d p V i d e o M i n i p o r t ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 8 . 2 3 1 6 : 0 8 : 2 6 | 0 0 0 , 0 3 0 , 2 0 8 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ T s U s b G D . s y s - - ( T s U s b G D ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 8 . 2 3 1 6 : 0 7 : 3 5 | 0 0 0 , 0 5 7 , 8 5 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ T s U s b F l t . s y s - - ( T s U s b F l t ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 7 . 1 7 1 8 : 1 2 : 0 8 | 0 0 0 , 0 6 2 , 7 8 4 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ H E C I x 6 4 . s y s - - ( M E I x 6 4 ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 3 . 1 8 2 1 : 5 3 : 0 0 | 0 0 0 , 0 2 8 , 9 9 2 | - - - - | M ] ( N V I D I A C o r p o r a t i o n ) [ K e r n e l | B o o t | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ n v p c i f l t . s y s - - ( n v p c i f l t ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 3 . 1 2 1 4 : 0 6 : 4 6 | 0 1 1 , 4 7 1 , 8 7 2 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ N e t w s w 0 0 . s y s - - ( N E T w N s 6 4 ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 3 . 0 7 2 1 : 5 9 : 4 6 | 0 0 0 , 0 7 5 , 8 8 0 | - - - - | M ] ( B i g f o o t N e t w o r k s , I n c . ) [ K e r n e l | S y s t e m | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ b f l w f x 6 4 . s y s - - ( B f L w f ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 3 . 0 7 2 1 : 5 9 : 4 4 | 0 0 0 , 1 6 1 , 6 1 6 | - - - - | M ] ( Q u a l c o m m A t h e r o s , I n c . ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ e 2 2 W 7 x 6 4 . s y s - - ( L 1 C ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 3 . 0 1 0 8 : 4 6 : 1 6 | 0 0 0 , 0 2 3 , 4 0 8 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ R e c o g n i z e r | B o o t | U n k n o w n ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ f s _ r e c . s y s - - ( F s _ R e c ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 2 . 2 9 1 2 : 3 1 : 1 6 | 0 0 0 , 1 4 3 , 1 4 4 | - - - - | M ] ( E L A N M i c r o e l e c t r o n i c s C o r p . ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ E T D . s y s - - ( E T D ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 2 . 2 6 2 1 : 0 1 : 0 0 | 0 0 0 , 7 8 8 , 7 6 0 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ i u s b 3 x h c . s y s - - ( i u s b 3 x h c ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 2 . 2 6 2 1 : 0 1 : 0 0 | 0 0 0 , 3 5 6 , 1 2 0 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ i u s b 3 h u b . s y s - - ( i u s b 3 h u b ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 2 . 2 6 2 1 : 0 1 : 0 0 | 0 0 0 , 0 1 6 , 1 5 2 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ K e r n e l | B o o t | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ i u s b 3 h c s . s y s - - ( i u s b 3 h c s ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 2 . 0 1 1 6 : 1 6 : 4 0 | 0 0 0 , 5 6 8 , 6 0 0 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ K e r n e l | B o o t | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ i a S t o r . s y s - - ( i a S t o r ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 1 . 0 9 1 2 : 3 2 : 4 0 | 0 0 0 , 1 9 5 , 5 8 4 | - - - - | M ] ( W i n d o w s ( R ) W i n 7 D D K p r o v i d e r ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ A m p P a l . s y s - - ( A M P P A L P ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 1 . 0 9 1 2 : 3 2 : 4 0 | 0 0 0 , 1 9 5 , 5 8 4 | - - - - | M ] ( W i n d o w s ( R ) W i n 7 D D K p r o v i d e r ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ A m p P a l . s y s - - ( A M P P A L ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 2 . 0 1 . 0 3 0 5 : 2 1 : 4 4 | 0 0 0 , 3 4 0 , 0 7 2 | R - - - | M ] ( R e a l t e k S e m i c o n d u c t o r C o r p . ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ R t s P S t o r . s y s - - ( R S P C I E S T O R ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 1 . 1 2 . 0 5 2 2 : 2 3 : 0 8 | 0 0 0 , 3 3 1 , 2 6 4 | - - - - | M ] ( I n t e l ( R ) C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ I n t c D A u d . s y s - - ( I n t c D A u d ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 1 . 0 3 . 1 1 0 8 : 4 1 : 1 2 | 0 0 0 , 1 0 7 , 9 0 4 | - - - - | M ] ( A d v a n c e d M i c r o D e v i c e s ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ a m d s a t a . s y s - - ( a m d s a t a ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 1 . 0 3 . 1 1 0 8 : 4 1 : 1 2 | 0 0 0 , 0 2 7 , 0 0 8 | - - - - | M ] ( A d v a n c e d M i c r o D e v i c e s ) [ K e r n e l | B o o t | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ a m d x a t a . s y s - - ( a m d x a t a ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 0 . 1 1 . 2 1 0 5 : 2 3 : 4 8 | 0 0 0 , 0 7 1 , 1 6 8 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ d m v s c . s y s - - ( d m v s c ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 0 . 1 1 . 2 1 0 5 : 2 3 : 4 7 | 0 0 0 , 1 0 9 , 0 5 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ s d b u s . s y s - - ( s d b u s ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 1 0 . 1 1 . 2 1 0 5 : 2 3 : 4 7 | 0 0 0 , 0 7 8 , 7 2 0 | - - - - | M ] ( H e w l e t t - P a c k a r d C o m p a n y ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ H p S A M D . s y s - - ( H p S A M D ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 0 9 . 1 1 . 1 8 0 1 : 1 2 : 0 0 | 0 0 0 , 0 3 2 , 3 4 4 | - - - - | M ] ( C r e a t i v e T e c h n o l o g y L t d . ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ M B f i l t 6 4 . s y s - - ( M B f i l t ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 0 9 . 0 7 . 1 4 0 3 : 5 2 : 2 0 | 0 0 0 , 1 9 4 , 1 2 8 | - - - - | M ] ( A M D T e c h n o l o g i e s I n c . ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ a m d s b s . s y s - - ( a m d s b s ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 0 9 . 0 7 . 1 4 0 3 : 4 8 : 0 4 | 0 0 0 , 0 6 5 , 6 0 0 | - - - - | M ] ( L S I C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ l s i _ s a s 2 . s y s - - ( L S I _ S A S 2 ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 0 9 . 0 7 . 1 4 0 3 : 4 5 : 5 5 | 0 0 0 , 0 2 4 , 6 5 6 | - - - - | M ] ( P r o m i s e T e c h n o l o g y ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ s t e x s t o r . s y s - - ( s t e x s t o r ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 0 9 . 0 6 . 1 0 2 2 : 3 4 : 3 3 | 0 0 3 , 2 8 6 , 0 1 6 | - - - - | M ] ( B r o a d c o m C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ e v b d a . s y s - - ( e b d r v ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 0 9 . 0 6 . 1 0 2 2 : 3 4 : 2 8 | 0 0 0 , 4 6 8 , 4 8 0 | - - - - | M ] ( B r o a d c o m C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ b x v b d a . s y s - - ( b 0 6 b d r v ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 0 9 . 0 6 . 1 0 2 2 : 3 4 : 2 3 | 0 0 0 , 2 7 0 , 8 4 8 | - - - - | M ] ( B r o a d c o m C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ b 5 7 n d 6 0 a . s y s - - ( b 5 7 n d 6 0 a ) D R V : [ b ] 6 4 b i t : [ / b ] - [ 2 0 0 9 . 0 6 . 1 0 2 2 : 3 1 : 5 9 | 0 0 0 , 0 3 1 , 2 3 2 | - - - - | M ] ( H a u p p a u g e C o m p u t e r W o r k s , I n c . ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ h c w 8 5 c i r . s y s - - ( h c w 8 5 c i r ) D R V - [ 2 0 0 9 . 0 7 . 1 4 0 3 : 1 9 : 1 0 | 0 0 0 , 0 1 9 , 0 0 8 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ F i l e _ S y s t e m | O n _ D e m a n d | S t o p p e d ] - - C : \ W i n d o w s \ S y s W O W 6 4 \ d r i v e r s \ w i m m o u n t . s y s - - ( W I M M o u n t ) [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = S t a n d a r d R e g i s t r y ( S a f e L i s t ) = = = = = = = = = = [ / c o l o r ] [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = I n t e r n e t E x p l o r e r = = = = = = = = = = [ / c o l o r ] I E : [ b ] 6 4 b i t : [ / b ] - H K L M \ . . \ S e a r c h S c o p e s , D e f a u l t S c o p e = { 0 6 3 3 E E 9 3 - D 7 7 6 - 4 7 2 f - A 0 F F - E 1 4 1 6 B 8 B 2 E 3 A } I E : [ b ] 6 4 b i t : [ / b ] - H K L M \ . . \ S e a r c h S c o p e s \ { 0 6 3 3 E E 9 3 - D 7 7 6 - 4 7 2 f - A 0 F F - E 1 4 1 6 B 8 B 2 E 3 A } : " U R L " = h t t p : / / w w w . b i n g . c o m / s e a r c h ? q = { s e a r c h T e r m s } & F O R M = I E 8 S R C I E - H K L M \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , L o c a l P a g e = C : \ W i n d o w s \ S y s W O W 6 4 \ b l a n k . h t m I E - H K L M \ . . \ S e a r c h S c o p e s , D e f a u l t S c o p e = { 0 6 3 3 E E 9 3 - D 7 7 6 - 4 7 2 f - A 0 F F - E 1 4 1 6 B 8 B 2 E 3 A } I E - H K L M \ . . \ S e a r c h S c o p e s \ { 0 6 3 3 E E 9 3 - D 7 7 6 - 4 7 2 f - A 0 F F - E 1 4 1 6 B 8 B 2 E 3 A } : " U R L " = h t t p : / / w w w . b i n g . c o m / s e a r c h ? q = { s e a r c h T e r m s } & F O R M = I E 8 S R C I E - H K U \ . D E F A U L T \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s : " P r o x y E n a b l e " = 0 I E - H K U \ S - 1 - 5 - 1 8 \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s : " P r o x y E n a b l e " = 0 I E - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 0 \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , S t a r t P a g e = h t t p : / / w w w . g o o g l e . d e / I E - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 0 \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , S t a r t P a g e R e d i r e c t C a c h e = h t t p : / / d e . m s n . c o m / ? o c i d = i e h p I E - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 0 \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , S t a r t P a g e R e d i r e c t C a c h e A c c e p t L a n g s = d e I E - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 0 \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , S t a r t P a g e R e d i r e c t C a c h e _ T I M E S T A M P = 6 E 1 5 3 D C 9 3 C 3 8 C E 0 1 [ b i n a r y d a t a ] I E - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 0 \ . . \ S e a r c h S c o p e s , D e f a u l t S c o p e = { 0 6 3 3 E E 9 3 - D 7 7 6 - 4 7 2 f - A 0 F F - E 1 4 1 6 B 8 B 2 E 3 A } I E - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 0 \ . . \ S e a r c h S c o p e s \ { 0 6 3 3 E E 9 3 - D 7 7 6 - 4 7 2 f - A 0 F F - E 1 4 1 6 B 8 B 2 E 3 A } : " U R L " = h t t p : / / w w w . b i n g . c o m / s e a r c h ? q = { s e a r c h T e r m s } & s r c = I E - S e a r c h B o x & F O R M = I E 1 0 S R I E - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 0 \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s : " P r o x y E n a b l e " = 0 I E - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 1 \ . . \ S e a r c h S c o p e s , D e f a u l t S c o p e = { 0 6 3 3 E E 9 3 - D 7 7 6 - 4 7 2 f - A 0 F F - E 1 4 1 6 B 8 B 2 E 3 A } I E - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 1 \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s : " P r o x y E n a b l e " = 0 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = F i r e F o x = = = = = = = = = = [ / c o l o r ] F F - p r e f s . j s . . e x t e n s i o n s . e n a b l e d A d d o n s : % 7 B 9 7 2 c e 4 c 6 - 7 e 0 8 - 4 4 7 4 - a 2 8 5 - 3 2 0 8 1 9 8 c e 6 f d % 7 D : 2 3 . 0 . 1 F F - u s e r . j s - F i l e n o t f o u n d F F : [ b ] 6 4 b i t : [ / b ] - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ a d o b e . c o m / F l a s h P l a y e r : C : \ W i n d o w s \ s y s t e m 3 2 \ M a c r o m e d \ F l a s h \ N P S W F 6 4 _ 1 1 _ 8 _ 8 0 0 _ 9 4 . d l l F i l e n o t f o u n d F F : [ b ] 6 4 b i t : [ / b ] - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ M i c r o s o f t . c o m / N p C t r l , v e r s i o n = 1 . 0 : c : \ P r o g r a m F i l e s \ M i c r o s o f t S i l v e r l i g h t \ 5 . 1 . 2 0 5 1 3 . 0 \ n p c t r l . d l l ( M i c r o s o f t C o r p o r a t i o n ) F F : [ b ] 6 4 b i t : [ / b ] - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ m i c r o s o f t . c o m / O f f i c e A u t h z , v e r s i o n = 1 4 . 0 : C : \ P R O G R A ~ 1 \ M I C R O S ~ 2 \ O f f i c e 1 4 \ N P A U T H Z . D L L ( M i c r o s o f t C o r p o r a t i o n ) F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ a d o b e . c o m / F l a s h P l a y e r : C : \ W i n d o w s \ S y s W O W 6 4 \ M a c r o m e d \ F l a s h \ N P S W F 3 2 _ 1 1 _ 8 _ 8 0 0 _ 9 4 . d l l ( ) F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ i n t e l - w e b a p i . i n t e l . c o m / I n t e l W e b A P I i p t ; v e r s i o n = 2 . 0 . 5 9 : C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ I P T \ n p I n t e l W e b A P I I P T . d l l ( I n t e l C o r p o r a t i o n ) F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ i n t e l - w e b a p i . i n t e l . c o m / I n t e l W e b A P I u p d a t e r : C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) M a n a g e m e n t E n g i n e C o m p o n e n t s \ I P T \ n p I n t e l W e b A P I U p d a t e r . d l l ( I n t e l C o r p o r a t i o n ) F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ M i c r o s o f t . c o m / N p C t r l , v e r s i o n = 1 . 0 : c : \ P r o g r a m F i l e s ( x 8 6 ) \ M i c r o s o f t S i l v e r l i g h t \ 5 . 1 . 2 0 5 1 3 . 0 \ n p c t r l . d l l ( M i c r o s o f t C o r p o r a t i o n ) F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ m i c r o s o f t . c o m / O f f i c e A u t h z , v e r s i o n = 1 4 . 0 : C : \ P R O G R A ~ 2 \ M I C R O S ~ 2 \ O f f i c e 1 4 \ N P A U T H Z . D L L ( M i c r o s o f t C o r p o r a t i o n ) F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ m i c r o s o f t . c o m / S h a r e P o i n t , v e r s i o n = 1 4 . 0 : C : \ P R O G R A ~ 2 \ M I C R O S ~ 2 \ O f f i c e 1 4 \ N P S P W R A P . D L L ( M i c r o s o f t C o r p o r a t i o n ) F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ A d o b e R e a d e r : C : \ P r o g r a m F i l e s ( x 8 6 ) \ A d o b e \ R e a d e r 1 1 . 0 \ R e a d e r \ A I R \ n p p d f 3 2 . d l l ( A d o b e S y s t e m s I n c . ) F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ F i r e f o x \ E x t e n s i o n s \ \ u r l _ a d v i s o r @ k a s p e r s k y . c o m : C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ F F E x t \ u r l _ a d v i s o r @ k a s p e r s k y . c o m [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 5 : 5 4 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ F i r e f o x \ E x t e n s i o n s \ \ v i r t u a l _ k e y b o a r d @ k a s p e r s k y . c o m : C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ F F E x t \ v i r t u a l _ k e y b o a r d @ k a s p e r s k y . c o m [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 5 : 5 5 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ F i r e f o x \ E x t e n s i o n s \ \ c o n t e n t _ b l o c k e r @ k a s p e r s k y . c o m : C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ F F E x t \ c o n t e n t _ b l o c k e r @ k a s p e r s k y . c o m [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 5 : 4 2 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ M o z i l l a F i r e f o x 2 3 . 0 . 1 \ e x t e n s i o n s \ \ C o m p o n e n t s : C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a F i r e f o x \ c o m p o n e n t s F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ M o z i l l a F i r e f o x 2 3 . 0 . 1 \ e x t e n s i o n s \ \ P l u g i n s : C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a F i r e f o x \ p l u g i n s F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ M o z i l l a T h u n d e r b i r d 1 7 . 0 . 8 \ e x t e n s i o n s \ \ C o m p o n e n t s : C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a T h u n d e r b i r d \ c o m p o n e n t s [ 2 0 1 3 . 0 8 . 1 3 1 8 : 1 1 : 2 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ M o z i l l a T h u n d e r b i r d 1 7 . 0 . 8 \ e x t e n s i o n s \ \ P l u g i n s : C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a T h u n d e r b i r d \ p l u g i n s F F - H K E Y _ C U R R E N T _ U S E R \ s o f t w a r e \ m o z i l l a \ M o z i l l a F i r e f o x 2 3 . 0 . 1 \ e x t e n s i o n s \ \ C o m p o n e n t s : C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a F i r e f o x \ c o m p o n e n t s F F - H K E Y _ C U R R E N T _ U S E R \ s o f t w a r e \ m o z i l l a \ M o z i l l a F i r e f o x 2 3 . 0 . 1 \ e x t e n s i o n s \ \ P l u g i n s : C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a F i r e f o x \ p l u g i n s F F - H K E Y _ C U R R E N T _ U S E R \ s o f t w a r e \ m o z i l l a \ M o z i l l a T h u n d e r b i r d 1 7 . 0 . 8 \ e x t e n s i o n s \ \ C o m p o n e n t s : C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a T h u n d e r b i r d \ c o m p o n e n t s [ 2 0 1 3 . 0 8 . 1 3 1 8 : 1 1 : 2 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] F F - H K E Y _ C U R R E N T _ U S E R \ s o f t w a r e \ m o z i l l a \ M o z i l l a T h u n d e r b i r d 1 7 . 0 . 8 \ e x t e n s i o n s \ \ P l u g i n s : C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a T h u n d e r b i r d \ p l u g i n s [ 2 0 1 3 . 0 4 . 1 3 1 4 : 2 5 : 1 4 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] ( N o n a m e f o u n d ) - - C : \ U s e r s \ D i p p i \ A p p D a t a \ R o a m i n g \ m o z i l l a \ E x t e n s i o n s [ 2 0 1 3 . 0 8 . 2 5 1 3 : 3 5 : 3 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] ( N o n a m e f o u n d ) - - C : \ U s e r s \ D i p p i \ A p p D a t a \ R o a m i n g \ m o z i l l a \ F i r e f o x \ P r o f i l e s \ z s d f 2 w c n . d e f a u l t \ e x t e n s i o n s [ 2 0 1 3 . 0 8 . 2 5 1 3 : 3 5 : 3 1 | 0 0 1 , 3 1 2 , 9 0 7 | - - - - | M ] ( ) ( N o n a m e f o u n d ) - - C : \ U s e r s \ D i p p i \ A p p D a t a \ R o a m i n g \ m o z i l l a \ f i r e f o x \ p r o f i l e s \ z s d f 2 w c n . d e f a u l t \ e x t e n s i o n s \ f i r e f o x @ g h o s t e r y . c o m . x p i [ 2 0 1 3 . 0 5 . 2 0 1 7 : 3 1 : 3 4 | 0 0 0 , 3 9 2 , 8 0 6 | - - - - | M ] ( ) ( N o n a m e f o u n d ) - - C : \ U s e r s \ D i p p i \ A p p D a t a \ R o a m i n g \ m o z i l l a \ f i r e f o x \ p r o f i l e s \ z s d f 2 w c n . d e f a u l t \ e x t e n s i o n s \ j i d 1 - F 9 U J 2 t h w o A m 5 g Q @ j e t p a c k . x p i [ 2 0 1 3 . 0 7 . 3 1 2 0 : 2 3 : 5 5 | 0 0 0 , 8 2 4 , 3 0 2 | - - - - | M ] ( ) ( N o n a m e f o u n d ) - - C : \ U s e r s \ D i p p i \ A p p D a t a \ R o a m i n g \ m o z i l l a \ f i r e f o x \ p r o f i l e s \ z s d f 2 w c n . d e f a u l t \ e x t e n s i o n s \ { d 1 0 d 0 b f 8 - f 5 b 5 - c 8 b 4 - a 8 b 2 - 2 b 9 8 7 9 e 0 8 c 5 d } . x p i [ 2 0 1 3 . 0 8 . 2 5 1 7 : 1 0 : 2 2 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] ( N o n a m e f o u n d ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ m o z i l l a f i r e f o x \ b r o w s e r \ e x t e n s i o n s [ 2 0 1 3 . 0 8 . 2 5 1 7 : 1 0 : 3 9 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] ( D e f a u l t ) - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ m o z i l l a f i r e f o x \ b r o w s e r \ e x t e n s i o n s \ { 9 7 2 c e 4 c 6 - 7 e 0 8 - 4 4 7 4 - a 2 8 5 - 3 2 0 8 1 9 8 c e 6 f d } O 1 H O S T S F i l e : ( [ 2 0 0 9 . 0 6 . 1 0 2 3 : 0 0 : 2 6 | 0 0 0 , 0 0 0 , 8 2 4 | - - - - | M ] ) - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ e t c \ h o s t s O 2 : [ b ] 6 4 b i t : [ / b ] - B H O : ( C o n t e n t B l o c k e r P l u g i n ) - { 5 5 6 4 C C 7 3 - E F A 7 - 4 C B F - 9 1 8 A - 5 C F 7 F B B F F F 4 F } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ x 6 4 \ I E E x t \ C o n t e n t B l o c k e r \ i e _ c o n t e n t _ b l o c k e r _ p l u g i n . d l l ( K a s p e r s k y L a b Z A O ) O 2 : [ b ] 6 4 b i t : [ / b ] - B H O : ( V i r t u a l K e y b o a r d P l u g i n ) - { 7 3 4 5 5 5 7 5 - E 4 0 C - 4 3 3 C - 9 7 8 4 - C 7 8 D C 7 7 6 1 4 5 5 } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ x 6 4 \ I E E x t \ V i r t u a l K e y b o a r d \ i e _ v i r t u a l _ k e y b o a r d _ p l u g i n . d l l ( K a s p e r s k y L a b Z A O ) O 2 : [ b ] 6 4 b i t : [ / b ] - B H O : ( O f f i c e D o c u m e n t C a c h e H a n d l e r ) - { B 4 F 3 A 8 3 5 - 0 E 2 1 - 4 9 5 9 - B A 2 2 - 4 2 B 3 0 0 8 E 0 2 F F } - C : \ P r o g r a m m e \ M i c r o s o f t O f f i c e \ O f f i c e 1 4 \ U R L R E D I R . D L L ( M i c r o s o f t C o r p o r a t i o n ) O 2 : [ b ] 6 4 b i t : [ / b ] - B H O : ( U R L A d v i s o r P l u g i n ) - { E 3 3 C F 6 0 2 - D 9 4 5 - 4 6 1 A - 8 3 F 0 - 8 1 9 F 7 6 A 1 9 9 F 8 } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ x 6 4 \ I E E x t \ U r l A d v i s o r \ k l w t b b h o . d l l ( K a s p e r s k y L a b Z A O ) O 2 - B H O : ( C o n t e n t B l o c k e r P l u g i n ) - { 5 5 6 4 C C 7 3 - E F A 7 - 4 C B F - 9 1 8 A - 5 C F 7 F B B F F F 4 F } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ I E E x t \ C o n t e n t B l o c k e r \ i e _ c o n t e n t _ b l o c k e r _ p l u g i n . d l l ( K a s p e r s k y L a b Z A O ) O 2 - B H O : ( V i r t u a l K e y b o a r d P l u g i n ) - { 7 3 4 5 5 5 7 5 - E 4 0 C - 4 3 3 C - 9 7 8 4 - C 7 8 D C 7 7 6 1 4 5 5 } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ I E E x t \ V i r t u a l K e y b o a r d \ i e _ v i r t u a l _ k e y b o a r d _ p l u g i n . d l l ( K a s p e r s k y L a b Z A O ) O 2 - B H O : ( O f f i c e D o c u m e n t C a c h e H a n d l e r ) - { B 4 F 3 A 8 3 5 - 0 E 2 1 - 4 9 5 9 - B A 2 2 - 4 2 B 3 0 0 8 E 0 2 F F } - C : \ P R O G R A ~ 2 \ M I C R O S ~ 2 \ O f f i c e 1 4 \ U R L R E D I R . D L L ( M i c r o s o f t C o r p o r a t i o n ) O 2 - B H O : ( U R L A d v i s o r P l u g i n ) - { E 3 3 C F 6 0 2 - D 9 4 5 - 4 6 1 A - 8 3 F 0 - 8 1 9 F 7 6 A 1 9 9 F 8 } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ I E E x t \ U r l A d v i s o r \ k l w t b b h o . d l l ( K a s p e r s k y L a b Z A O ) O 4 : [ b ] 6 4 b i t : [ / b ] - H K L M . . \ R u n : [ E T D C t r l ] C : \ P r o g r a m m e \ E l a n t e c h \ E T D C t r l . e x e ( E L A N M i c r o e l e c t r o n i c s C o r p . ) O 4 : [ b ] 6 4 b i t : [ / b ] - H K L M . . \ R u n : [ H o t K e y s C m d s ] C : \ W i n d o w s \ S y s N a t i v e \ h k c m d . e x e ( I n t e l C o r p o r a t i o n ) O 4 : [ b ] 6 4 b i t : [ / b ] - H K L M . . \ R u n : [ I g f x T r a y ] C : \ W i n d o w s \ S y s N a t i v e \ i g f x t r a y . e x e ( I n t e l C o r p o r a t i o n ) O 4 : [ b ] 6 4 b i t : [ / b ] - H K L M . . \ R u n : [ P e r s i s t e n c e ] C : \ W i n d o w s \ S y s N a t i v e \ i g f x p e r s . e x e ( I n t e l C o r p o r a t i o n ) O 4 : [ b ] 6 4 b i t : [ / b ] - H K L M . . \ R u n : [ R T H D V C P L ] C : \ P r o g r a m F i l e s \ R e a l t e k \ A u d i o \ H D A \ R A V C p l 6 4 . e x e ( R e a l t e k S e m i c o n d u c t o r ) O 4 - H K L M . . \ R u n : [ I A S t o r I c o n ] C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) R a p i d S t o r a g e T e c h n o l o g y \ I A S t o r I c o n L a u n c h . e x e ( I n t e l C o r p o r a t i o n ) O 4 - H K L M . . \ R u n : [ U S B 3 M O N ] C : \ P r o g r a m F i l e s ( x 8 6 ) \ I n t e l \ I n t e l ( R ) U S B 3 . 0 e X t e n s i b l e H o s t C o n t r o l l e r D r i v e r \ A p p l i c a t i o n \ i u s b 3 m o n . e x e ( I n t e l C o r p o r a t i o n ) O 4 - H K U \ S - 1 - 5 - 1 9 . . \ R u n : [ S i d e b a r ] C : \ P r o g r a m F i l e s ( x 8 6 ) \ W i n d o w s S i d e b a r \ S i d e b a r . e x e ( M i c r o s o f t C o r p o r a t i o n ) O 4 - H K U \ S - 1 - 5 - 2 0 . . \ R u n : [ S i d e b a r ] C : \ P r o g r a m F i l e s ( x 8 6 ) \ W i n d o w s S i d e b a r \ S i d e b a r . e x e ( M i c r o s o f t C o r p o r a t i o n ) O 4 - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 0 . . \ R u n : [ D T A G S S D V D R e p o r t ] C : \ U s e r s \ D i p p i \ A p p D a t a \ L o c a l \ D t a g \ D t o r . e x e ( D e u t s c h e T e l e k o m A G ) O 4 - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 0 . . \ R u n : [ J S I J L A X J L ] C : \ U s e r s \ D i p p i \ A p p D a t a \ R o a m i n g \ i s c s i u m g . d l l ( ) O 4 - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 1 . . \ R u n : [ S i d e b a r ] C : \ P r o g r a m F i l e s ( x 8 6 ) \ W i n d o w s S i d e b a r \ S i d e b a r . e x e ( M i c r o s o f t C o r p o r a t i o n ) O 4 - H K U \ S - 1 - 5 - 1 9 . . \ R u n O n c e : [ m c t a d m i n ] C : \ W i n d o w s \ S y s t e m 3 2 \ m c t a d m i n . e x e F i l e n o t f o u n d O 4 - H K U \ S - 1 - 5 - 2 0 . . \ R u n O n c e : [ m c t a d m i n ] C : \ W i n d o w s \ S y s t e m 3 2 \ m c t a d m i n . e x e F i l e n o t f o u n d O 4 - H K U \ S - 1 - 5 - 2 1 - 2 3 6 5 2 6 3 7 5 7 - 4 1 1 5 0 3 4 5 1 9 - 3 8 8 6 4 8 1 0 8 3 - 1 0 0 1 . . \ R u n O n c e : [ m c t a d m i n ] C : \ W i n d o w s \ S y s t e m 3 2 \ m c t a d m i n . e x e F i l e n o t f o u n d O 4 - S t a r t u p : C : \ U s e r s \ D i p p i \ A p p D a t a \ R o a m i n g \ M i c r o s o f t \ W i n d o w s \ S t a r t M e n u \ P r o g r a m s \ S t a r t u p \ O p e n O f f i c e . o r g 3 . 4 . 1 . l n k = C : \ P r o g r a m F i l e s ( x 8 6 ) \ O p e n O f f i c e . o r g 3 \ p r o g r a m \ q u i c k s t a r t . e x e ( ) O 6 - H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ p o l i c i e s \ E x p l o r e r : N o A c t i v e D e s k t o p = 1 O 6 - H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ p o l i c i e s \ E x p l o r e r : N o A c t i v e D e s k t o p C h a n g e s = 1 O 6 - H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ p o l i c i e s \ S y s t e m : C o n s e n t P r o m p t B e h a v i o r A d m i n = 5 O 6 - H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ p o l i c i e s \ S y s t e m : C o n s e n t P r o m p t B e h a v i o r U s e r = 3 O 8 : [ b ] 6 4 b i t : [ / b ] - E x t r a c o n t e x t m e n u i t e m : A n O n e N o t e s & e n d e n - r e s : / / C : \ P R O G R A ~ 2 \ M I C R O S ~ 2 \ O f f i c e 1 4 \ O N B t t n I E . d l l / 1 0 5 F i l e n o t f o u n d O 8 : [ b ] 6 4 b i t : [ / b ] - E x t r a c o n t e x t m e n u i t e m : N a c h M i c r o s o f t E & x c e l e x p o r t i e r e n - r e s : / / C : \ P R O G R A ~ 2 \ M I C R O S ~ 2 \ O f f i c e 1 4 \ E X C E L . E X E / 3 0 0 0 F i l e n o t f o u n d O 8 - E x t r a c o n t e x t m e n u i t e m : A n O n e N o t e s & e n d e n - r e s : / / C : \ P R O G R A ~ 2 \ M I C R O S ~ 2 \ O f f i c e 1 4 \ O N B t t n I E . d l l / 1 0 5 F i l e n o t f o u n d O 8 - E x t r a c o n t e x t m e n u i t e m : N a c h M i c r o s o f t E & x c e l e x p o r t i e r e n - r e s : / / C : \ P R O G R A ~ 2 \ M I C R O S ~ 2 \ O f f i c e 1 4 \ E X C E L . E X E / 3 0 0 0 F i l e n o t f o u n d O 9 : [ b ] 6 4 b i t : [ / b ] - E x t r a B u t t o n : V i r t u e l l e T a s t a t u r - { 0 C 4 C C 0 8 9 - D 3 0 6 - 4 4 0 D - 9 7 7 2 - 4 6 4 E 2 2 6 F 6 5 3 9 } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ x 6 4 \ I E E x t \ V i r t u a l K e y b o a r d \ i e _ v i r t u a l _ k e y b o a r d _ p l u g i n . d l l ( K a s p e r s k y L a b Z A O ) O 9 : [ b ] 6 4 b i t : [ / b ] - E x t r a B u t t o n : A n O n e N o t e s e n d e n - { 2 6 7 0 0 0 0 A - 7 3 5 0 - 4 f 3 c - 8 0 8 1 - 5 6 6 3 E E 0 C 6 C 4 9 } - C : \ P r o g r a m m e \ M i c r o s o f t O f f i c e \ O f f i c e 1 4 \ O N B t t n I E . d l l ( M i c r o s o f t C o r p o r a t i o n ) O 9 : [ b ] 6 4 b i t : [ / b ] - E x t r a ' T o o l s ' m e n u i t e m : A n O n e N o t e s & e n d e n - { 2 6 7 0 0 0 0 A - 7 3 5 0 - 4 f 3 c - 8 0 8 1 - 5 6 6 3 E E 0 C 6 C 4 9 } - C : \ P r o g r a m m e \ M i c r o s o f t O f f i c e \ O f f i c e 1 4 \ O N B t t n I E . d l l ( M i c r o s o f t C o r p o r a t i o n ) O 9 : [ b ] 6 4 b i t : [ / b ] - E x t r a B u t t o n : V e r k n � p f t e & O n e N o t e - N o t i z e n - { 7 8 9 F E 8 6 F - 6 F C 4 - 4 6 A 1 - 9 8 4 9 - E D E 0 D B 0 C 9 5 C A } - C : \ P r o g r a m m e \ M i c r o s o f t O f f i c e \ O f f i c e 1 4 \ O N B t t n I E L i n k e d N o t e s . d l l ( M i c r o s o f t C o r p o r a t i o n ) O 9 : [ b ] 6 4 b i t : [ / b ] - E x t r a ' T o o l s ' m e n u i t e m : V e r k n � p f t e & O n e N o t e - N o t i z e n - { 7 8 9 F E 8 6 F - 6 F C 4 - 4 6 A 1 - 9 8 4 9 - E D E 0 D B 0 C 9 5 C A } - C : \ P r o g r a m m e \ M i c r o s o f t O f f i c e \ O f f i c e 1 4 \ O N B t t n I E L i n k e d N o t e s . d l l ( M i c r o s o f t C o r p o r a t i o n ) O 9 : [ b ] 6 4 b i t : [ / b ] - E x t r a B u t t o n : L i n k - U n t e r s u c h u n g - { C C F 1 5 1 D 8 - D 0 8 9 - 4 4 9 F - A 5 A 4 - D 9 9 0 9 0 5 3 F 2 0 F } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ x 6 4 \ I E E x t \ U r l A d v i s o r \ k l w t b b h o . d l l ( K a s p e r s k y L a b Z A O ) O 9 - E x t r a B u t t o n : V i r t u e l l e T a s t a t u r - { 0 C 4 C C 0 8 9 - D 3 0 6 - 4 4 0 D - 9 7 7 2 - 4 6 4 E 2 2 6 F 6 5 3 9 } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ I E E x t \ V i r t u a l K e y b o a r d \ i e _ v i r t u a l _ k e y b o a r d _ p l u g i n . d l l ( K a s p e r s k y L a b Z A O ) O 9 - E x t r a B u t t o n : L i n k - U n t e r s u c h u n g - { C C F 1 5 1 D 8 - D 0 8 9 - 4 4 9 F - A 5 A 4 - D 9 9 0 9 0 5 3 F 2 0 F } - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b \ K a s p e r s k y A n t i - V i r u s 1 4 . 0 . 0 \ I E E x t \ U r l A d v i s o r \ k l w t b b h o . d l l ( K a s p e r s k y L a b Z A O ) O 1 0 : [ b ] 6 4 b i t : [ / b ] - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s 6 4 \ 0 0 0 0 0 0 0 0 0 0 0 1 - C : \ W i n d o w s \ S y s N a t i v e \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 0 : [ b ] 6 4 b i t : [ / b ] - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s 6 4 \ 0 0 0 0 0 0 0 0 0 0 0 2 - C : \ W i n d o w s \ S y s N a t i v e \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 0 : [ b ] 6 4 b i t : [ / b ] - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s 6 4 \ 0 0 0 0 0 0 0 0 0 0 0 3 - C : \ W i n d o w s \ S y s N a t i v e \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 0 : [ b ] 6 4 b i t : [ / b ] - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s 6 4 \ 0 0 0 0 0 0 0 0 0 0 0 4 - C : \ W i n d o w s \ S y s N a t i v e \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 0 : [ b ] 6 4 b i t : [ / b ] - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s 6 4 \ 0 0 0 0 0 0 0 0 0 0 1 5 - C : \ W i n d o w s \ S y s N a t i v e \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 0 - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s \ 0 0 0 0 0 0 0 0 0 0 0 1 - C : \ W i n d o w s \ S y s W O W 6 4 \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 0 - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s \ 0 0 0 0 0 0 0 0 0 0 0 2 - C : \ W i n d o w s \ S y s W O W 6 4 \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 0 - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s \ 0 0 0 0 0 0 0 0 0 0 0 3 - C : \ W i n d o w s \ S y s W O W 6 4 \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 0 - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s \ 0 0 0 0 0 0 0 0 0 0 0 4 - C : \ W i n d o w s \ S y s W O W 6 4 \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 0 - P r o t o c o l _ C a t a l o g 9 \ C a t a l o g _ E n t r i e s \ 0 0 0 0 0 0 0 0 0 0 1 5 - C : \ W i n d o w s \ S y s W O W 6 4 \ B f L L R . d l l ( B i g f o o t N e t w o r k s , I n c . ) O 1 3 [ b ] 6 4 b i t : [ / b ] - g o p h e r P r e f i x : m i s s i n g O 1 3 - g o p h e r P r e f i x : m i s s i n g O 1 7 - H K L M \ S y s t e m \ C C S \ S e r v i c e s \ T c p i p \ P a r a m e t e r s : D h c p N a m e S e r v e r = 1 9 2 . 1 6 8 . 2 . 1 O 1 7 - H K L M \ S y s t e m \ C C S \ S e r v i c e s \ T c p i p \ P a r a m e t e r s \ I n t e r f a c e s \ { A 2 F 7 7 D 1 F - 7 A 6 E - 4 3 3 9 - 9 9 0 4 - A B 4 8 6 C B 8 5 B 4 8 } : D h c p N a m e S e r v e r = 1 9 2 . 1 6 8 . 2 . 1 O 1 8 : [ b ] 6 4 b i t : [ / b ] - P r o t o c o l \ H a n d l e r \ m s - h e l p - N o C L S I D v a l u e f o u n d O 1 8 : [ b ] 6 4 b i t : [ / b ] - P r o t o c o l \ F i l t e r \ t e x t / x m l { 8 0 7 5 7 3 E 5 - 5 1 4 6 - 1 1 D 5 - A 6 7 2 - 0 0 B 0 D 0 2 2 E 9 4 5 } - C : \ P r o g r a m m e \ C o m m o n F i l e s \ M i c r o s o f t S h a r e d \ O F F I C E 1 4 \ M S O X M L M F . D L L ( M i c r o s o f t C o r p o r a t i o n ) O 2 0 : [ b ] 6 4 b i t : [ / b ] - A p p I n i t _ D L L s : ( C : \ W i n d o w s \ s y s t e m 3 2 \ n v i n i t x . d l l ) - C : \ W i n d o w s \ S y s N a t i v e \ n v i n i t x . d l l ( N V I D I A C o r p o r a t i o n ) O 2 0 - A p p I n i t _ D L L s : ( C : \ W i n d o w s \ S y s W O W 6 4 \ n v i n i t . d l l ) - C : \ W i n d o w s \ S y s W O W 6 4 \ n v i n i t . d l l ( N V I D I A C o r p o r a t i o n ) O 2 0 : [ b ] 6 4 b i t : [ / b ] - H K L M W i n l o g o n : S h e l l - ( e x p l o r e r . e x e ) - C : \ W i n d o w s \ e x p l o r e r . e x e ( M i c r o s o f t C o r p o r a t i o n ) O 2 0 : [ b ] 6 4 b i t : [ / b ] - H K L M W i n l o g o n : U s e r I n i t - ( C : \ W i n d o w s \ s y s t e m 3 2 \ u s e r i n i t . e x e ) - C : \ W i n d o w s \ S y s N a t i v e \ u s e r i n i t . e x e ( M i c r o s o f t C o r p o r a t i o n ) O 2 0 - H K L M W i n l o g o n : S h e l l - ( e x p l o r e r . e x e ) - C : \ W i n d o w s \ S y s W o w 6 4 \ e x p l o r e r . e x e ( M i c r o s o f t C o r p o r a t i o n ) O 2 0 - H K L M W i n l o g o n : U s e r I n i t - ( u s e r i n i t . e x e ) - C : \ W i n d o w s \ S y s W o w 6 4 \ u s e r i n i t . e x e ( M i c r o s o f t C o r p o r a t i o n ) O 2 0 : [ b ] 6 4 b i t : [ / b ] - W i n l o g o n \ N o t i f y \ i g f x c u i : D l l N a m e - ( i g f x d e v . d l l ) - C : \ W i n d o w s \ S y s N a t i v e \ i g f x d e v . d l l ( I n t e l C o r p o r a t i o n ) O 2 1 : [ b ] 6 4 b i t : [ / b ] - S S O D L : W e b C h e c k - { E 6 F B 5 E 2 0 - D E 3 5 - 1 1 C F - 9 C 8 7 - 0 0 A A 0 0 5 1 2 7 E D } - N o C L S I D v a l u e f o u n d . O 2 1 - S S O D L : W e b C h e c k - { E 6 F B 5 E 2 0 - D E 3 5 - 1 1 C F - 9 C 8 7 - 0 0 A A 0 0 5 1 2 7 E D } - N o C L S I D v a l u e f o u n d . O 3 2 - H K L M C D R o m : A u t o R u n - 1 O 3 3 - M o u n t P o i n t s 2 \ { 7 5 e 8 8 4 d 3 - a 4 5 b - 1 1 e 2 - 8 4 c 7 - 8 0 6 e 6 f 6 e 6 9 6 3 } \ S h e l l - " " = A u t o R u n O 3 3 - M o u n t P o i n t s 2 \ { 7 5 e 8 8 4 d 3 - a 4 5 b - 1 1 e 2 - 8 4 c 7 - 8 0 6 e 6 f 6 e 6 9 6 3 } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = D : \ C D S e t u p . e x e O 3 4 - H K L M B o o t E x e c u t e : ( a u t o c h e c k a u t o c h k * ) O 3 5 : [ b ] 6 4 b i t : [ / b ] - H K L M \ . . c o m f i l e [ o p e n ] - - " % 1 " % * O 3 5 : [ b ] 6 4 b i t : [ / b ] - H K L M \ . . e x e f i l e [ o p e n ] - - " % 1 " % * O 3 5 - H K L M \ . . c o m f i l e [ o p e n ] - - " % 1 " % * O 3 5 - H K L M \ . . e x e f i l e [ o p e n ] - - " % 1 " % * O 3 7 : [ b ] 6 4 b i t : [ / b ] - H K L M \ . . . c o m [ @ = c o m f i l e ] - - " % 1 " % * O 3 7 : [ b ] 6 4 b i t : [ / b ] - H K L M \ . . . e x e [ @ = e x e f i l e ] - - " % 1 " % * O 3 7 - H K L M \ . . . c o m [ @ = c o m f i l e ] - - " % 1 " % * O 3 7 - H K L M \ . . . e x e [ @ = e x e f i l e ] - - " % 1 " % * O 3 8 - S u b S y s t e m s \ \ W i n d o w s : ( S e r v e r D l l = w i n s r v : U s e r S e r v e r D l l I n i t i a l i z a t i o n , 3 ) O 3 8 - S u b S y s t e m s \ \ W i n d o w s : ( S e r v e r D l l = w i n s r v : C o n S e r v e r D l l I n i t i a l i z a t i o n , 2 ) O 3 8 - S u b S y s t e m s \ \ W i n d o w s : ( S e r v e r D l l = s x s s r v , 4 ) [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = F i l e s / F o l d e r s - C r e a t e d W i t h i n 3 0 D a y s = = = = = = = = = = [ / c o l o r ] [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 6 : 2 6 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t M e n u \ P r o g r a m s \ K a s p e r s k y A n t i - V i r u s [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 6 : 1 9 | 0 0 0 , 1 1 0 , 1 7 6 | - - - - | C ] ( K a s p e r s k y L a b Z A O ) - - C : \ W i n d o w s \ S y s N a t i v e \ k l f p h c . d l l [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 5 : 4 4 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ W i n d o w s \ E L A M B K U P [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 5 : 4 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ P r o g r a m D a t a \ K a s p e r s k y L a b [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 5 : 4 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ K a s p e r s k y L a b [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 5 : 3 5 | 0 0 0 , 6 1 9 , 6 1 6 | - - - - | C ] ( K a s p e r s k y L a b Z A O ) - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l i f . s y s [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 5 : 3 5 | 0 0 0 , 1 1 2 , 2 2 4 | - - - - | C ] ( K a s p e r s k y L a b Z A O ) - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l f l t . s y s [ 2 0 1 3 . 0 8 . 2 5 1 7 : 1 0 : 2 2 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a F i r e f o x [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 2 | 0 0 0 , 5 2 6 , 3 3 6 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ i e u i . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 2 | 0 0 0 , 3 9 1 , 1 6 8 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i e u i . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 1 | 0 0 0 , 0 6 7 , 0 7 2 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ i e s e t u p . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 1 | 0 0 0 , 0 6 1 , 4 4 0 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i e s e t u p . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 1 | 0 0 0 , 0 3 9 , 9 3 6 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ i e r n o n c e . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 1 | 0 0 0 , 0 3 3 , 2 8 0 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i e r n o n c e . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 0 | 0 0 0 , 1 3 6 , 7 0 4 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ i e s y s p r e p . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 0 | 0 0 0 , 1 0 9 , 0 5 6 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i e s y s p r e p . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 0 | 0 0 0 , 0 8 9 , 6 0 0 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ R e g i s t e r I E P K E Y s . e x e [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 0 | 0 0 0 , 0 7 1 , 6 8 0 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ R e g i s t e r I E P K E Y s . e x e [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 2 0 | 0 0 0 , 0 5 1 , 7 1 2 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ i e 4 u i n i t . e x e [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 1 8 | 0 0 0 , 8 5 5 , 5 5 2 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ j s c r i p t . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 1 8 | 0 0 0 , 6 9 0 , 6 8 8 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ j s c r i p t . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 1 8 | 0 0 0 , 6 0 3 , 1 3 6 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ m s f e e d s . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 2 : 1 7 | 0 0 3 , 9 5 8 , 7 8 4 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ j s c r i p t 9 . d l l [ 2 0 1 3 . 0 8 . 1 8 2 1 : 2 7 : 3 2 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ W i n d o w s \ S y s N a t i v e \ M R T [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 3 6 | 0 0 1 , 4 7 2 , 5 1 2 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ c r y p t 3 2 . d l l [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 3 5 | 0 0 0 , 2 2 4 , 2 5 6 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ w i n t r u s t . d l l [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 3 5 | 0 0 0 , 1 3 9 , 7 7 6 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ c r y p t n e t . d l l [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 2 3 | 0 0 1 , 8 8 8 , 7 6 8 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ W M V D E C O D . D L L [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 2 2 | 0 0 1 , 6 2 0 , 9 9 2 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ W M V D E C O D . D L L [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 2 1 | 0 0 1 , 2 1 7 , 0 2 4 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ r p c r t 4 . d l l [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 2 0 | 0 0 5 , 5 5 0 , 5 2 8 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ n t o s k r n l . e x e [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 2 0 | 0 0 3 , 9 6 8 , 9 6 0 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ n t k r n l p a . e x e [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 2 0 | 0 0 3 , 9 1 3 , 6 6 4 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ n t o s k r n l . e x e [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 1 9 | 0 0 1 , 7 3 2 , 0 3 2 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ n t d l l . d l l [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 1 9 | 0 0 0 , 2 4 3 , 7 1 2 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s N a t i v e \ w o w 6 4 . d l l [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 1 9 | 0 0 0 , 0 1 4 , 3 3 6 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ n t v d m 6 4 . d l l [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 1 8 | 0 0 0 , 0 2 5 , 6 0 0 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ s e t u p 1 6 . e x e [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 1 8 | 0 0 0 , 0 0 7 , 6 8 0 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i n s t n m . e x e [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 1 8 | 0 0 0 , 0 0 5 , 1 2 0 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ w o w 3 2 . d l l [ 2 0 1 3 . 0 8 . 1 5 1 3 : 4 9 : 1 7 | 0 0 0 , 0 0 2 , 0 4 8 | - - - - | C ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ u s e r . e x e [ 2 0 1 3 . 0 8 . 1 3 1 8 : 1 1 : 2 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ P r o g r a m F i l e s ( x 8 6 ) \ M o z i l l a T h u n d e r b i r d [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = F i l e s - M o d i f i e d W i t h i n 3 0 D a y s = = = = = = = = = = [ / c o l o r ] [ 2 0 1 3 . 0 8 . 2 5 1 7 : 5 5 : 4 5 | 0 0 0 , 0 0 0 , 0 0 0 | - - - - | M ] ( ) - - C : \ U s e r s \ D i p p i \ d e f o g g e r _ r e e n a b l e [ 2 0 1 3 . 0 8 . 2 5 1 7 : 3 4 : 0 1 | 0 0 0 , 0 0 0 , 8 8 4 | - - - - | M ] ( ) - - C : \ W i n d o w s \ t a s k s \ A d o b e F l a s h P l a y e r U p d a t e r . j o b [ 2 0 1 3 . 0 8 . 2 5 1 7 : 3 0 : 5 2 | 0 0 0 , 0 2 0 , 4 8 0 | - H - - | M ] ( ) - - C : \ W i n d o w s \ S y s N a t i v e \ 7 B 2 9 6 F B 0 - 3 7 6 B - 4 9 7 e - B 0 1 2 - 9 C 4 5 0 E 1 B 7 3 2 7 - 5 P - 1 . C 7 4 8 3 4 5 6 - A 2 8 9 - 4 3 9 d - 8 1 1 5 - 6 0 1 6 3 2 D 0 0 5 A 0 [ 2 0 1 3 . 0 8 . 2 5 1 7 : 3 0 : 5 2 | 0 0 0 , 0 2 0 , 4 8 0 | - H - - | M ] ( ) - - C : \ W i n d o w s \ S y s N a t i v e \ 7 B 2 9 6 F B 0 - 3 7 6 B - 4 9 7 e - B 0 1 2 - 9 C 4 5 0 E 1 B 7 3 2 7 - 5 P - 0 . C 7 4 8 3 4 5 6 - A 2 8 9 - 4 3 9 d - 8 1 1 5 - 6 0 1 6 3 2 D 0 0 5 A 0 [ 2 0 1 3 . 0 8 . 2 5 1 7 : 3 0 : 3 2 | 0 0 0 , 6 1 9 , 6 1 6 | - - - - | M ] ( K a s p e r s k y L a b Z A O ) - - C : \ W i n d o w s \ S y s N a t i v e \ d r i v e r s \ k l i f . s y s [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 6 : 1 9 | 0 0 0 , 0 0 1 , 0 8 9 | - - - - | M ] ( ) - - C : \ U s e r s \ P u b l i c \ D e s k t o p \ K a s p e r s k y A n t i - V i r u s . l n k [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 3 : 0 2 | 0 0 0 , 0 0 0 , 8 2 8 | - - - - | M ] ( ) - - C : \ W i n d o w s \ t a s k s \ I S M - U p d a t e S e r v i c e - 4 e 0 0 2 0 5 a - 2 a b 1 - 4 4 2 3 - 8 f 7 7 - c c 2 5 b 8 2 c d e 1 d - L o g o n . j o b [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 2 : 4 6 | 0 0 0 , 0 6 7 , 5 8 4 | - - S - | M ] ( ) - - C : \ W i n d o w s \ b o o t s t a t . d a t [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 2 : 3 8 | 2 0 6 6 , 4 3 6 , 0 9 5 | - H S - | M ] ( ) - - C : \ h i b e r f i l . s y s [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 1 : 4 7 | 0 0 0 , 0 0 1 , 9 1 2 | - - - - | M ] ( ) - - C : \ W i n d o w s \ e p p l a u n c h e r . m i f [ 2 0 1 3 . 0 8 . 2 5 1 3 : 3 4 : 1 9 | 0 0 0 , 6 9 2 , 1 0 4 | - - - - | M ] ( A d o b e S y s t e m s I n c o r p o r a t e d ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ F l a s h P l a y e r A p p . e x e [ 2 0 1 3 . 0 8 . 2 5 1 3 : 3 4 : 1 9 | 0 0 0 , 0 7 1 , 0 4 8 | - - - - | M ] ( A d o b e S y s t e m s I n c o r p o r a t e d ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ F l a s h P l a y e r C P L A p p . c p l [ 2 0 1 3 . 0 8 . 2 5 1 3 : 3 4 : 0 7 | 0 1 7 , 1 3 9 , 0 8 0 | - - - - | M ] ( A d o b e S y s t e m s I n c o r p o r a t e d ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ F l a s h P l a y e r I n s t a l l e r . e x e [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 0 : 0 1 | 0 0 1 , 5 2 0 , 5 5 4 | - - - - | M ] ( ) - - C : \ W i n d o w s \ S y s N a t i v e \ P e r f S t r i n g B a c k u p . I N I [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 0 : 0 1 | 0 0 0 , 6 5 4 , 3 5 6 | - - - - | M ] ( ) - - C : \ W i n d o w s \ S y s N a t i v e \ p e r f h 0 0 7 . d a t [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 0 : 0 1 | 0 0 0 , 6 1 6 , 1 9 8 | - - - - | M ] ( ) - - C : \ W i n d o w s \ S y s N a t i v e \ p e r f h 0 0 9 . d a t [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 0 : 0 1 | 0 0 0 , 1 3 0 , 1 9 6 | - - - - | M ] ( ) - - C : \ W i n d o w s \ S y s N a t i v e \ p e r f c 0 0 7 . d a t [ 2 0 1 3 . 0 8 . 1 8 2 1 : 3 0 : 0 1 | 0 0 0 , 1 0 6 , 5 7 8 | - - - - | M ] ( ) - - C : \ W i n d o w s \ S y s N a t i v e \ p e r f c 0 0 9 . d a t [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = F i l e s C r e a t e d - N o C o m p a n y N a m e = = = = = = = = = = [ / c o l o r ] [ 2 0 1 3 . 0 8 . 2 5 1 7 : 5 5 : 4 5 | 0 0 0 , 0 0 0 , 0 0 0 | - - - - | C ] ( ) - - C : \ U s e r s \ D i p p i \ d e f o g g e r _ r e e n a b l e [ 2 0 1 3 . 0 8 . 2 5 1 7 : 2 6 : 2 6 | 0 0 0 , 0 0 1 , 0 8 9 | - - - - | C ] ( ) - - C : \ U s e r s \ P u b l i c \ D e s k t o p \ K a s p e r s k y A n t i - V i r u s . l n k [ 2 0 1 3 . 0 6 . 2 9 0 8 : 0 3 : 4 7 | 0 0 0 , 2 3 3 , 4 7 2 | R H S - | C ] ( ) - - C : \ U s e r s \ D i p p i \ A p p D a t a \ R o a m i n g \ i s c s i u m g . d l l [ 2 0 1 3 . 0 4 . 1 3 1 3 : 1 6 : 4 1 | 0 0 0 , 7 5 5 , 1 8 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i g k r n g 7 0 0 . b i n [ 2 0 1 3 . 0 4 . 1 3 1 3 : 1 6 : 4 1 | 0 0 0 , 5 6 1 , 5 0 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i g f c g 7 0 0 m . b i n [ 2 0 1 2 . 1 2 . 1 4 0 2 : 4 2 : 3 0 | 0 0 0 , 0 6 4 , 5 1 2 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i g d d e 3 2 . d l l [ 2 0 1 2 . 1 2 . 1 4 0 2 : 4 2 : 2 4 | 0 0 0 , 7 5 4 , 6 5 2 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i g c o d e c k r n g 7 0 0 . b i n [ 2 0 1 2 . 1 2 . 1 4 0 2 : 4 2 : 2 4 | 0 0 0 , 5 9 8 , 3 8 4 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ i g v p k r n g 7 0 0 . b i n [ 2 0 1 2 . 0 2 . 0 2 2 2 : 0 8 : 2 6 | 0 0 0 , 0 0 1 , 5 3 6 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s W o w 6 4 \ I u s E v e n t L o g . d l l [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = Z e r o A c c e s s C h e c k = = = = = = = = = = [ / c o l o r ] [ 2 0 0 9 . 0 7 . 1 4 0 6 : 5 5 : 0 0 | 0 0 0 , 0 0 0 , 2 2 7 | R H S - | M ] ( ) - - C : \ W i n d o w s \ a s s e m b l y \ D e s k t o p . i n i [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ C l a s s e s \ c l s i d \ { 4 2 a e d c 8 7 - 2 1 8 8 - 4 1 f d - b 9 a 3 - 0 c 9 6 6 f e a b e c 1 } \ I n P r o c S e r v e r 3 2 ] / 6 4 [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ C l a s s e s \ W o w 6 4 3 2 n o d e \ c l s i d \ { 4 2 a e d c 8 7 - 2 1 8 8 - 4 1 f d - b 9 a 3 - 0 c 9 6 6 f e a b e c 1 } \ I n P r o c S e r v e r 3 2 ] [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ C l a s s e s \ c l s i d \ { f b e b 8 a 0 5 - b e e e - 4 4 4 2 - 8 0 4 e - 4 0 9 d 6 c 4 5 1 5 e 9 } \ I n P r o c S e r v e r 3 2 ] / 6 4 [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ C l a s s e s \ W o w 6 4 3 2 n o d e \ c l s i d \ { f b e b 8 a 0 5 - b e e e - 4 4 4 2 - 8 0 4 e - 4 0 9 d 6 c 4 5 1 5 e 9 } \ I n P r o c S e r v e r 3 2 ] [ H K E Y _ L O C A L _ M A C H I N E \ S o f t w a r e \ C l a s s e s \ c l s i d \ { 4 2 a e d c 8 7 - 2 1 8 8 - 4 1 f d - b 9 a 3 - 0 c 9 6 6 f e a b e c 1 } \ I n P r o c S e r v e r 3 2 ] / 6 4 " " = C : \ W i n d o w s \ S y s N a t i v e \ s h e l l 3 2 . d l l - - [ 2 0 1 3 . 0 2 . 2 7 0 7 : 5 2 : 5 6 | 0 1 4 , 1 7 2 , 6 7 2 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) " T h r e a d i n g M o d e l " = A p a r t m e n t [ H K E Y _ L O C A L _ M A C H I N E \ S o f t w a r e \ W o w 6 4 3 2 N o d e \ C l a s s e s \ c l s i d \ { 4 2 a e d c 8 7 - 2 1 8 8 - 4 1 f d - b 9 a 3 - 0 c 9 6 6 f e a b e c 1 } \ I n P r o c S e r v e r 3 2 ] " " = % S y s t e m R o o t % \ s y s t e m 3 2 \ s h e l l 3 2 . d l l - - [ 2 0 1 3 . 0 2 . 2 7 0 6 : 5 5 : 0 5 | 0 1 2 , 8 7 2 , 7 0 4 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) " T h r e a d i n g M o d e l " = A p a r t m e n t [ H K E Y _ L O C A L _ M A C H I N E \ S o f t w a r e \ C l a s s e s \ c l s i d \ { 5 8 3 9 F C A 9 - 7 7 4 D - 4 2 A 1 - A C D A - D 6 A 7 9 0 3 7 F 5 7 F } \ I n P r o c S e r v e r 3 2 ] / 6 4 " " = C : \ W i n d o w s \ S y s N a t i v e \ w b e m \ f a s t p r o x . d l l - - [ 2 0 0 9 . 0 7 . 1 4 0 3 : 4 0 : 5 1 | 0 0 0 , 9 0 9 , 3 1 2 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) " T h r e a d i n g M o d e l " = F r e e [ H K E Y _ L O C A L _ M A C H I N E \ S o f t w a r e \ W o w 6 4 3 2 N o d e \ C l a s s e s \ c l s i d \ { 5 8 3 9 F C A 9 - 7 7 4 D - 4 2 A 1 - A C D A - D 6 A 7 9 0 3 7 F 5 7 F } \ I n P r o c S e r v e r 3 2 ] " " = % s y s t e m r o o t % \ s y s t e m 3 2 \ w b e m \ f a s t p r o x . d l l - - [ 2 0 1 0 . 1 1 . 2 1 0 5 : 2 4 : 2 5 | 0 0 0 , 6 0 6 , 2 0 8 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) " T h r e a d i n g M o d e l " = F r e e [ H K E Y _ L O C A L _ M A C H I N E \ S o f t w a r e \ C l a s s e s \ c l s i d \ { F 3 1 3 0 C D B - A A 5 2 - 4 C 3 A - A B 3 2 - 8 5 F F C 2 3 A F 9 C 1 } \ I n P r o c S e r v e r 3 2 ] / 6 4 " " = C : \ W i n d o w s \ S y s N a t i v e \ w b e m \ w b e m e s s . d l l - - [ 2 0 0 9 . 0 7 . 1 4 0 3 : 4 1 : 5 6 | 0 0 0 , 5 0 5 , 8 5 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) " T h r e a d i n g M o d e l " = B o t h [ H K E Y _ L O C A L _ M A C H I N E \ S o f t w a r e \ W o w 6 4 3 2 N o d e \ C l a s s e s \ c l s i d \ { F 3 1 3 0 C D B - A A 5 2 - 4 C 3 A - A B 3 2 - 8 5 F F C 2 3 A F 9 C 1 } \ I n P r o c S e r v e r 3 2 ] < E n d o f r e p o r t > |
|
25.08.2013, 19:04
| #2 |
| /// TB-Ausbilder   | ihavenet Rootkit eingefangen Hi,
__________________das ist kein Rootkit.. Bitte schau beim nächsten Mal, dass das Logfile normal formatiert ist und poste es in Code-Tags: http://www.trojaner-board.de/137229-...code-tags.html Schritt 1 Scan mit Combofix
Schritt 2 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Bitte poste in deiner nächsten Antwort:
__________________ |
|
25.08.2013, 19:45
| #3 |
| | ihavenet Rootkit eingefangen so, hatte ein kleines Wlan Problem, FRST war bereits ausgeführt, combofix kommt gleich. Vielen Dank.
__________________edit: combofix log steht ganz unten Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2013 02
Ran by Dippi (administrator) on 25-08-2013 20:00:20
Running from C:\Users\Dippi\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Deutsche Telekom AG) C:\Users\Dippi\AppData\Local\DTAG\Dtor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\wmi64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2598696 2012-02-29] (ELAN Microelectronics Corp.)
HKCU\...\Run: [DTAGSSDVDReport] - C:\Users\Dippi\AppData\Local\Dtag\Dtor.exe [4960192 2012-10-17] (Deutsche Telekom AG)
HKCU\...\Run: [JSIJLAXJL] - C:\Users\Dippi\AppData\Roaming\iscsiumg.dll [233472 2013-06-29] ()
MountPoints2: {75e884d3-a45b-11e2-84c7-806e6f6e6963} - D:\CDSetup.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [260928 2012-03-18] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [215360 2012-03-18] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\vrtoolcheckorder.exe (VR-NetWorld Software)
Startup: C:\Users\Dippi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Winsock: Catalog9 01 %SYSTEMROOT%\system32\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 %SYSTEMROOT%\system32\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 %SYSTEMROOT%\system32\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 %SYSTEMROOT%\system32\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 15 %SYSTEMROOT%\system32\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 15 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Dippi\AppData\Roaming\Mozilla\Firefox\Profiles\zsdf2wcn.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: firefox - C:\Users\Dippi\AppData\Roaming\Mozilla\Firefox\Profiles\zsdf2wcn.default\Extensions\firefox@ghostery.com.xpi
FF Extension: jid1-F9UJ2thwoAm5gQ - C:\Users\Dippi\AppData\Roaming\Mozilla\Firefox\Profiles\zsdf2wcn.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
FF Extension: No Name - C:\Users\Dippi\AppData\Roaming\Mozilla\Firefox\Profiles\zsdf2wcn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-06-17] (Kaspersky Lab ZAO)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-15] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
S2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [492032 2012-03-07] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [75880 2012-03-07] (Bigfoot Networks, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-05-06] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [619616 2013-08-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2013-06-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-05-05] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-05-05] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178784 2013-06-06] (Kaspersky Lab ZAO)
R3 L1C; C:\Windows\System32\DRIVERS\e22w7x64.sys [161616 2012-03-07] (Qualcomm Atheros, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-25 20:46 - 2013-08-25 21:56 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-08-25 19:59 - 2013-08-25 20:00 - 00016432 _____ C:\Users\Dippi\Desktop\Addition.txt
2013-08-25 19:59 - 2013-08-25 19:59 - 00000000 ____D C:\FRST
2013-08-25 18:26 - 2013-08-25 18:28 - 337268736 _____ C:\Users\Dippi\Downloads\kav_rescue_10.iso
2013-08-25 18:12 - 2013-08-25 18:12 - 00088638 _____ C:\Users\Dippi\Downloads\OTL.Txt
2013-08-25 18:12 - 2013-08-25 18:12 - 00041038 _____ C:\Users\Dippi\Downloads\Extras.Txt
2013-08-25 18:07 - 2013-08-25 18:07 - 00057614 _____ C:\Users\Dippi\Desktop\Gmer.txt
2013-08-25 18:01 - 2013-08-25 18:01 - 00602112 _____ (OldTimer Tools) C:\Users\Dippi\Downloads\OTL.exe
2013-08-25 17:56 - 2013-08-25 17:57 - 00377856 _____ C:\Users\Dippi\Downloads\9bmzl1ix.exe
2013-08-25 17:55 - 2013-08-25 17:55 - 00000472 _____ C:\Users\Dippi\Downloads\defogger_disable.log
2013-08-25 17:55 - 2013-08-25 17:55 - 00000000 _____ C:\Users\Dippi\defogger_reenable
2013-08-25 17:54 - 2013-08-25 17:55 - 00050477 _____ C:\Users\Dippi\Downloads\Defogger.exe
2013-08-25 17:26 - 2013-08-25 17:26 - 00001089 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2013-08-25 17:26 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2013-08-25 17:25 - 2013-08-25 19:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-25 17:25 - 2013-08-25 17:30 - 00619616 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-08-25 17:25 - 2013-08-25 17:25 - 00000000 ____D C:\Windows\ELAMBKUP
2013-08-25 17:25 - 2013-08-25 17:25 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-08-25 17:25 - 2013-06-08 20:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-08-25 17:12 - 2013-08-25 17:13 - 235628672 _____ C:\Users\Dippi\Downloads\kav14.0.0.4651de-de.exe
2013-08-25 17:10 - 2013-08-25 17:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-25 17:04 - 2013-08-25 17:04 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Dippi\Downloads\tdsskiller2.8.18.0.exe
2013-08-18 21:32 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-18 21:32 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-18 21:32 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-18 21:32 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-18 21:32 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-18 21:32 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-18 21:32 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-18 21:32 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-18 21:32 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-18 21:32 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-18 21:32 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-18 21:32 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-18 21:32 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-18 21:32 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-18 21:32 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-18 21:32 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-18 21:32 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-18 21:32 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-18 21:32 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-18 21:32 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-18 21:32 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-18 21:32 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-18 21:32 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-18 21:32 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-18 21:32 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-18 21:32 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-18 21:32 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-18 21:32 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-18 21:32 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-18 21:32 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-18 21:32 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-18 21:27 - 2013-08-18 21:28 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 13:49 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 13:49 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 13:49 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 13:49 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 13:49 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 13:49 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 13:49 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 13:49 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 13:49 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 13:49 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 13:49 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 13:49 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 13:49 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 13:49 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 13:49 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 13:49 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 13:49 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 13:49 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 13:49 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 13:49 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 13:49 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 13:49 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 13:49 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 13:49 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 13:49 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 13:49 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 13:49 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 18:11 - 2013-08-15 13:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
2013-08-25 21:52 - 2013-08-25 21:52 - 01576630 _____ (Farbar) C:\Users\Dippi\Desktop\FRST64.exe
2013-08-25 20:00 - 2013-08-25 19:59 - 00016432 _____ C:\Users\Dippi\Desktop\Addition.txt
2013-08-25 19:59 - 2013-08-25 19:59 - 00000000 ____D C:\FRST
2013-08-25 19:58 - 2013-08-25 17:25 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-25 19:58 - 2013-04-13 13:25 - 00000000 ____D C:\ProgramData\Bigfoot Networks
2013-08-25 19:58 - 2013-04-13 13:12 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-08-25 19:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-25 19:57 - 2009-07-14 06:51 - 00037033 _____ C:\Windows\setupact.log
2013-08-25 18:44 - 2013-04-13 13:06 - 02065990 _____ C:\Windows\WindowsUpdate.log
2013-08-25 18:39 - 2009-07-14 06:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-25 18:39 - 2009-07-14 06:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-25 18:34 - 2013-04-13 13:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-25 18:28 - 2013-08-25 18:26 - 337268736 _____ C:\Users\Dippi\Downloads\kav_rescue_10.iso
2013-08-25 18:14 - 2010-11-21 05:47 - 00042646 _____ C:\Windows\PFRO.log
2013-08-25 18:12 - 2013-08-25 18:12 - 00088638 _____ C:\Users\Dippi\Downloads\OTL.Txt
2013-08-25 18:12 - 2013-08-25 18:12 - 00041038 _____ C:\Users\Dippi\Downloads\Extras.Txt
2013-08-25 18:07 - 2013-08-25 18:07 - 00057614 _____ C:\Users\Dippi\Desktop\Gmer.txt
2013-08-25 18:01 - 2013-08-25 18:01 - 00602112 _____ (OldTimer Tools) C:\Users\Dippi\Downloads\OTL.exe
2013-08-25 17:57 - 2013-08-25 17:56 - 00377856 _____ C:\Users\Dippi\Downloads\9bmzl1ix.exe
2013-08-25 17:55 - 2013-08-25 17:55 - 00000472 _____ C:\Users\Dippi\Downloads\defogger_disable.log
2013-08-25 17:55 - 2013-08-25 17:55 - 00000000 _____ C:\Users\Dippi\defogger_reenable
2013-08-25 17:55 - 2013-08-25 17:54 - 00050477 _____ C:\Users\Dippi\Downloads\Defogger.exe
2013-08-25 17:55 - 2013-04-13 13:06 - 00000000 ____D C:\Users\Dippi
2013-08-25 17:30 - 2013-08-25 17:25 - 00619616 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-08-25 17:26 - 2013-08-25 17:26 - 00001089 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2013-08-25 17:25 - 2013-08-25 17:25 - 00000000 ____D C:\Windows\ELAMBKUP
2013-08-25 17:25 - 2013-08-25 17:25 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-08-25 17:22 - 2013-04-13 14:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-25 17:21 - 2013-04-13 13:53 - 00001912 _____ C:\Windows\epplauncher.mif
2013-08-25 17:13 - 2013-08-25 17:12 - 235628672 _____ C:\Users\Dippi\Downloads\kav14.0.0.4651de-de.exe
2013-08-25 17:10 - 2013-08-25 17:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-25 17:04 - 2013-08-25 17:04 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Dippi\Downloads\tdsskiller2.8.18.0.exe
2013-08-25 13:34 - 2013-05-20 14:34 - 17139080 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-25 13:34 - 2013-04-13 13:49 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-25 13:34 - 2013-04-13 13:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-25 13:34 - 2013-04-13 13:49 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-18 21:30 - 2010-11-21 08:50 - 00654356 _____ C:\Windows\system32\perfh007.dat
2013-08-18 21:30 - 2010-11-21 08:50 - 00130196 _____ C:\Windows\system32\perfc007.dat
2013-08-18 21:30 - 2009-07-14 07:13 - 01520554 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-18 21:28 - 2013-08-18 21:27 - 00000000 ____D C:\Windows\system32\MRT
2013-08-18 21:27 - 2013-07-07 13:07 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 13:48 - 2013-08-13 18:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-15 13:48 - 2013-07-08 06:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird.bak
2013-07-27 17:22 - 2013-05-02 20:29 - 00000000 ____D C:\Program Files (x86)\VR-NetWorld
2013-07-27 16:57 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-26 20:33 - 2010-11-21 09:00 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-26 07:13 - 2013-08-18 21:32 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-18 21:32 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-18 21:32 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-18 21:32 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-18 21:32 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-18 21:32 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-18 21:32 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-18 21:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-18 21:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-18 21:32 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-18 21:32 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-18 21:32 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-18 21:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-18 21:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-18 21:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-18 21:32 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-18 21:32 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-18 21:32 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-18 21:32 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-18 21:32 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-18 21:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-18 21:32 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-18 21:32 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-18 21:32 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-18 21:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-18 21:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-18 21:32 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-18 21:32 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-18 21:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-18 21:32 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-18 21:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
Files to move or delete:
====================
C:\Users\Dippi\AppData\Local\Temp\ose00000.exe
C:\Users\Dippi\AppData\Local\Temp\_is7119.exe
C:\Users\Dippi\AppData\Local\Temp\{6813A37E-BA6A-4C60-B76C-C89B09454249}\ISSetup.dll
C:\Users\Dippi\AppData\Local\Temp\{6813A37E-BA6A-4C60-B76C-C89B09454249}\_Setup.dll
C:\Users\Dippi\AppData\Local\Temp\IDC2.tmp\FP_AX_CAB_INSTALLER64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-05-01 20:25
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2013 02
Ran by Dippi at 2013-08-25 20:00:35
Running from C:\Users\Dippi\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
ElsterFormular (x32 Version: 14.1.20130301)
Intel PROSet Wireless
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342)
Intel(R) Management Engine Components (x32 Version: 8.0.4.1441)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2932)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.1.0.0096)
Intel(R) Rapid Storage Technology (x32 Version: 11.1.0.1006)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220)
Intel® PROSet/Wireless WiFi-Software (Version: 15.01.1000.0927)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
Kaspersky Anti-Virus (x32 Version: 14.0.0.4651)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
NVIDIA Grafiktreiber 296.31 (Version: 296.31)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA Optimus 1.7.12 (Version: 1.7.12)
NVIDIA Systemsteuerung 296.31 (Version: 296.31)
NVIDIA Update 1.7.12 (Version: 1.7.12)
NVIDIA Update Components (Version: 1.7.12)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Qualcomm Atheros Killer Network Manager (Version: 6.1.0.315)
Qualcomm Atheros Killer Network Manager (x32 Version: 6.1.0.315)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6602)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.92)
TeamViewer 8 (x32 Version: 8.0.19045)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VR-NetWorld (x32)
Ware PS/2-X64 8.0.5.7_WHQL (Version: 8.0.5.7)
==================== Restore Points =========================
13-06-2013 19:06:09 Windows Update
14-06-2013 21:01:48 Windows Update
19-06-2013 19:19:30 Windows Update
23-06-2013 06:53:11 Windows Update
26-06-2013 15:14:26 Windows Update
28-06-2013 18:42:24 Windows Update
05-07-2013 18:19:26 Windows Update
07-07-2013 11:02:01 Windows Update
09-07-2013 18:47:23 Windows Update
15-07-2013 09:43:57 Windows Update
20-07-2013 09:31:42 Windows Update
23-07-2013 18:09:57 Windows Update
27-07-2013 15:07:59 Windows Update
30-07-2013 19:03:28 Windows Update
08-08-2013 18:14:45 Windows Update
13-08-2013 16:20:42 Windows Update
18-08-2013 19:26:08 Windows Update
25-08-2013 11:41:06 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {45B5F537-9E49-4361-9951-5DD618E2F5E5} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {4E87817C-85E3-40D6-B6DD-5B14DC20BD98} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {633C5FDC-0D60-481B-8062-2AD4F93A5F02} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe No File
Task: {8C3D8CE1-7ACA-4F9D-86A8-28876F8A63BB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-25] (Adobe Systems Incorporated)
Task: {99CD2EE0-626B-4418-9561-338F850D3467} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {F12A6FBE-1BF3-4626-AD87-0460CC30B355} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {F8395D6A-0DE4-4CF8-885A-D48B3BFF7003} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/25/2013 07:58:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2013 06:32:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2013 06:30:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2013 06:17:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2013 05:23:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2013 05:17:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2013 04:56:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2013 01:30:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2013 01:14:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/19/2013 07:24:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (08/25/2013 07:58:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Qualcomm Atheros Killer Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/25/2013 07:58:32 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Qualcomm Atheros Killer Service erreicht.
Error: (08/25/2013 06:26:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/25/2013 06:26:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/25/2013 06:26:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/25/2013 06:26:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/25/2013 06:26:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/25/2013 06:26:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/25/2013 06:25:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/25/2013 06:25:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (08/25/2013 07:58:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2013 06:32:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2013 06:30:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2013 06:17:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2013 05:23:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2013 05:17:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2013 04:56:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2013 01:30:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2013 01:14:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/19/2013 07:24:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 17%
Total physical RAM: 8088.95 MB
Available physical RAM: 6650.04 MB
Total Pagefile: 16176.07 MB
Available Pagefile: 14407.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:698.54 GB) (Free:647.34 GB) NTFS
Drive e: () (Removable) (Total:7.45 GB) (Free:7.41 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 884A574C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=699 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)
==================== End Of Log ============================
edit: hier nun das combo fix Combofix Logfile: Code:
ATTFilter ComboFix 13-08-25.01 - Dippi 25.08.2013 20:49:07.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8089.6099 [GMT 2:00]
ausgeführt von:: c:\users\Dippi\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Dippi\AppData\Roaming\iscsiumg.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-25 bis 2013-08-25 ))))))))))))))))))))))))))))))
.
.
2013-08-25 18:52 . 2013-08-25 18:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-25 18:52 . 2013-08-25 18:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-25 18:46 . 2013-08-25 19:56 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-08-25 17:59 . 2013-08-25 17:59 -------- d-----w- C:\FRST
2013-08-25 15:26 . 2013-05-06 07:13 110176 ----a-w- c:\windows\system32\klfphc.dll
2013-08-25 15:25 . 2013-08-25 15:25 -------- d-----w- c:\windows\ELAMBKUP
2013-08-25 15:25 . 2013-08-25 18:42 -------- d-----w- c:\programdata\Kaspersky Lab
2013-08-25 15:25 . 2013-08-25 15:25 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-08-25 15:25 . 2013-08-25 15:30 619616 ----a-w- c:\windows\system32\drivers\klif.sys
2013-08-25 15:25 . 2013-06-08 18:18 112224 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-08-18 19:27 . 2013-08-18 19:28 -------- d-----w- c:\windows\system32\MRT
2013-08-13 16:11 . 2013-08-15 11:48 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-25 11:34 . 2013-04-13 11:49 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-25 11:34 . 2013-04-13 11:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-25 11:34 . 2013-05-20 12:34 17139080 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-18 19:27 . 2013-07-07 11:07 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-09 04:45 . 2013-08-15 11:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-26 15:17 . 2013-06-26 15:17 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-26 15:17 . 2013-06-26 15:17 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-26 15:17 . 2013-06-26 15:17 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-26 15:17 . 2013-06-26 15:17 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-26 15:17 . 2013-06-26 15:17 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-26 15:17 . 2013-06-26 15:17 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-26 15:17 . 2013-06-26 15:17 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-26 15:17 . 2013-06-26 15:17 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-26 15:17 . 2013-06-26 15:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-26 15:17 . 2013-06-26 15:17 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-26 15:17 . 2013-06-26 15:17 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-26 15:17 . 2013-06-26 15:17 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-26 15:17 . 2013-06-26 15:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-26 15:17 . 2013-06-26 15:17 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-26 15:17 . 2013-06-26 15:17 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-26 15:17 . 2013-06-26 15:17 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-26 15:17 . 2013-06-26 15:17 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-26 15:17 . 2013-06-26 15:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-26 15:17 . 2013-06-26 15:17 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-26 15:17 . 2013-06-26 15:17 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-26 15:17 . 2013-06-26 15:17 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-26 15:17 . 2013-06-26 15:17 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-26 15:17 . 2013-06-26 15:17 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-26 15:17 . 2013-06-26 15:17 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-26 15:17 . 2013-06-26 15:17 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-26 15:17 . 2013-06-26 15:17 441856 ----a-w- c:\windows\system32\html.iec
2013-06-26 15:17 . 2013-06-26 15:17 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-26 15:17 . 2013-06-26 15:17 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-26 15:17 . 2013-06-26 15:17 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-26 15:17 . 2013-06-26 15:17 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-26 15:17 . 2013-06-26 15:17 235008 ----a-w- c:\windows\system32\url.dll
2013-06-26 15:17 . 2013-06-26 15:17 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-26 15:17 . 2013-06-26 15:17 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-26 15:17 . 2013-06-26 15:17 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-26 15:17 . 2013-06-26 15:17 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-26 15:17 . 2013-06-26 15:17 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-26 15:17 . 2013-06-26 15:17 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-26 15:17 . 2013-06-26 15:17 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-26 15:17 . 2013-06-26 15:17 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-26 15:17 . 2013-06-26 15:17 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-26 15:17 . 2013-06-26 15:17 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-26 15:16 . 2013-06-26 15:16 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-26 15:16 . 2013-06-26 15:16 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-26 15:16 . 2013-06-26 15:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-26 15:16 . 2013-06-26 15:16 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-26 15:16 . 2013-06-26 15:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-26 15:16 . 2013-06-26 15:16 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-26 15:16 . 2013-06-26 15:16 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-26 15:16 . 2013-06-26 15:16 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-10 10:27 . 2013-06-10 10:27 30304 ----a-w- c:\windows\system32\drivers\klim6.sys
2013-06-06 15:38 . 2013-06-06 15:38 178784 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-06-05 03:34 . 2013-07-10 16:20 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 16:20 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 16:20 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DTAGSSDVDReport"="c:\users\Dippi\AppData\Local\Dtag\Dtor.exe" [2012-10-17 4960192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Dippi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Qualcomm Atheros Killer Network Manager.lnk - c:\program files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe -minimized [2012-3-7 549888]
VR-NetWorld Auftragsprüfung.lnk - c:\program files (x86)\VR-NetWorld\vrtoolcheckorder.exe /autostart [2013-5-2 1136640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-13 11:34]
.
2013-08-25 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2013-07-17 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Dippi\AppData\Roaming\Mozilla\Firefox\Profiles\zsdf2wcn.default\
FF - ExtSQL: 2013-08-25 17:30; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-08-25 17:30; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-08-25 17:30; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-JSIJLAXJL - c:\users\Dippi\AppData\Roaming\iscsiumg.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-25 20:53:43
ComboFix-quarantined-files.txt 2013-08-25 18:53
.
Vor Suchlauf: 9 Verzeichnis(se), 694.949.425.152 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 694.939.197.440 Bytes frei
.
- - End Of File - - DCC880A39F88DEC2B53FE2623A4AD511
Geändert von pr0blem (25.08.2013 um 19:54 Uhr) |
|
26.08.2013, 00:15
| #4 |
| /// TB-Ausbilder | ihavenet Rootkit eingefangen Die ihavenet-Umleitungen sollten jetzt verschwunden sein, korrekt? Wie läuft der Rechner sonst so? Schritt 1 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 2 ESET Online Scanner
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
28.08.2013, 15:08
| #5 |
| | ihavenet Rootkit eingefangen Hallo, Danke für die Hilfe. Das ihavenet Problem scheint verschwunden zu sein. Leider habe ich keine Ahnung welches Programm die Heilung eingeleitet hat. Ich habe keine entsprechende Meldung gelesen. Das würde mich echt interessieren. Da ich den Rechner lediglich betreue werde ich erst an irgendeinen Wochenende wieder dort davor sitzen. Dann werde ich auch die neuen Aufgaben ausführen. :-) |
|
28.08.2013, 16:06
| #6 |
| /// TB-Ausbilder | ihavenet Rootkit eingefangen Die dll, welche Combofix gelöscht hat, war für diese Umleitungen verantwortlich. Ok, dann warte ich noch auf die verbleibenden Logs am Wochenende. 
__________________ --> ihavenet Rootkit eingefangen |
|
11.09.2013, 08:48
| #7 |
| /// TB-Ausbilder | ihavenet Rootkit eingefangen Hi, ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos. Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.
__________________ cheers, Leo |
|
16.09.2013, 17:22
| #8 |
| /// TB-Ausbilder | ihavenet Rootkit eingefangen Fehlende Rückmeldung Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten. Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu ihavenet Rootkit eingefangen |
| appdata, bytes, c:\windows, cache, code, driver, firefox, gen, harddisk, ide, kaspersky, mozilla, neuer, nichts, ntdll.dll, nvidia, rechner, rootkit, scan, service, system, system32, temp, update, warum, win, win7 |
WARNUNG an die MITLESER: 
Linear-Darstellung
