mzpefinder_pcap_file.YR, PUPSpigot.YR (Lavasoft MAS)Behaviour: PUP
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: ec69638e2649a3cb8719b3f94e7d1f46
SHA1: fe0c1bd7d2500cd94c67921489b941fe65c8af3f
SHA256: e1a226856f787b66fce53699b993511a3359914f626d0ef1d7c3aad0499efab5
SSDeep: 49152:nHjQLjMK2nDIHE6Ain ULJWhJc8W0oeWlE39G:nHsLjMKSDIHE/Ak2HPoNG
Size: 1581592 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company: NCH Software
Created at: 2013-12-10 07:05:55
Analyzed on: Windows7Ada SP1 64-bit
Summary: PUP. Potentially Unwanted Program. An application that does not display malicious behavior yet is installed without having first sought affirmative user consent for installation. Users may not realize, due to the nature of the installation procedure, that an application they have not explicitly agreed to has been installed. This category can also be used to classify other applications which in a certain context can be wanted e.g. remote administration tools or IRC clients.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The PUP creates the following process(es):
TPAutoConnSvc.exe:1776
GoogleUpdate.exe:3288
GoogleUpdate.exe:3284
GoogleUpdate.exe:3864
GoogleUpdate.exe:3348
GoogleUpdate.exe:2184
NCH_GoogleToolbar.exe:3520
debut.exe:1832
debut.exe:2348
googletoolbarinstaller_en_signed.exe:2776
GoogleUpdaterService_B33FC4DD36A473C6.exe:3408
x264enc5.exe:2976
SearchWithGoogleUpdate_C993F490EED40C1B.exe:2388
GoogleUpdateSetup_latest.exe:2100
nchsetup.exe:2944
GoogleToolbarManager_8CA8B41417E66DEB.exe:3676
GoogleToolbarManager_8CA8B41417E66DEB.exe:3740
GoogleToolbarManager_8CA8B41417E66DEB.exe:3536
GoogleToolbarNotifier.exe:1696
GoogleToolbarNotifier.exe:2304
GoogleUpdaterService.exe:3384
GoogleUpdaterService.exe:1660
regsvr32.exe:3208
%original file name%.exe:3524
mp3el2.exe:2980
The PUP injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process GoogleUpdate.exe:3288 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files% (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\0.0.0.0\googletoolbarinstaller_en_signed.exe (38249 bytes)
C:\Windows\Temp\guiC12C.tmp (15 bytes)
%Program Files% (x86)\Google\Update\Install\{80E8A347-A15D-4F70-8A14-834F39A8DBB8}\googletoolbarinstaller_en_signed.exe (38734 bytes)
The process GoogleUpdate.exe:3284 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files% (x86)\GUM8C57.tmp\goopdate.dll (835 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_en.dll (28 bytes)
The process NCH_GoogleToolbar.exe:3520 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz8C0A.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleUpdateSetup_latest.exe (25250 bytes)
The process debut.exe:1832 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_debut_rl_adm (8 bytes)
The process googletoolbarinstaller_en_signed.exe:2776 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_32_52E818EF81C83A9B.exe (620 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbar.7.5.5111.1712.manifest.xml (36 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_0A4439FF67F61065.dll (2 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C993F490EED40C1B.exe (50 bytes)
C:\Windows\System32\config\SOFTWARE (63799 bytes)
C:\ (96 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_64_F8ED9B719A89F8EF.dll (489 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_8E471B27054D20F5.dll (149 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbar_32_365102BD7F6C8091.dll (390 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_64_4D9709C1FA1422BA.exe (801 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleCld_187F9D811452062B.dll (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleToolbarInstaller2.log (43972 bytes)
C:\$Directory (384 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe (50 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbar_64_54BD4059920ABC8A.dll (514 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleUpdateSetup_5CC4B0F53D73AD88.exe (1480 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleUpdaterService_B33FC4DD36A473C6.exe (390 bytes)
C:\Windows\System32\config\SOFTWARE.LOG1 (60980 bytes)
The process GoogleUpdaterService_B33FC4DD36A473C6.exe:3408 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files% (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (390 bytes)
The process x264enc5.exe:2976 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files% (x86)\NCH Software\Components\x264enc5\x264enc5.exe (20838 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\x264enc5_.cab (467 bytes)
The process SearchWithGoogleUpdate_C993F490EED40C1B.exe:2388 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (346 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gth.dll (49 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (79 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\Readme.url (212 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll (150 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (1 bytes)
The process GoogleUpdateSetup_latest.exe:2100 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files% (x86)\GUM8C57.tmp (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_lt.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_hi.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_es-419.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdate.dll (1702 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_vi.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_zh-CN.dll (21 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_zh-TW.dll (21 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_en.dll (27 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_el.dll (30 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_sw.dll (29 bytes)
%Program Files% (x86)\GUT8C58.tmp (4 bytes)
%Program Files% (x86)\GUM8C57.tmp\GoogleCrashHandler.exe (212 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_id.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_hu.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_gu.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_et.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ur.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_pl.dll (30 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_fr.dll (30 bytes)
%Program Files% (x86)\GUM8C57.tmp\psmachine.dll (159 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_kn.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ta.dll (30 bytes)
%Program Files% (x86)\GUM8C57.tmp\psuser.dll (159 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_sr.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\GoogleUpdateSetup.exe (5441 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_it.dll (30 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_sl.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ca.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ru.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_am.dll (25 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ar.dll (26 bytes)
%Program Files% (x86)\GUM8C57.tmp\npGoogleUpdate3.dll (838 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_th.dll (27 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_is.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_fa.dll (27 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_sv.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_pt-BR.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_pt-PT.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ro.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_iw.dll (26 bytes)
%Program Files% (x86)\GUM8C57.tmp\GoogleUpdateOnDemand.exe (59 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ko.dll (23 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_hr.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ja.dll (24 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_tr.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_en-GB.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_de.dll (31 bytes)
%Program Files% (x86)\GUM8C57.tmp\GoogleUpdateBroker.exe (59 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_no.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\GoogleCrashHandler64.exe (550 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_bg.dll (30 bytes)
%Program Files% (x86)\GUM8C57.tmp\GoogleUpdateHelper.msi (25 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_uk.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_sk.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_cs.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ms.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ml.dll (31 bytes)
%Program Files% (x86)\GUM8C57.tmp\GoogleUpdate.exe (234 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_te.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_lv.dll (30 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_mr.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_bn.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_fil.dll (30 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_da.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_fi.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_nl.dll (30 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_es.dll (31 bytes)
The process nchsetup.exe:2944 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files% (x86)\NCH Software\Debut\debutfilterinstallerx86.exe (9476 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Doxillion Dokumentenkonverter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme\VideoPad Video-Editor.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\about.html (196 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme\Präsentationsersteller-Software.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\hlp.css (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\other.html (196 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\devices.html (196 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\VideoPad Video-Editor.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\cursorright.png (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\colorsettings.html (2 bytes)
C:\Users\"%CurrentUserName%"\Favorites\Downloadseite von NCH Software.lnk (312 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\oodevices.html (3 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme\Videoaufnahme-Software.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\scheduler.html (3 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Express Zip Dateikomprimierung.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\debutfilterinstallerx64.exe (19348 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\licenceterms.html (3 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Rechnungssoftware.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\debutfilterx64.sys (4708 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme\Videokassette-zu-DVD-Konverter.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\debut.exe (15423 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Express Rip CD-Ripper.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Grafikdatei-Konverter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Classic FTP Software.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\debutfilterx86.inf (2 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\snapshot.html (3 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Videoaufnahme-Software.lnk (1 bytes)
C:\Users\Public\Desktop\Debut Videorekorder.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\recordingcontrols.html (388 bytes)
%Program Files% (x86)\NCH Software\Debut\_debuthooksdll.dll (8844 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\record.html (3 bytes)
%Program Files% (x86)\NCH Software\Debut\debutfilterx86.cat (388 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\keychange.html (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\edittaskdlg.html (2 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\recordingslist.html (196 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\commandline.html (196 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\help.js (2 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\selectiontool.html (196 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\flickrauth.html (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\SoundTap Streaming-Rekorder.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Buchhaltungssoftware.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme\Videostreaming Server.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\options.html (1 bytes)
%Program Files% (x86)\NCH Software\Debut\clickup.wav (3 bytes)
%Program Files% (x86)\NCH Software\Debut\clickraw.png (3 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\index.html (196 bytes)
%Program Files% (x86)\NCH Software\Debut\cursorboth.png (2 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\followmousecursor.html (3 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Express Burn CD, DVD oder Blu-Ray.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\mp3el2.exe (24344 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\MixPad Mehrspur-Mixer.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Express Dictate Rekorder.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\arrowlist.gif (455 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\oonetwork.html (3 bytes)
%Program Files% (x86)\NCH Software\Components\NCHToolbars\google\NCH_GoogleToolbar.exe (382441 bytes)
%Program Files% (x86)\NCH Software\Debut\debutsetup_v1.95.exe (10177 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\WavePad Sound-Editor.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\RecordPad Soundrekorder.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\cursorleft.png (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme\Videodatei-Formatkonverter.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\ltaskdatapanel.html (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\control.html (2 bytes)
%Program Files% (x86)\NCH Software\Debut\clickdown.wav (3 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\textcaption.html (3 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Switch Sounddatei-Konverter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Prism Videodatei-Formatkonverter.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\x264enc5.exe (62431 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Videorekorder.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\output.html (4 bytes)
%Program Files% (x86)\NCH Software\Debut\debutfilterx86.sys (6532 bytes)
%Program Files% (x86)\NCH Software\Debut\debutfilterx64.inf (2 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\ooscreen.html (3 bytes)
%Program Files% (x86)\NCH Software\Debut\debutfilterx64.cat (388 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\watermark.html (3 bytes)
The process GoogleToolbarManager_8CA8B41417E66DEB.exe:3676 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleToolbarInstaller1.log (2418 bytes)
The process GoogleToolbarManager_8CA8B41417E66DEB.exe:3740 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (1281 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (673 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleToolbarInstaller1.log (41641 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarHelper_signed.msi (28 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarUser_64.exe (2321 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarHelperPatch_signed.msp (125 bytes)
The process GoogleToolbarManager_8CA8B41417E66DEB.exe:3536 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
C:\ProgramData\Google\Custom Buttons\toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML (12 bytes)
The process GoogleToolbarNotifier.exe:1696 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (1 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll (151 bytes)
The process regsvr32.exe:3208 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (348 bytes)
The process %original file name%.exe:3524 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchdata.dat (17751 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchsetup.cab (736 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchdata.cab (825 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchsetup.exe (34178 bytes)
The process mp3el2.exe:2980 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\mp3el2_.cab (180 bytes)
%Program Files% (x86)\NCH Software\Components\mp3el2\lame.exe (7384 bytes)
Registry activity
The process TPAutoConnSvc.exe:1776 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\ThinPrint\TPPrnUI\NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1]
"TrayData" = "2,Tray 3, 3,Tray 2, 1,Tray 1, 4,Manual Feed, 7,Auto Select"
"FormData" = "1,2159,2794,Letter¶40,40,2086,2712, 5,2159,3556,Legal¶40,40,2086,3474, 9,2100,2970,A4¶39,39,2032,2890, 7,1842,2667,Executive¶40,40,1761,2585, 258,2159,3302,8.5 x 13 (custom)¶40,40,2086,3220, 11,1480,2100,A5¶39,39,1408,2020, 70,1050,1480,A6¶39,39,975,1399, 13,1820,2570,B5 (JIS)¶39,39,1747,2490, 264,1950,2700,16K 195x270¶39,39,1882,2620, 263,1840,2600,16K 184x260¶39,39,1761,2520, 257,1970,2730,16K 197x273¶39,39,1896,2650, 43,1000,1480,Japanese Postcard¶39,39,921,1399, 82,1480,2000,Double Japan Postcard Rotated¶39,39,1408,1919, 20,1046,2413,Envelope #10¶40,40,975,2331, 37,983,1905,Envelope Monarch¶40,40,907,1823, 34,1760,2500,Envelope B5¶39,39,1693,2420, 28,1620,2290,Envelope C5¶39,39,1544,2209, 27,1100,2200,Envelope DL¶39,39,1029,2120"
"DelAfterCreate" = "1"
[HKU\.DEFAULT\Printers\DevModes2]
"NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1" = "4E 00 50 00 49 00 34 00 35 00 36 00 41 00 42 00"
The PUP deletes the following registry key(s):
[HKLM\SOFTWARE\ThinPrint\TPPrnUI\NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1]
The process GoogleUpdate.exe:3288 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"DayOfLastActivity" = "4294967295"
"pv" = "7.5.5111.1712"
"usagestats" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\CurrentState]
"InstallProgressPercent" = "4294967295"
"StateValue" = "3"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"DayOfLastRollCall" = "4294967295"
"LastCheckSuccess" = "1420521619"
[HKCU\Software\Google\Update\proxy]
"source" = "IEWPAD"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\CurrentState]
"DownloadTimeRemainingMs" = "4294967295"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"DayOfInstall" = "2926"
"InstallTime" = "1420521598"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\CurrentState]
"InstallTimeRemainingMs" = "4294967295"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"brand" = "NCHD"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\CurrentState]
"DownloadProgressPercent" = "0"
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerExtraCode1"
"LastInstallerSuccessLaunchCmdLine"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientStateMedium\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"eulaaccepted"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"UpdateAvailableCount"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientStateMedium\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"usagestats"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"ap"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerResult"
"old-uid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"iid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"LastInstallerResult"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerResultUIString"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"eulaaccepted"
"UpdateAvailableSince"
"LastInstallerError"
"LastInstallerResultUIString"
"experiment_labels"
"tttoken"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerError"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"browser"
"LastInstallerExtraCode1"
"LastInstallerSuccessLaunchCmdLine"
The process GoogleUpdate.exe:3284 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"usagestats" = "0"
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableSince"
"UpdateAvailableCount"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\network\secure]
"sk"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"eulaaccepted"
[HKCU\Software\Google\Update]
"old-uid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"old-uid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\network\secure]
"c"
[HKCU\Software\Google\Update]
"uid"
The process GoogleUpdate.exe:3864 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"usagestats" = "0"
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"old-uid"
"eulaaccepted"
The process GoogleUpdate.exe:3348 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Google\Update\proxy]
"source" = "IEWPAD"
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"old-uid"
The process GoogleUpdate.exe:2184 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Google\Update\proxy]
"source" = "IEWPAD"
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"old-uid"
The process debut.exe:1832 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCU\Software\NCH Software\Debut\FindPlay]
"DefaultRecordFolder" = "C:\Users\"%CurrentUserName%"\Videos\Debut"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1395168576"
[HKCU\Software\NCH Software\Debut\Settings]
"ScreenCaptureRight" = "1716"
[HKCU\Software\NCH Software\Debut\ScreenVideoSettings]
"Format" = ".avi"
[HKCU\Software\NCH Software\Debut\Settings]
"ScreenCaptureBottom" = "901"
[HKCU\Software\NCH Software\Debut\ScreenVideoSettings]
"WindowsMedia_VideoBitrate" = "16384000"
[HKCU\Software\NCH Software\Debut\Settings]
"CaptureMode" = "0"
"Zoom" = "100"
"ScreenCaptureLeft" = "0"
[HKCU\Software\NCH Software\Debut\Registration]
"Name" = ""
"RD" = "1420521620"
"LR" = "1420521620"
[HKCU\Software\NCH Software\Debut\Settings]
"ScreenCaptureTop" = "0"
"FullScreenSelected" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "debut.exe"
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Debut\Scheduler]
"SevenDays"
The process debut.exe:2348 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Debut\Scheduler]
"SevenDays" = "1"
The process googletoolbarinstaller_en_signed.exe:2776 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Branding]
"sin" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component]
"NextVersion" = "7.5.5111.1712"
"currentVersion" = "7.5.5111.1712"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Branding]
"ein" = "1"
[HKCU\Software\Google\Google Toolbar\4.0\Setup]
"InstallProgress" = "3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 41 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "B9 8C 35 76 70 29 D0 01"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar]
"test" = "41"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"EnabledExperiments" = "POSI,PUMA"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"
[HKCU\Software\Google\Google Toolbar\4.0\Setup]
"Command" = "2"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"FirstInstallTime" = "1420521619"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The PUP deletes the following value(s) in system registry:
[HKCU\Software\Google\Google Toolbar]
"LastInstallError"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component]
"NextVersion"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"
"ProxyServer"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component]
"PrimaryInstallDone"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"FailedInstallPing"
The process GoogleUpdaterService_B33FC4DD36A473C6.exe:3408 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Common\Google Updater\apps\tbie]
"auto" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Common\Google Updater]
"Path" = "%Program Files% (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
"Version" = "2.4.2617.4952"
The process x264enc5.exe:2976 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCU\Software\NCH Software\Components\x264enc5]
"Version" = "1.00"
[HKLM\SOFTWARE\Wow6432Node\NCH Swift Sound\Components\x264enc5]
"Version" = "1.00"
[HKCU\Software\NCH Swift Sound\Components\x264enc5]
"Version" = "1.00"
[HKCU\Software\NCH Software\Components\x264enc5]
"Path" = "%Program Files% (x86)\NCH Software\Components\x264enc5\x264enc5.exe"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Components\x264enc5]
"Version" = "1.00"
[HKCU\Software\NCH Swift Sound\Components\x264enc5]
"Path" = "%Program Files% (x86)\NCH Software\Components\x264enc5\x264enc5.exe"
[HKLM\SOFTWARE\Wow6432Node\NCH Swift Sound\Components\x264enc5]
"Path" = "%Program Files% (x86)\NCH Software\Components\x264enc5\x264enc5.exe"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Components\x264enc5]
"Path" = "%Program Files% (x86)\NCH Software\Components\x264enc5\x264enc5.exe"
The process SearchWithGoogleUpdate_C993F490EED40C1B.exe:2388 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\GoogleToolbarNotifier]
"Version" = "5.7.9012.1008"
"ID" = "79719f98482242cd813a5027b10bbf6c"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files% (x86)\Google\Update\1.3.24.15, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\327c54aa\python.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\327c54aa\, , \??\%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008,"
[HKCU\Software\Google\GoogleToolbarNotifier\Temp]
"ust" = "100"
[HKLM\SOFTWARE\Wow6432Node\Google\GoogleToolbarNotifier\Clients]
"ietb" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\GoogleToolbarNotifier]
"brand" = "NCHD"
The PUP deletes the following registry key(s):
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
The process nchsetup.exe:2944 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCU\Software\Classes\rtffile\Shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Components\GoogleToolbar]
"State" = "attempted"
[HKCU\Software\Classes\divxfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\.mp4]
"(Default)" = "mp4file"
[HKCU\Software\NCH Software\Debut\ScreenVideoSettings]
"Format" = ".avi"
[HKCU\Software\Microsoft\ActiveMovie\devenum\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\Microphone (High Definition Aud]
"WaveInId" = "0"
[HKCU\Software\NCH Software\Debut\Software]
"Toolbar" = "cnm-installed"
[HKCU\Software\Classes\.WAV]
"(Default)" = "wavfile"
[HKCU\Software\Classes\aifffile\Shell\NCHconvertsound]
"(Default)" = "Sounddatei konvertieren"
[HKCU\Software\Classes\mpegfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Prism %L"
[HKCU\Software\Classes\.mov]
"(Default)" = "movfile"
[HKCU\Software\Classes\giffile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\docfile\Shell\NCHconvertdoc]
"(Default)" = "Dateityp konvertieren"
[HKCU\Software\Classes\AcroExch.Document\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Doxillion %L"
[HKCU\Software\Microsoft\ActiveMovie\devenum\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\Microphone (High Definition Aud]
"FilterData" = "02 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00"
[HKCU\Software\Classes\.MP3]
"(Default)" = "mp3file"
[HKCU\Software\Microsoft\ActiveMovie\devenum\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\Microphone (High Definition Aud]
"FriendlyName" = "Microphone (High Definition Aud"
[HKCU\Software\Classes\FirefoxHTML\shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Doxillion %L"
[HKCU\Software\Classes\wavfile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Switch %L"
[HKCU\Software\Classes\gsmfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\avifile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\giffile\Shell\NCHconvertimage]
"(Default)" = "Imagedatei konvertieren"
[HKCU\Software\Classes\jpegfile\Shell\NCHconvertimage]
"(Default)" = "Imagedatei konvertieren"
[HKCU\Software\NCH Software\Debut\Hotkey\4]
"key" = "131194"
[HKCU\Software\Classes\.OGG]
"(Default)" = "oggfile"
[HKCU\Software\NCH Software\Debut\IPCameraVideoSettings]
"Format" = ".avi"
[HKCU\Software\Classes\mohfile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\Paint.Picture\Shell\NCHconvertimage]
"(Default)" = "Imagedatei konvertieren"
[HKCU\Software\Classes\movfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Prism %L"
[HKCU\Software\NCH Software\Debut\Hotkey\2]
"Command" = "12"
[HKCU\Software\Classes\docfile\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Doxillion %L"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Debut\Software]
"Installer" = "%Program Files% (x86)\NCH Software\Debut\debutsetup_v1.95.exe"
[HKCU\Software\Classes\flacfile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Switch %L"
[HKCU\Software\Classes\jpegfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\neffile\Shell\NCHconvertimage]
"(Default)" = "Imagedatei konvertieren"
[HKCU\Software\Classes\pngfile\Shell\NCHslideshow\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind PhotoStage %L"
[HKCU\Software\Classes\aufile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind WavePad %L"
[HKCU\Software\Classes\dctfile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\m4vfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\tar.gzfile\Shell\NCHextract]
"(Default)" = "Mit Express Zip extrahieren"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Debut]
"DisplayVersion" = "1.95"
[HKCU\Software\NCH Software\Debut\WebCamVideoSettings]
"Format" = ".avi"
[HKCU\Software\Classes\.dss]
"(Default)" = "dssfile"
[HKCU\Software\Classes\mpdpfile]
"(Default)" = "Unbehandelter Erweiterungshandler-Finder"
[HKCU\Software\Classes\aacfile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Switch %L"
[HKCU\Software\Classes\mpgfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\Paint.Picture\Shell\NCHslideshow\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind PhotoStage %L"
[HKCU\Software\Classes\vocfile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind WavePad %L"
[HKCU\Software\Classes\wpfile\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Doxillion %L"
[HKCU\Software\Classes\jpegfile\Shell\NCHconvertimage\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Pixillion %L"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Debut]
"Version" = "1.95"
[HKCU\Software\Classes\wavfile\Shell\NCHconvertsound]
"(Default)" = "Sounddatei konvertieren"
[HKCU\Software\Classes\.AAC]
"(Default)" = "aacfile"
[HKCU\Software\Classes\avifile\Shell\NCHeditvideo]
"(Default)" = "Videodatei bearbeiten"
[HKCU\Software\Classes\xvidfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Prism %L"
[HKCU\Software\Classes\ds2file\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\asffile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind VideoPad %L"
[HKLM\SOFTWARE\Wow6432Node\Google\GCAPITemp]
"test" = "testv"
[HKCU\Software\NCH Software\Debut\Hotkey\1]
"key" = "131195"
[HKCU\Software\Classes\m4afile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind WavePad %L"
[HKCU\Software\Classes\aacfile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind WavePad %L"
[HKCU\Software\Classes\oggfile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind WavePad %L"
[HKCU\Software\Classes\wpdfile\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Doxillion %L"
[HKCU\Software\Classes\asffile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Prism %L"
[HKCU\Software\Classes\vobfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind VideoPad %L"
[HKCU\Software\Classes\mpgfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind VideoPad %L"
[HKCU\Software\Classes\AcroExch.Document\Shell\NCHconvertdoc]
"(Default)" = "Dateityp konvertieren"
[HKCU\Software\Classes\mp3file\Shell\NCHconvertsound]
"(Default)" = "Sounddatei konvertieren"
[HKCU\Software\Classes\gzfile\Shell\NCHextract]
"(Default)" = "Mit Express Zip extrahieren"
[HKCU\Software\Classes\mpeg2file\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Prism %L"
[HKCU\Software\Classes\pngfile\Shell\NCHconvertimage\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Pixillion %L"
[HKCU\Software\Classes\aufile\Shell\NCHconvertsound]
"(Default)" = "Sounddatei konvertieren"
[HKCU\Software\Classes\.gz]
"(Default)" = "gzfile"
[HKCU\Software\Classes\giffile\Shell\NCHslideshow]
"(Default)" = "Diashow erstellen"
[HKCU\Software\Classes\mpeg2file\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind VideoPad %L"
[HKCU\Software\Classes\.meo]
"(Default)" = "meofile"
[HKCU\Software\NCH Software\Debut\Hotkey\0]
"Command" = "3"
[HKCU\Software\NCH Software\Debut\Settings]
"InstallDate" = "1420521569"
[HKCU\Software\Classes\wpdfile\Shell\NCHconvertdoc]
"(Default)" = "Dateityp konvertieren"
[HKCU\Software\Classes\Windows.IsoFile\shell]
"(Default)" = "open"
[HKCU\Software\Classes\m4vfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind VideoPad %L"
[HKCU\Software\Classes\.nef]
"(Default)" = "neffile"
[HKCU\Software\Classes\voxfile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind WavePad %L"
[HKCU\Software\Classes\.wp]
"(Default)" = "wpfile"
[HKCU\Software\Classes\divxfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Prism %L"
[HKCU\Software\Classes\mpegfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind VideoPad %L"
[HKCU\Software\Classes\mp4file\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind VideoPad %L"
[HKCU\Software\Classes\m4afile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\wmafile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind WavePad %L"
[HKCU\Software\Classes\dctfile]
"(Default)" = "Unbehandelter Erweiterungshandler-Finder"
[HKCU\Software\Classes\neffile\Shell\NCHslideshow\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind PhotoStage %L"
[HKCU\Software\Classes\mp4file\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Prism %L"
[HKCU\Software\Classes\jpegfile\Shell\NCHslideshow\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind PhotoStage %L"
[HKCU\Software\Classes\xvidfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\mpgfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Prism %L"
[HKCU\Software\Classes\mp3file\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\.rar]
"(Default)" = "rarfile"
[HKCU\Software\Classes\xvidfile\Shell\NCHconvertvideo]
"(Default)" = "Videodatei konvertieren"
[HKCU\Software\Microsoft\ActiveMovie\devenum\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\Microphone (High Definition Aud]
"CLSID" = "{E30629D2-27E5-11CE-875D-00608CB78066}"
[HKCU\Software\Classes\CABFolder\Shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind ExpressZip %L"
[HKCU\Software\Classes\mp3file\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Switch %L"
[HKCU\Software\Classes\meofile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Meo %L"
[HKCU\Software\Classes\.divx]
"(Default)" = "divxfile"
[HKCU\Software\Classes\aiffile\Shell\NCHconvertsound]
"(Default)" = "Sounddatei konvertieren"
[HKCU\Software\Classes\m4vfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Prism %L"
[HKCU\Software\Classes\aiffile\Shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Debut]
"DisplayIcon" = "%Program Files% (x86)\NCH Software\Debut\debut.exe"
[HKCU\Software\Classes\wavfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\.avi]
"(Default)" = "avifile"
[HKCU\Software\Classes\mp4file\Shell\NCHeditvideo]
"(Default)" = "Videodatei bearbeiten"
[HKCU\Software\Classes\Windows.IsoFile\shell\NCHextract]
"(Default)" = "Mit Express Zip extrahieren"
[HKCU\Software\Classes\7zfile\Shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind ExpressZip %L"
[HKCU\Software\Classes\tar.gzfile\Shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind ExpressZip %L"
[HKCU\Software\Classes\mpeg2file\Shell\NCHeditvideo]
"(Default)" = "Videodatei bearbeiten"
[HKCU\Software\Classes\aufile\Shell\NCHeditsound]
"(Default)" = "Sounddatei bearbeiten"
[HKCU\Software\Classes\pngfile\Shell\NCHslideshow]
"(Default)" = "Diashow erstellen"
[HKCU\Software\Classes\giffile\Shell\NCHconvertimage\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Pixillion %L"
[HKCU\Software\Classes\ds2file\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Scribe %L"
[HKCU\Software\Classes\vobfile\Shell\NCHconvertvideo]
"(Default)" = "Videodatei konvertieren"
[HKCU\Software\Classes\wavfile\Shell\NCHeditsound]
"(Default)" = "Sounddatei bearbeiten"
[HKCU\Software\Classes\mpeg2file\Shell\NCHconvertvideo]
"(Default)" = "Videodatei konvertieren"
[HKCU\Software\NCH Software\Components\GoogleToolbar]
"State" = "attempted"
[HKCU\Software\Classes\.mpdp]
"(Default)" = "mpdpfile"
[HKCU\Software\NCH Software\Debut\Settings]
"InstalledByAdmin" = "1"
[HKCU\Software\Classes\voxfile\Shell\NCHconvertsound]
"(Default)" = "Sounddatei konvertieren"
[HKCU\Software\Classes\.mpeg]
"(Default)" = "mpegfile"
[HKCU\Software\Classes\rtffile\Shell\NCHconvertdoc]
"(Default)" = "Dateityp konvertieren"
[HKCU\Software\Classes\rtffile\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Doxillion %L"
[HKCU\Software\NCH Software\Debut\Settings]
"InstallerPath" = "%Program Files% (x86)\NCH Software\Debut"
[HKCU\Software\Classes\ds2file\shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Switch %L"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Debut]
"InstallLocation" = "%Program Files% (x86)\NCH Software\Debut"
[HKCU\Software\Classes\tar.gzfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\TIFImage.Document\Shell\NCHconvertimage]
"(Default)" = "Imagedatei konvertieren"
[HKCU\Software\Classes\xvidfile\Shell\NCHeditvideo]
"(Default)" = "Videodatei bearbeiten"
[HKCU\Software\Classes\aiffile\Shell\NCHeditsound]
"(Default)" = "Sounddatei bearbeiten"
[HKCU\Software\Classes\.AU]
"(Default)" = "aufile"
[HKCU\Software\Classes\.ivr]
"(Default)" = "ivrfile"
[HKCU\Software\Classes\docxfile\Shell\NCHconvertdoc]
"(Default)" = "Dateityp konvertieren"
[HKCU\Software\Classes\divxfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind VideoPad %L"
[HKCU\Software\Classes\.WMA]
"(Default)" = "wmafile"
[HKCU\Software\Classes\wmafile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\.xvid]
"(Default)" = "xvidfile"
[HKCU\Software\Classes\odtfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\mpdpfile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\gsmfile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Switch %L"
[HKCU\Software\Classes\.asf]
"(Default)" = "asffile"
[HKCU\Software\Classes\gzfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\movfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\odtfile\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Doxillion %L"
[HKCU\Software\Classes\gsmfile\Shell\NCHconvertsound]
"(Default)" = "Sounddatei konvertieren"
[HKCU\Software\Classes\meofile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\CABFolder\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\CABFolder\Shell\NCHextract]
"(Default)" = "Mit Express Zip extrahieren"
[HKCU\Software\Classes\divxfile\Shell\NCHconvertvideo]
"(Default)" = "Videodatei konvertieren"
[HKCU\Software\Classes\docxfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\wpfile\Shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Debut]
"DisplayName" = "Debut Videorekorder"
[HKCU\Software\Classes\rarfile\Shell\NCHextract]
"(Default)" = "Mit Express Zip extrahieren"
[HKCU\Software\NCH Software\Debut\Settings]
"currentVersion" = "1.95"
[HKCU\Software\Classes\wpdfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\vobfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Prism %L"
[HKCU\Software\Classes\asffile\Shell\NCHeditvideo]
"(Default)" = "Videodatei bearbeiten"
[HKCU\Software\Classes\oggfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\docxfile\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Doxillion %L"
[HKCU\Software\Classes\.vox]
"(Default)" = "voxfile"
[HKCU\Software\Classes\Windows.IsoFile\shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind ExpressZip %L"
[HKCU\Software\Classes\mp4file\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\jpegfile\Shell\NCHslideshow]
"(Default)" = "Diashow erstellen"
[HKCU\Software\Classes\TIFImage.Document\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\neffile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\voxfile\Shell\NCHeditsound]
"(Default)" = "Sounddatei bearbeiten"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Debut]
"URLUpdateInfo" = "www.nchsoftware.com/capture/de/index.html"
[HKCU\Software\NCH Software\Debut\Hotkey\3]
"Command" = "10"
[HKCU\Software\Classes\flacfile\Shell\NCHconvertsound]
"(Default)" = "Sounddatei konvertieren"
[HKCU\Software\Classes\.M4A]
"(Default)" = "m4afile"
[HKCU\Software\NCH Software\Debut\Hotkey\2]
"key" = "131170"
[HKCU\Software\Classes\rarfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\dssfile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Debut]
"Publisher" = "NCH Software"
[HKCU\Software\Classes\mpegfile\Shell\NCHeditvideo]
"(Default)" = "Videodatei bearbeiten"
[HKCU\Software\Classes\.7z]
"(Default)" = "7zfile"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Debut]
"URLInfoAbout" = "www.nchsoftware.com/capture/de/support.html"
[HKCU\Software\Classes\.mpeg2]
"(Default)" = "mpeg2file"
[HKCU\Software\Classes\avifile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Prism %L"
[HKCU\Software\Classes\odtfile\Shell\NCHconvertdoc]
"(Default)" = "Dateityp konvertieren"
[HKCU\Software\Classes\.moh]
"(Default)" = "mohfile"
[HKCU\Software\Classes\.ds2]
"(Default)" = "ds2file"
[HKCU\Software\Classes\neffile\Shell\NCHslideshow]
"(Default)" = "Diashow erstellen"
[HKCU\Software\Classes\gzfile\Shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind ExpressZip %L"
[HKCU\Software\NCH Software\Debut\Hotkey\3]
"key" = "131169"
[HKCU\Software\Classes\.vpj]
"(Default)" = "vpjfile"
[HKCU\Software\Classes\mp3file\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind WavePad %L"
[HKCU\Software\Classes\.FLAC]
"(Default)" = "flacfile"
[HKCU\Software\Classes\.tar]
"(Default)" = "tarfile"
[HKCU\Software\Classes\mpeg2file\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\asffile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\.voc]
"(Default)" = "vocfile"
[HKCU\Software\Classes\spjfile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\mpdpfile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind MixPad %L"
[HKCU\Software\Classes\m4afile\Shell\NCHeditsound]
"(Default)" = "Sounddatei bearbeiten"
[HKCU\Software\Classes\aiffile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind WavePad %L"
[HKCU\Software\Classes\avifile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind VideoPad %L"
[HKCU\Software\Classes\.AIFF]
"(Default)" = "aifffile"
[HKCU\Software\Classes\mohfile]
"(Default)" = "Unbehandelter Erweiterungshandler-Finder"
[HKCU\Software\Classes\aifffile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind WavePad %L"
[HKCU\Software\Classes\meofile]
"(Default)" = "Unbehandelter Erweiterungshandler-Finder"
[HKCU\Software\Classes\aifffile\Shell\NCHeditsound]
"(Default)" = "Sounddatei bearbeiten"
[HKCU\Software\Classes\divxfile\Shell\NCHeditvideo]
"(Default)" = "Videodatei bearbeiten"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Debut]
"VersionMajor" = "1"
[HKCU\Software\Classes\wmafile\Shell\NCHeditsound]
"(Default)" = "Sounddatei bearbeiten"
[HKCU\Software\Classes\giffile\Shell\NCHslideshow\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind PhotoStage %L"
[HKCU\Software\Classes\Windows.IsoFile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind ExpressBurn %L"
[HKCU\Software\Classes\vobfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\7zfile\Shell\NCHextract]
"(Default)" = "Mit Express Zip extrahieren"
[HKCU\Software\Classes\.gsm]
"(Default)" = "gsmfile"
[HKCU\Software\Classes\ivrfile]
"(Default)" = "Unbehandelter Erweiterungshandler-Finder"
[HKCU\Software\Classes\neffile\Shell\NCHconvertimage\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Pixillion %L"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Debut\Settings]
"RelatedRuns" = "-1"
[HKCU\Software\Microsoft\ActiveMovie\devenum]
"Version" = "7"
[HKCU\Software\Classes\mohfile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind IMS %L"
[HKCU\Software\Classes\ds2file]
"(Default)" = "Unbehandelter Erweiterungshandler-Finder"
[HKCU\Software\Classes\7zfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\aacfile\Shell\NCHeditsound]
"(Default)" = "Sounddatei bearbeiten"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKCU\Software\Classes\ds2file\shell]
"(Default)" = "open"
[HKCU\Software\Classes\m4vfile\Shell\NCHeditvideo]
"(Default)" = "Videodatei bearbeiten"
[HKCU\Software\Classes\pngfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\vpjfile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\AcroExch.Document\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\Paint.Picture\Shell\NCHconvertimage\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Pixillion %L"
[HKCU\Software\Classes\vocfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\wmafile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Switch %L"
[HKCU\Software\Classes\.dct]
"(Default)" = "dctfile"
[HKCU\Software\NCH Software\Debut\Hotkey\1]
"Command" = "5"
[HKCU\Software\Classes\Paint.Picture\Shell\NCHslideshow]
"(Default)" = "Diashow erstellen"
[HKCU\Software\Classes\TIFImage.Document\Shell\NCHconvertimage\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Pixillion %L"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\Classes\mpgfile\Shell\NCHconvertvideo]
"(Default)" = "Videodatei konvertieren"
[HKCU\Software\Classes\.doc]
"(Default)" = "docfile"
[HKCU\Software\Classes\.wpd]
"(Default)" = "wpdfile"
[HKCU\Software\NCH Software\Debut\Hotkey]
"maxId" = "1"
[HKCU\Software\Classes\aacfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\spjfile]
"(Default)" = "Unbehandelter Erweiterungshandler-Finder"
[HKCU\Software\Classes\wmafile\Shell\NCHconvertsound]
"(Default)" = "Sounddatei konvertieren"
[HKCU\Software\Microsoft\ActiveMovie\devenum\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\Microphone (High Definition Aud]
"ClassManagerFlags" = "2"
[HKCU\Software\Classes\dssfile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Scribe %L"
[HKCU\Software\Classes\aufile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\vpjfile]
"(Default)" = "Unbehandelter Erweiterungshandler-Finder"
[HKCU\Software\Classes\asffile\Shell\NCHconvertvideo]
"(Default)" = "Videodatei konvertieren"
[HKCU\Software\Classes\flacfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\avifile\Shell\NCHconvertvideo]
"(Default)" = "Videodatei konvertieren"
[HKCU\Software\Classes\docfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\vobfile\Shell\NCHeditvideo]
"(Default)" = "Videodatei bearbeiten"
[HKCU\Software\Classes\aifffile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Switch %L"
[HKCU\Software\NCH Software\Debut\Hotkey\4]
"Command" = "13"
[HKCU\Software\Classes\aiffile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Switch %L"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Debut]
"UninstallString" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -uninstall"
"VersionMinor" = "95"
[HKCU\Software\Classes\.m4v]
"(Default)" = "m4vfile"
[HKCU\Software\NCH Software\Debut\Hotkey\0]
"key" = "131193"
[HKCU\Software\Classes\pngfile\Shell\NCHconvertimage]
"(Default)" = "Imagedatei konvertieren"
[HKCU\Software\Classes\mpgfile\Shell\NCHeditvideo]
"(Default)" = "Videodatei bearbeiten"
[HKCU\Software\Classes\oggfile\Shell\NCHeditsound]
"(Default)" = "Sounddatei bearbeiten"
[HKCU\Software\Classes\mp3file\Shell\NCHeditsound]
"(Default)" = "Sounddatei bearbeiten"
[HKCU\Software\Classes\Paint.Picture\Shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Debut\Settings]
"InstallerPath" = "%Program Files% (x86)\NCH Software\Debut"
[HKCU\Software\Classes\movfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind VideoPad %L"
[HKCU\Software\Classes\aifffile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\m4vfile\Shell\NCHconvertvideo]
"(Default)" = "Videodatei konvertieren"
[HKCU\Software\Classes\voxfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\dssfile]
"(Default)" = "Unbehandelter Erweiterungshandler-Finder"
[HKCU\Software\Classes\ivrfile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\mpegfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\movfile\Shell\NCHconvertvideo]
"(Default)" = "Videodatei konvertieren"
[HKCU\Software\Classes\wavfile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind WavePad %L"
[HKCU\Software\Classes\.mpg]
"(Default)" = "mpgfile"
[HKCU\Software\Classes\tarfile\Shell\NCHextract]
"(Default)" = "Mit Express Zip extrahieren"
[HKCU\Software\Classes\mpegfile\Shell\NCHconvertvideo]
"(Default)" = "Videodatei konvertieren"
[HKCU\Software\Classes\voxfile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Switch %L"
[HKCU\Software\Classes\.vob]
"(Default)" = "vobfile"
[HKCU\Software\Classes\ivrfile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind IVM %L"
[HKCU\Software\Classes\ds2file\shell\NCHconvertsound]
"(Default)" = "Sounddatei konvertieren"
[HKCU\Software\Classes\.tar.gz]
"(Default)" = "tar.gzfile"
[HKCU\Software\Classes\.spj]
"(Default)" = "spjfile"
[HKCU\Software\Classes\vocfile\Shell\NCHeditsound]
"(Default)" = "Sounddatei bearbeiten"
[HKCU\Software\Classes\tarfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\aacfile\Shell\NCHconvertsound]
"(Default)" = "Sounddatei konvertieren"
[HKCU\Software\Classes\dctfile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Scribe %L"
[HKCU\Software\Classes\spjfile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind PhotoStage %L"
[HKCU\Software\Classes\FirefoxHTML\shell\NCHconvertdoc]
"(Default)" = "Dateityp konvertieren"
[HKCU\Software\Classes\rarfile\Shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind ExpressZip %L"
[HKCU\Software\Classes\mp4file\Shell\NCHconvertvideo]
"(Default)" = "Videodatei konvertieren"
[HKCU\Software\Classes\xvidfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind VideoPad %L"
[HKCU\Software\Classes\Windows.IsoFile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\movfile\Shell\NCHeditvideo]
"(Default)" = "Videodatei bearbeiten"
[HKCU\Software\Classes\wpfile\Shell\NCHconvertdoc]
"(Default)" = "Dateityp konvertieren"
[HKCU\Software\Classes\tarfile\Shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind ExpressZip %L"
[HKCU\Software\NCH Software\Debut\Software]
"SVar" = "LLIBShowrelatedwhenchromeoff"
[HKCU\Software\Classes\.AIF]
"(Default)" = "aiffile"
[HKCU\Software\Classes\aufile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind Switch %L"
[HKCU\Software\Classes\vpjfile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Debut\debut.exe -extfind VideoPad %L"
The PUP deletes the following registry key(s):
[HKLM\SOFTWARE\Wow6432Node\Google\GCAPITemp]
The PUP deletes the following value(s) in system registry:
[HKCU\Software\NCH Software\Debut\Software]
"_ShowSurveyNow"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKLM\SOFTWARE\Wow6432Node\Google\GCAPITemp]
"test"
[HKCU\Software\NCH Software\Debut\Software]
"ShowSurvey"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\NCH Software\Debut\Software]
"_ShowSurvey"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\NCH Software\Debut\Software]
"InstalledBy"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\NCH Software\Debut\Software]
"ShowSurveyNow"
"_InstalledBy"
The PUP disables automatic startup of the application by deleting the following autorun value:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"_DebutUninstall"
"DebutUninstall4"
"DebutUninstall"
"DebutUninstall5"
"DebutUninstall2"
"_DebutUninstall5"
"_DebutUninstall4"
"_DebutUninstall3"
"_DebutUninstall2"
"DebutUninstall3"
The process GoogleToolbarManager_8CA8B41417E66DEB.exe:3676 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component\Used]
"GoogleToolbarManager.exe" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"pv" = "7.5.5111.1712"
The process GoogleToolbarManager_8CA8B41417E66DEB.exe:3740 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"Policy" = "3"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"DisplayVersion" = "7.5.5111.1712"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"ToastOfferTime" = "0"
[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"AppPath" = "%Program Files% (x86)\Google\Google Toolbar"
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
"(Default)" = "Google Toolbar Helper"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"Publisher" = "Google Inc."
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"SystemPatchLevel" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"GTB7.5" = ""
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\GoogleUpdate]
"InstallTimestamp" = "1420521598"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.5111.1712_5" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:5"
"cmd_7.5.5111.1712_4" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:4"
"cmd_7.5.5111.1712_7" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:7"
"cmd_7.5.5111.1712_6" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:6"
"cmd_7.5.5111.1712_1" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:1"
"cmd_7.5.5111.1712_0" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:0"
"cmd_7.5.5111.1712_3" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:3"
"cmd_7.5.5111.1712_2" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:2"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = "00"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Branding]
"InstallType" = "3"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.5111.1712_9" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:9"
"cmd_7.5.5111.1712_8" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:8"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"ToastSetDefaultSearch" = "3"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"AllowInteractions" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"DisplayName" = "Google Toolbar for Internet Explorer"
[HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"(Default)" = "Google Toolbar"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"EnableUsageStats" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"Policy" = "3"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"UninstallString" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /uninstall"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"AppName" = "GoogleToolbarUser_64.exe"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"{14C626CA-ACAB-46e5-8A99-53C9E11CCCA0}_enabled" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Branding]
"InstallTime" = "1420521599"
[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0]
"AuthorizedLUAApp" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"DisplayIcon" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"Policy" = "3"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"ButtonPageRank" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"AppPath" = "%Program Files% (x86)\Google\Google Toolbar"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar]
"test" = "41"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"AppName" = "GoogleToolbarUser_32.exe"
[HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"ToastSetPageRank" = "2"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\GoogleUpdate]
"InstallResult" = "pi"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"RbbsBreak" = "1"
[HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"EulaAccepted" = "1"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Enable Browser Extensions" = "yes"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"Policy" = "3"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"Compatibility Flags" = "1024"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component\Used]
"GoogleUpdaterService.exe" = "1"
"SearchWithGoogleUpdate.exe" = "1"
"GoogleToolbarManager.exe" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = "00"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Branding]
"brand" = "NCHD"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"AppName" = "GoogleToolbarUser_32.exe"
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_64.dll"
[HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_32.dll"
[HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
"(Default)" = "Google Toolbar Helper"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"BrowseByName" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component]
"PrimaryInstallDone" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"Compatibility Flags" = "1024"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"ToastSetHomePage" = "2"
[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E\@%SystemRoot%\system32]
"dnsapi.dll,-103" = "Domain Name System (DNS) Server Trust"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"AppPath" = "%Program Files% (x86)\Google\Google Toolbar"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"GTB7.5" = ""
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_64.dll"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"UsageStatsEnabled" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"DisableBrowseByName" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"MinorVersion" = "5"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"Name" = "Google Toolbar"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Branding]
"ID" = "AC4C401CF3D73E6A044F1AA29EA5304205DE1wZWKM"
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"InstallLocation" = "%Program Files% (x86)\Google\Google Toolbar\"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Installations]
"1420521616" = "v=7.5.5111.1712&tbbrand=NCHD&i=0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"NoModify" = "1"
"MajorVersion" = "7"
"NoRepair" = "1"
[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E\@%SystemRoot%\system32]
"p2pcollab.dll,-8042" = "Peer to Peer Trust"
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"(Default)" = "Google Toolbar"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"AppName" = "GoogleToolbarUser_64.exe"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"brand" = "NCHD"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"AppPath" = "%Program Files% (x86)\Google\Google Toolbar"
[HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_32.dll"
The PUP deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046}]
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ProgID]
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\TypeLib]
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\Programmable]
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046}\Enum]
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\VersionIndependentProgID]
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ProgID]
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\TypeLib]
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\VersionIndependentProgID]
[HKCU\Software\Classes\Local Settings\MuiCache\29]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum]
[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}]
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\Programmable]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021494-0000-0000-C000-000000000046}]
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021494-0000-0000-C000-000000000046}\Enum]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}]
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum]
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"UseIe64"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"Vendor"
[HKCU\Software\Google\Google Toolbar\4.0]
"Update"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"RefreshIE"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"lang"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"WelcomePage"
The process GoogleToolbarManager_8CA8B41417E66DEB.exe:3536 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component\NonManifest\C:\ProgramData\Google\Custom Buttons]
"toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component\Used]
"GoogleToolbarDynamic_mui_en.dll" = "1"
The process GoogleToolbarNotifier.exe:1696 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCR\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\ProtectorExe.ProtectorHost.1\CLSID]
"(Default)" = "{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}"
[HKCR\Wow6432Node\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}]
"(Default)" = "IProtectorLib7"
[HKCR\Wow6432Node\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}]
"(Default)" = "IProtector11"
[HKCR\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{2212951C-1623-4095-906B-AC50B8F91016}]
"(Default)" = "IProtector2"
[HKCR\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll"
[HKCR\Wow6432Node\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}]
"(Default)" = "IProtector8"
[HKCR\Wow6432Node\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}]
"(Default)" = "IProtector6"
[HKCR\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}]
"(Default)" = "IProtectorHost2"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\ProgID]
"(Default)" = "protector_dll.ProtectorLib.1"
[HKCR\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}]
"(Default)" = "IProtectorLib"
[HKCR\Wow6432Node\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}]
"(Default)" = "IProtector3"
[HKCR\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\TypeLib]
"Version" = "1a.0"
[HKCR\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\1a.0]
"(Default)" = "protector_dllLib"
[HKCR\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\AppID\{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}]
"(Default)" = "protector_dll"
[HKCR\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}]
"(Default)" = "IProtector9"
[HKCR\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\AppID\{A97CA128-6998-4F8E-807E-8ED05FADAFB0}]
"(Default)" = "ProtectorExe"
[HKCR\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}]
"(Default)" = "IProtectorLib8"
[HKCR\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}]
"(Default)" = "IProtectorLib8"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
"(Default)" = "Google Toolbar Notifier BHO"
[HKCR\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{9891812B-5820-4A77-827E-772B200239E1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"AppPath" = "%Program Files% (x86)\Google\GoogleToolbarNotifier"
[HKCR\Wow6432Node\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}]
"(Default)" = "IProtectorLib7"
[HKCR\protector_dll.ProtectorLib.1]
"(Default)" = "ProtectorLib Class"
[HKCR\Wow6432Node\Interface\{9891812B-5820-4A77-827E-772B200239E1}]
"(Default)" = "IProtector4"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"Depend" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}]
"(Default)" = "ProtectorLib Class"
[HKCR\Wow6432Node\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\TypeLib]
"Version" = "1a.0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"AppName" = "GoogleToolbarNotifier.exe"
[HKCR\Wow6432Node\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}]
"(Default)" = "IProtector5"
[HKCR\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}]
"(Default)" = "IProtectorLib5"
[HKCR\Wow6432Node\Interface\{9891812B-5820-4A77-827E-772B200239E1}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{9891812B-5820-4A77-827E-772B200239E1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"(Default)" = "ProtectorHost Class"
[HKCR\Interface\{9891812B-5820-4A77-827E-772B200239E1}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}]
"(Default)" = "IProtectorHost"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll"
[HKCR\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}]
"(Default)" = "IProtector10"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\Wow6432Node\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\VersionIndependentProgID]
"(Default)" = "protector_dll.ProtectorBho"
[HKCR\Wow6432Node\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}]
"(Default)" = "IProtector10"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\ProgID]
"(Default)" = "ProtectorExe.ProtectorHost.1"
[HKCR\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\TypeLib]
"Version" = "1a.0"
[HKCR\protector_dll.ProtectorLib\CurVer]
"(Default)" = "protector_dll.ProtectorLib.1"
[HKCR\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{9891812B-5820-4A77-827E-772B200239E1}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{2212951C-1623-4095-906B-AC50B8F91016}]
"(Default)" = "IProtector2"
[HKCR\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}]
"(Default)" = "IProtector5"
[HKCR\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\TypeLib]
"Version" = "1a.0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"AppPath" = "%Program Files% (x86)\Google\GoogleToolbarNotifier"
[HKCR\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}]
"(Default)" = "IProtectorHost"
[HKCR\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}]
"(Default)" = "IProtector3"
[HKCR\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\AppID\ProtectorExe.EXE]
"AppID" = "{A97CA128-6998-4F8E-807E-8ED05FADAFB0}"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKCR\protector_dll.Protector.1\CLSID]
"(Default)" = "{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}"
[HKCR\ProtectorExe.ProtectorHost\CLSID]
"(Default)" = "{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}"
[HKCR\protector_dll.ProtectorBho]
"(Default)" = "Google Toolbar Notifier BHO"
[HKCR\Wow6432Node\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\AppID\protector_dll.DLL]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKCR\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}]
"(Default)" = "IProtectorLib2"
[HKCR\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\ProgID]
"(Default)" = "protector_dll.Protector.1"
[HKCR\Wow6432Node\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}]
"(Default)" = "IProtectorLib6"
[HKCR\protector_dll.Protector\CLSID]
"(Default)" = "{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\VersionIndependentProgID]
"(Default)" = "ProtectorExe.ProtectorHost"
[HKCR\Wow6432Node\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}]
"(Default)" = "IProtector7"
[HKCR\Wow6432Node\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\ProtectorExe.ProtectorHost]
"(Default)" = "ProtectorHost Class"
[HKCR\Wow6432Node\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{9891812B-5820-4A77-827E-772B200239E1}]
"(Default)" = "IProtector4"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\Wow6432Node\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\protector_dll.ProtectorBho.1\CLSID]
"(Default)" = "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"
[HKCR\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\1a.0\HELPDIR]
"(Default)" = ""
[HKCR\Wow6432Node\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\protector_dll.ProtectorBho.1]
"(Default)" = "Google Toolbar Notifier BHO"
[HKCR\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}]
"(Default)" = "IProtectorLib3"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\VersionIndependentProgID]
"(Default)" = "protector_dll.ProtectorLib"
[HKCR\Wow6432Node\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}]
"(Default)" = "IProtector11"
[HKCR\Wow6432Node\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}]
"(Default)" = "IProtector12"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\1a.0\FLAGS]
"(Default)" = "0"
[HKCR\Wow6432Node\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\VersionIndependentProgID]
"(Default)" = "protector_dll.Protector"
[HKCR\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ProgID]
"(Default)" = "protector_dll.ProtectorBho.1"
[HKCR\protector_dll.ProtectorLib.1\CLSID]
"(Default)" = "{84798B8E-69F8-4846-9516-373C2996E2F7}"
[HKCR\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}]
"(Default)" = "IProtectorLib3"
[HKCR\Interface\{9891812B-5820-4A77-827E-772B200239E1}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKCR\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}]
"(Default)" = "IProtector"
[HKCR\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}]
"(Default)" = "IProtector6"
[HKCR\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\TypeLib]
"Version" = "1a.0"
[HKCR\ProtectorExe.ProtectorHost.1]
"(Default)" = "ProtectorHost Class"
[HKCR\Wow6432Node\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\protector_dll.Protector\CurVer]
"(Default)" = "protector_dll.Protector.1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"AppName" = "GoogleToolbarNotifier.exe"
[HKCR\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\TypeLib]
"Version" = "1a.0"
[HKCR\AppID\{A97CA128-6998-4F8E-807E-8ED05FADAFB0}]
"RunAs" = "Interactive User"
[HKCR\Wow6432Node\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}]
"(Default)" = "IProtectorLib5"
[HKCR\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"Policy" = "3"
[HKCR\protector_dll.ProtectorBho\CLSID]
"(Default)" = "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"
[HKCR\Wow6432Node\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"AppID" = "{A97CA128-6998-4F8E-807E-8ED05FADAFB0}"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKCR\protector_dll.ProtectorBho\CurVer]
"(Default)" = "protector_dll.ProtectorBho.1"
[HKCR\Wow6432Node\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\ProtectorExe.ProtectorHost\CurVer]
"(Default)" = "ProtectorExe.ProtectorHost.1"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\1a.0\0\win32]
"(Default)" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll"
[HKCR\Wow6432Node\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"Policy" = "3"
[HKCR\Wow6432Node\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}]
"(Default)" = "IProtector12"
[HKCR\Wow6432Node\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}]
"(Default)" = "IProtectorHost2"
[HKCR\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\TypeLib]
"Version" = "1a.0"
[HKCR\protector_dll.Protector.1]
"(Default)" = "Protector Class"
[HKCR\Wow6432Node\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll"
[HKCR\protector_dll.Protector]
"(Default)" = "Protector Class"
[HKCR\protector_dll.ProtectorLib\CLSID]
"(Default)" = "{84798B8E-69F8-4846-9516-373C2996E2F7}"
[HKCR\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}]
"(Default)" = "IProtector8"
[HKCR\Wow6432Node\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}]
"(Default)" = "IProtector"
[HKCR\Wow6432Node\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}]
"(Default)" = "IProtector9"
[HKCR\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}]
"(Default)" = "Protector Class"
[HKCR\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}]
"(Default)" = "IProtectorLib4"
[HKCR\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}]
"(Default)" = "IProtector7"
[HKCR\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}]
"(Default)" = "IProtectorLib"
[HKCR\Wow6432Node\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}]
"(Default)" = "IProtectorLib4"
[HKCR\protector_dll.ProtectorLib]
"(Default)" = "ProtectorLib Class"
[HKCR\Wow6432Node\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}]
"(Default)" = "IProtectorLib6"
[HKCR\Wow6432Node\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}]
"(Default)" = "IProtectorLib2"
[HKCR\Wow6432Node\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\TypeLib]
"Version" = "1a.0"
The process GoogleToolbarNotifier.exe:2304 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"HideUI_Throttled" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32]
"EnableConsoleTracing" = "0"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"DetectChange_DS" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"
[HKCU\Software\Google\GoogleToolbarNotifier]
"KeepDS" = "688508711"
"FirstRun" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"Icon_Click" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32]
"FileDirectory" = "%windir%\tracing"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "B9 8C 35 76 70 29 D0 01"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32]
"EnableFileTracing" = "0"
[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"
[HKCU\Software\Google\GoogleToolbarNotifier]
"UpdateURL" = "http://clients1.google.com/tools/swg2/update"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKCU\Software\Google\GoogleToolbarNotifier]
"lds" = "http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"ShowUI_TrayIcon" = "0"
[HKCU\Software\Google\Google Toolbar\4.0]
"UpdateResult" = "98"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "B9 8C 35 76 70 29 D0 01"
[HKCU\Software\Google\GoogleToolbarNotifier]
"DefaultLanguage" = "en"
"TS" = "1420521619"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"Bubble_Click" = "0"
"UserAllowChange_DS" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32]
"ConsoleTracingMask" = "4294901760"
[HKCU\Software\Google\GoogleToolbarNotifier]
"AppPath" = "%Program Files% (x86)\Google\GoogleToolbarNotifier"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"ShowUI_Popup" = "0"
[HKCU\Software\Google\GoogleToolbarNotifier]
"InstalledVersion" = "5.7.9012.1008"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 40 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"LastReportTime" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\Google\GoogleToolbarNotifier\Temp]
"scShowTrayIcon" = "ffffffff"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32]
"MaxFileSize" = "1048576"
[HKCU\Software\Google\GoogleToolbarNotifier]
"UsageStat" = "1"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"ModifyUI_UserIntent" = "0"
[HKCU\Software\Google\GoogleToolbarNotifier]
"Version" = "5.7.9012.1008"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"Extc" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"
[HKCU\Software\Google\GoogleToolbarNotifier\Temp]
"scKeepDS" = "2909cf27"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32]
"FileTracingMask" = "4294901760"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionTime" = "B9 8C 35 76 70 29 D0 01"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDetectedUrl"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoDetect"
[HKCU\Software\Google\GoogleToolbarNotifier]
"WantProductRestart"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKCU\Software\Google\GoogleToolbarNotifier]
"ts"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Google\GoogleToolbarNotifier]
"DSPSuspended"
"SuspendedDS"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDetectedUrl"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
The process GoogleUpdaterService.exe:3384 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Common\Google Updater\apps\swg]
"auto" = "0"
The process GoogleUpdaterService.exe:1660 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCR\Wow6432Node\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}]
"(Default)" = "ISilentUpdater"
[HKCR\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967}\1.0\HELPDIR]
"(Default)" = ""
[HKCR\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}]
"(Default)" = "IUpdaterScheduler"
[HKCR\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"
[HKCR\AppID\GoogleUpdaterService.exe]
"AppID" = "{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}"
[HKCR\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"
[HKCR\GUSchedulerCtl.UpdaterScheduler]
"(Default)" = "Google Updater Scheduler class"
[HKCR\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib]
"Version" = "1.0"
[HKCR\Wow6432Node\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"
[HKCR\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\ProgID]
"(Default)" = "GUServiceCtl.SilentUpdater.1"
[HKCR\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}]
"AppID" = "{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}"
[HKCR\Wow6432Node\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
[HKCR\Wow6432Node\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}]
"(Default)" = "Google Updater Scheduler class"
[HKCR\Wow6432Node\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib]
"Version" = "1.0"
[HKCR\GUServiceCtl.SilentUpdater]
"(Default)" = "Google Silent Updater class"
[HKCR\GUServiceCtl.SilentUpdater\CLSID]
"(Default)" = "{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}"
[HKCR\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}]
"(Default)" = "Google Silent Updater class"
[HKCR\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\TypeLib]
"Version" = "1.0"
[HKCR\Wow6432Node\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"
[HKCR\GUSchedulerCtl.UpdaterScheduler.1\CLSID]
"(Default)" = "{B53B7061-6584-46AA-A033-D610EB10BD9B}"
[HKCR\GUServiceCtl.SilentUpdater\CurVer]
"(Default)" = "GUServiceCtl.SilentUpdater.1"
[HKCR\Wow6432Node\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"
[HKCR\AppID\{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}]
"LocalService" = "gusvc"
[HKCR\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
[HKCR\Wow6432Node\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}]
"(Default)" = "IUpdaterScheduler"
[HKCR\AppID\{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}]
"(Default)" = "gusvc"
[HKCR\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967}\1.0]
"(Default)" = "Google Updater Service 1.0 Type Library"
[HKCR\GUServiceCtl.SilentUpdater.1\CLSID]
"(Default)" = "{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}"
[HKCR\Wow6432Node\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\VersionIndependentProgID]
"(Default)" = "GUSchedulerCtl.UpdaterScheduler"
[HKCR\Wow6432Node\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}]
"AppID" = "{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}"
[HKCR\GUServiceCtl.SilentUpdater.1]
"(Default)" = "Google Silent Updater class"
[HKCR\Wow6432Node\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\Wow6432Node\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\TypeLib]
"Version" = "1.0"
[HKCR\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
[HKCR\Wow6432Node\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\ProgID]
"(Default)" = "GUSchedulerCtl.UpdaterScheduler.1"
[HKCR\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\VersionIndependentProgID]
"(Default)" = "GUServiceCtl.SilentUpdater"
[HKCR\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}]
"(Default)" = "ISilentUpdater"
[HKCR\GUSchedulerCtl.UpdaterScheduler\CLSID]
"(Default)" = "{B53B7061-6584-46AA-A033-D610EB10BD9B}"
[HKCR\GUSchedulerCtl.UpdaterScheduler.1]
"(Default)" = "Google Updater Scheduler class"
[HKCR\GUSchedulerCtl.UpdaterScheduler\CurVer]
"(Default)" = "GUSchedulerCtl.UpdaterScheduler.1"
[HKCR\Wow6432Node\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"
The PUP deletes the following value(s) in system registry:
[HKCR\AppID\{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}]
"LocalService"
The process regsvr32.exe:3208 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\ProgID]
"(Default)" = "ProtectorExe.ProtectorHost.1"
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"(Default)" = "ProtectorHost Class"
[HKCR\protector_dll.ProtectorBho\CurVer]
"(Default)" = "protector_dll.ProtectorBho.1"
[HKCR\protector_dll.ProtectorLib\CurVer]
"(Default)" = "protector_dll.ProtectorLib.1"
[HKCR\AppID\{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}]
"(Default)" = "protector_dll"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}]
"(Default)" = "ProtectorLib Class"
[HKCR\protector_dll.ProtectorBho.1\CLSID]
"(Default)" = "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\VersionIndependentProgID]
"(Default)" = "protector_dll.ProtectorLib"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\VersionIndependentProgID]
"(Default)" = "protector_dll.ProtectorBho"
[HKCR\protector_dll.ProtectorBho.1]
"(Default)" = "Google Toolbar Notifier BHO"
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\protector_dll.ProtectorLib\CLSID]
"(Default)" = "{84798B8E-69F8-4846-9516-373C2996E2F7}"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\protector_dll.ProtectorLib.1\CLSID]
"(Default)" = "{84798B8E-69F8-4846-9516-373C2996E2F7}"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"AppID" = "{A97CA128-6998-4F8E-807E-8ED05FADAFB0}"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
"(Default)" = "%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll"
[HKCR\protector_dll.ProtectorLib]
"(Default)" = "ProtectorLib Class"
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"Depend" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\ProgID]
"(Default)" = "protector_dll.ProtectorLib.1"
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\VersionIndependentProgID]
"(Default)" = "ProtectorExe.ProtectorHost"
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKCR\protector_dll.ProtectorLib.1]
"(Default)" = "ProtectorLib Class"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ProgID]
"(Default)" = "protector_dll.ProtectorBho.1"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
"(Default)" = "Google Toolbar Notifier BHO"
[HKCR\protector_dll.ProtectorBho]
"(Default)" = "Google Toolbar Notifier BHO"
[HKCR\AppID\protector_dll.DLL]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKCR\protector_dll.ProtectorBho\CLSID]
"(Default)" = "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32]
"(Default)" = "%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll"
The process %original file name%.exe:3524 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process mp3el2.exe:2980 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Components\mp3el2]
"Path" = "%Program Files% (x86)\NCH Software\Components\mp3el2\lame.exe"
[HKLM\SOFTWARE\Wow6432Node\NCH Swift Sound\Components\mp3el2]
"Path" = "%Program Files% (x86)\NCH Software\Components\mp3el2\lame.exe"
[HKCU\Software\NCH Software\Components\mp3el2]
"Path" = "%Program Files% (x86)\NCH Software\Components\mp3el2\lame.exe"
[HKCU\Software\NCH Swift Sound\Components\mp3el2]
"Path" = "%Program Files% (x86)\NCH Software\Components\mp3el2\lame.exe"
Dropped PE files
| MD5 | File path |
|---|---|
| 5d4bc124faae6730ac002cdb67bf1a1c | c:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe |
| 1223e7efa6dda842c37985a62f10001f | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleCld_187F9D811452062B.dll |
| 6fffd47eb8cc3a6ca44619f16a7d0ae6 | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_8E471B27054D20F5.dll |
| 96af87c526ec7a8f32dc3f1f2a63a4a7 | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_64_F8ED9B719A89F8EF.dll |
| d2d2a0e0ecd8a2ea750d6be34337d00d | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_0A4439FF67F61065.dll |
| 4c401fcc6d0c95e1a5d989e403e18f2f | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe |
| e8b7fd67da14a7be57a5cb80e3139e60 | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_32_52E818EF81C83A9B.exe |
| 211f96eb417ff837a70f5130e63a1a45 | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_64_4D9709C1FA1422BA.exe |
| 81590207a8efab40bafe743d8073eb9b | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbar_32_365102BD7F6C8091.dll |
| 30c83447379d5955e992bd43be8d115e | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbar_64_54BD4059920ABC8A.dll |
| 1f2afab903c0d48480561f3bbd4539c2 | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdateSetup_5CC4B0F53D73AD88.exe |
| 4beaf576cb43358c4db9f45ac7c09cdb | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdaterService_B33FC4DD36A473C6.exe |
| 4b78e9ae06f7c310e30ee2fa5b7ebc3c | c:\Program Files (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C993F490EED40C1B.exe |
| e8b7fd67da14a7be57a5cb80e3139e60 | c:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe |
| 211f96eb417ff837a70f5130e63a1a45 | c:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_64.exe |
| 81590207a8efab40bafe743d8073eb9b | c:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll |
| 30c83447379d5955e992bd43be8d115e | c:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll |
| 13d401e46ad0c5a8442fc57fadbf5751 | c:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gth.dll |
| aeb43d2a8158fb535f48f440cc266953 | c:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll |
| d3088606c810a355eae9b9056c9b5392 | c:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll |
| 5d61be7db55b026a5d61a3eed09d0ead | c:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe |
| 5a6381e0afb4e0b9fd318c1c76efe9dc | c:\Program Files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\0.0.0.0\googletoolbarinstaller_en_signed.exe |
| 5a6381e0afb4e0b9fd318c1c76efe9dc | c:\Program Files (x86)\Google\Update\Install\{80E8A347-A15D-4F70-8A14-834F39A8DBB8}\googletoolbarinstaller_en_signed.exe |
| 6154f737535b3dbea39c63223d52f5b8 | c:\Program Files (x86)\NCH Software\Components\NCHToolbars\google\NCH_GoogleToolbar.exe |
| 80d70ec9d85ca32c4fdc19dba5134aa7 | c:\Program Files (x86)\NCH Software\Components\mp3el2\lame.exe |
| 91c23901ccb21230c26d3b5973534c16 | c:\Program Files (x86)\NCH Software\Components\x264enc5\x264enc5.exe |
| 1274263b78ee15b4ccf0f4ce77daafc7 | c:\Program Files (x86)\NCH Software\Debut\debut.exe |
| 9231adf1e68637a62ebfa8af56b7b9b9 | c:\Program Files (x86)\NCH Software\Debut\debutfilterinstallerx64.exe |
| ad37a7089dec78c1c782ebfff56f54f8 | c:\Program Files (x86)\NCH Software\Debut\debutfilterinstallerx86.exe |
| 984ab6b7c4eaf453f58db7867ee44799 | c:\Program Files (x86)\NCH Software\Debut\debutfilterx64.sys |
| c873a762bc98bea93c8423a45796552a | c:\Program Files (x86)\NCH Software\Debut\debutfilterx86.sys |
| 2b8a4b0a04e5de89eb37e11276d73e8d | c:\Program Files (x86)\NCH Software\Debut\debuthooksdll.dll |
| 3e1b2a1ae171d50463f56efaeddda5fc | c:\Program Files (x86)\NCH Software\Debut\mp3el2.exe |
| dd162d2d231767b75b80c4230ecf4d6d | c:\Program Files (x86)\NCH Software\Debut\x264enc5.exe |
| dd481c837b6303531af365d95637692f | c:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
TPAutoConnSvc.exe:1776
GoogleUpdate.exe:3288
GoogleUpdate.exe:3284
GoogleUpdate.exe:3864
GoogleUpdate.exe:3348
GoogleUpdate.exe:2184
NCH_GoogleToolbar.exe:3520
debut.exe:1832
debut.exe:2348
googletoolbarinstaller_en_signed.exe:2776
GoogleUpdaterService_B33FC4DD36A473C6.exe:3408
x264enc5.exe:2976
SearchWithGoogleUpdate_C993F490EED40C1B.exe:2388
GoogleUpdateSetup_latest.exe:2100
nchsetup.exe:2944
GoogleToolbarManager_8CA8B41417E66DEB.exe:3676
GoogleToolbarManager_8CA8B41417E66DEB.exe:3740
GoogleToolbarManager_8CA8B41417E66DEB.exe:3536
GoogleToolbarNotifier.exe:1696
GoogleToolbarNotifier.exe:2304
GoogleUpdaterService.exe:3384
GoogleUpdaterService.exe:1660
regsvr32.exe:3208
%original file name%.exe:3524
mp3el2.exe:2980 - Delete the original PUP file.
- Delete or disinfect the following files created/modified by the PUP:
%Program Files% (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\0.0.0.0\googletoolbarinstaller_en_signed.exe (38249 bytes)
C:\Windows\Temp\guiC12C.tmp (15 bytes)
%Program Files% (x86)\Google\Update\Install\{80E8A347-A15D-4F70-8A14-834F39A8DBB8}\googletoolbarinstaller_en_signed.exe (38734 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdate.dll (835 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_en.dll (28 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz8C0A.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleUpdateSetup_latest.exe (25250 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_debut_rl_adm (8 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_32_52E818EF81C83A9B.exe (620 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbar.7.5.5111.1712.manifest.xml (36 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_0A4439FF67F61065.dll (2 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C993F490EED40C1B.exe (50 bytes)
C:\Windows\System32\config\SOFTWARE (63799 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_64_F8ED9B719A89F8EF.dll (489 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_8E471B27054D20F5.dll (149 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbar_32_365102BD7F6C8091.dll (390 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_64_4D9709C1FA1422BA.exe (801 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleCld_187F9D811452062B.dll (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleToolbarInstaller2.log (43972 bytes)
C:\$Directory (384 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe (50 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbar_64_54BD4059920ABC8A.dll (514 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleUpdateSetup_5CC4B0F53D73AD88.exe (1480 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleUpdaterService_B33FC4DD36A473C6.exe (390 bytes)
C:\Windows\System32\config\SOFTWARE.LOG1 (60980 bytes)
%Program Files% (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (390 bytes)
%Program Files% (x86)\NCH Software\Components\x264enc5\x264enc5.exe (20838 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\x264enc5_.cab (467 bytes)
%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (346 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gth.dll (49 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (79 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\Readme.url (212 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll (150 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (1 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_lt.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_hi.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_es-419.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_vi.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_zh-CN.dll (21 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_zh-TW.dll (21 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_el.dll (30 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_sw.dll (29 bytes)
%Program Files% (x86)\GUT8C58.tmp (4 bytes)
%Program Files% (x86)\GUM8C57.tmp\GoogleCrashHandler.exe (212 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_id.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_hu.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_gu.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_et.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ur.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_pl.dll (30 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_fr.dll (30 bytes)
%Program Files% (x86)\GUM8C57.tmp\psmachine.dll (159 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_kn.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ta.dll (30 bytes)
%Program Files% (x86)\GUM8C57.tmp\psuser.dll (159 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_sr.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\GoogleUpdateSetup.exe (5441 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_it.dll (30 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_sl.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ca.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ru.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_am.dll (25 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ar.dll (26 bytes)
%Program Files% (x86)\GUM8C57.tmp\npGoogleUpdate3.dll (838 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_th.dll (27 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_is.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_fa.dll (27 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_sv.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_pt-BR.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_pt-PT.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ro.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_iw.dll (26 bytes)
%Program Files% (x86)\GUM8C57.tmp\GoogleUpdateOnDemand.exe (59 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ko.dll (23 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_hr.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ja.dll (24 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_tr.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_en-GB.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_de.dll (31 bytes)
%Program Files% (x86)\GUM8C57.tmp\GoogleUpdateBroker.exe (59 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_no.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\GoogleCrashHandler64.exe (550 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_bg.dll (30 bytes)
%Program Files% (x86)\GUM8C57.tmp\GoogleUpdateHelper.msi (25 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_uk.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_sk.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_cs.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ms.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_ml.dll (31 bytes)
%Program Files% (x86)\GUM8C57.tmp\GoogleUpdate.exe (234 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_te.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_lv.dll (30 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_mr.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_bn.dll (28 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_fil.dll (30 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_da.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_fi.dll (29 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_nl.dll (30 bytes)
%Program Files% (x86)\GUM8C57.tmp\goopdateres_es.dll (31 bytes)
%Program Files% (x86)\NCH Software\Debut\debutfilterinstallerx86.exe (9476 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Doxillion Dokumentenkonverter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme\VideoPad Video-Editor.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\about.html (196 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme\Präsentationsersteller-Software.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\hlp.css (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\other.html (196 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\devices.html (196 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\VideoPad Video-Editor.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\cursorright.png (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\colorsettings.html (2 bytes)
C:\Users\"%CurrentUserName%"\Favorites\Downloadseite von NCH Software.lnk (312 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\oodevices.html (3 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme\Videoaufnahme-Software.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\scheduler.html (3 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Express Zip Dateikomprimierung.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\debutfilterinstallerx64.exe (19348 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\licenceterms.html (3 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Rechnungssoftware.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\debutfilterx64.sys (4708 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme\Videokassette-zu-DVD-Konverter.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\debut.exe (15423 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Express Rip CD-Ripper.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Grafikdatei-Konverter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Classic FTP Software.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\debutfilterx86.inf (2 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\snapshot.html (3 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Videoaufnahme-Software.lnk (1 bytes)
C:\Users\Public\Desktop\Debut Videorekorder.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\recordingcontrols.html (388 bytes)
%Program Files% (x86)\NCH Software\Debut\_debuthooksdll.dll (8844 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\record.html (3 bytes)
%Program Files% (x86)\NCH Software\Debut\debutfilterx86.cat (388 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\keychange.html (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\edittaskdlg.html (2 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\recordingslist.html (196 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\commandline.html (196 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\help.js (2 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\selectiontool.html (196 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\flickrauth.html (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\SoundTap Streaming-Rekorder.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Buchhaltungssoftware.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme\Videostreaming Server.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\options.html (1 bytes)
%Program Files% (x86)\NCH Software\Debut\clickup.wav (3 bytes)
%Program Files% (x86)\NCH Software\Debut\clickraw.png (3 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\index.html (196 bytes)
%Program Files% (x86)\NCH Software\Debut\cursorboth.png (2 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\followmousecursor.html (3 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Express Burn CD, DVD oder Blu-Ray.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\mp3el2.exe (24344 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\MixPad Mehrspur-Mixer.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Express Dictate Rekorder.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\arrowlist.gif (455 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\oonetwork.html (3 bytes)
%Program Files% (x86)\NCH Software\Components\NCHToolbars\google\NCH_GoogleToolbar.exe (382441 bytes)
%Program Files% (x86)\NCH Software\Debut\debutsetup_v1.95.exe (10177 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\WavePad Sound-Editor.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\RecordPad Soundrekorder.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\cursorleft.png (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme\Videodatei-Formatkonverter.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\ltaskdatapanel.html (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\control.html (2 bytes)
%Program Files% (x86)\NCH Software\Debut\clickdown.wav (3 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\textcaption.html (3 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Switch Sounddatei-Konverter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette\Prism Videodatei-Formatkonverter.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\x264enc5.exe (62431 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Videorekorder.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\output.html (4 bytes)
%Program Files% (x86)\NCH Software\Debut\debutfilterx86.sys (6532 bytes)
%Program Files% (x86)\NCH Software\Debut\debutfilterx64.inf (2 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\ooscreen.html (3 bytes)
%Program Files% (x86)\NCH Software\Debut\debutfilterx64.cat (388 bytes)
%Program Files% (x86)\NCH Software\Debut\Help\watermark.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleToolbarInstaller1.log (2418 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (1281 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (673 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (1425 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarHelper_signed.msi (28 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarUser_64.exe (2321 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarHelperPatch_signed.msp (125 bytes)
C:\ProgramData\Google\Custom Buttons\toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchdata.dat (17751 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchsetup.cab (736 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchdata.cab (825 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchsetup.exe (34178 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\mp3el2_.cab (180 bytes)
%Program Files% (x86)\NCH Software\Components\mp3el2\lame.exe (7384 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Static Analysis
VersionInfo
Company Name: NCH Software
Product Name: Debut
Product Version:
Legal Copyright: NCH Software
Legal Trademarks:
Original Filename:
Internal Name: Debut
File Version: 1.95DE
File Description: Debut Videorekorder
Comments:
Language: English (Australia)
Company Name: NCH SoftwareProduct Name: DebutProduct Version: Legal Copyright: NCH SoftwareLegal Trademarks: Original Filename: Internal Name: DebutFile Version: 1.95DE File Description: Debut VideorekorderComments: Language: English (Australia)
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .rdata | 4096 | 2338 | 2560 | 2.76389 | a322bee8b6315dcdf55664104eb8aed4 |
| .data | 8192 | 1596 | 2048 | 3.48789 | cc10a049565dcd8a13f7ded9f6d7749b |
| .rsrc | 12288 | 1569892 | 1570304 | 5.54468 | 44a609bfcd8f73ddcd00514b7b5da5a2 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://audiochannel.net/versions/components/tb_google_row.dat | |
| hxxp://audiochannel.net/components/toolbars/NCH_GoogleToolbar.exe | |
| hxxp://tools.l.google.com/dl/toolbar/t7/data/7.5.5111.1712/googletoolbarinstaller_en_signed.exe | |
| hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?88e08b79f1e607bf | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CECkSxwyaK4o+9vYHRmLWi40= | |
| hxxp://clients.l.google.com/tools/swg2/update?type=c&as=swg&os=win&osv=6.1.7601&hl=en&ie=10.0.9200.16521&ds=0&pds=0&su=0&hpi=-1&brand=NCHD&pa=9&cl=1&tbv=&id=79719f98482242cd813a5027b10bbf6ceb587e9422&from=&to=5.7.9012.1008 | |
| hxxp://clients.l.google.com/tools/pso/ping?as=tbin&gu=pi&mode=3&sin=1&ein=0&version=7.5.5111.1712&brand=NCHD&hl=en&tbiv=7.5.5111.1712&time=1420521619&fitime=1420521619&browser=9.10.9200.16521&osver=6.1&ossp=1.0&osarch=64&ext=EXE&id=AC4C401CF3D73E6A044F1AA29EA5304205DE1wZWKM | |
| hxxp://a1363.g.akamai.net/pki/crl/products/microsoftrootcert.crl | |
| hxxp://a1363.g.akamai.net/pki/crl/products/WinPCA.crl | |
| hxxp://a1363.g.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl | |
| hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d66599f683368af4 | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | |
| hxxp://e6845.ce.akamaiedge.net/pca3.crl | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= | |
| hxxp://a1363.g.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS+zcBkvzl4= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECEGpWCCD6PprY5UEXNLHUCtU= | |
| hxxp://clients1.google.com/tools/pso/ping?as=tbin&gu=pi&mode=3&sin=1&ein=0&version=7.5.5111.1712&brand=NCHD&hl=en&tbiv=7.5.5111.1712&time=1420521619&fitime=1420521619&browser=9.10.9200.16521&osver=6.1&ossp=1.0&osarch=64&ext=EXE&id=AC4C401CF3D73E6A044F1AA29EA5304205DE1wZWKM | 173.194.44.128 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | 23.43.139.27 |
| hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS+zcBkvzl4= | 23.43.139.27 |
| hxxp://www.audiochannel.net/versions/components/tb_google_row.dat | 66.39.83.117 |
| hxxp://crl.verisign.com/pca3.crl | 23.43.133.163 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= | 23.43.139.27 |
| hxxp://dl.google.com/dl/toolbar/t7/data/7.5.5111.1712/googletoolbarinstaller_en_signed.exe | 216.58.209.160 |
| hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl | 88.221.132.166 |
| hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl | 88.221.132.166 |
| hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl | 88.221.132.166 |
| hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl | 88.221.132.166 |
| hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?88e08b79f1e607bf | 88.221.132.177 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | 23.43.139.27 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= | 23.43.139.27 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | 23.43.139.27 |
| hxxp://clients1.google.com/tools/swg2/update?type=c&as=swg&os=win&osv=6.1.7601&hl=en&ie=10.0.9200.16521&ds=0&pds=0&su=0&hpi=-1&brand=NCHD&pa=9&cl=1&tbv=&id=79719f98482242cd813a5027b10bbf6ceb587e9422&from=&to=5.7.9012.1008 | 173.194.44.128 |
| hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECEGpWCCD6PprY5UEXNLHUCtU= | 23.43.139.27 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CECkSxwyaK4o+9vYHRmLWi40= | 23.43.139.27 |
| hxxp://www.audiochannel.net/components/toolbars/NCH_GoogleToolbar.exe | 66.39.83.117 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= | 23.43.139.27 |
| hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d66599f683368af4 | 88.221.132.177 |
| tools.google.com | 216.58.209.160 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /tools/swg2/update?type=c&as=swg&os=win&osv=6.1.7601&hl=en&ie=10.0.9200.16521&ds=0&pds=0&su=0&hpi=-1&brand=NCHD&pa=9&cl=1&tbv=&id=79719f98482242cd813a5027b10bbf6ceb587e9422&from=&to=5.7.9012.1008 HTTP/1.1
Accept: */*
User-Agent: SearchWithGoogle
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Tue, 06 Jan 2015 05:20:41 GMT
Expires: Tue, 06 Jan 2015 05:20:41 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 80:quic,p=0.02
Transfer-Encoding: chunked
16..rlz: 1R______enUA622..0..HTTP/1.1 200 OK..Content-Type: text/plain..Date: Tue, 06 Jan 2015 05:20:41 GMT..Expires: Tue, 06 Jan 2015 05:20:41 GMT..Cache-Control: private, max-age=0..X-Content-Type-Options: nosniff..X-Frame-Options: SAMEORIGIN..X-XSS-Protection: 1; mode=block..Server: GSE..Alternate-Protocol: 80:quic,p=0.02..Transfer-Encoding: chunked..16..rlz: 1R______enUA622..0..
GET /versions/components/tb_google_row.dat HTTP/1.0
Host: VVV.audiochannel.net
HTTP/1.1 404 Not Found
Date: Tue, 06 Jan 2015 05:20:04 GMT
Server: Apache/2.2.29
Content-Length: 235
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /versions/components/tb_google_row.dat was not found on this server.</p>.</body></html>...
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?d66599f683368af4 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Mar 2014 20:20:10 GMT
If-None-Match: "0b96c77303ecf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: application/octet-stream
Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT
Accept-Ranges: bytes
ETag: "805a83f2b9cecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 56928
Date: Tue, 06 Jan 2015 05:21:08 GMT
Connection: keep-alive
MSCF....`.......,...................I.................,E.Y .authroot.stl..Y-..8..CK...<T...g.v!M.d..f.%d..}K..5..F. ...T..%.,YJ.,!T......_..x.<=O.....yy....;3..>.|..~..\.....|......;..8..~.za...."A...q.......g..m......<X........j"I........!..-w.....w....P...H..(.?}..2.N. .u..a. ...=.C..D.F>rC.. ..|).=.. ..3b.8H.M...(...u8.%...W.g...\YB.m:.....dE.........V....$....Dn:....0...S."...o..q.....K...I..K...(x%....>A.R...`.0 .........<`L0mp...%....y.....g.n...R0Op..<..,....`0$z.@..&.x"....T..H...<........~..E..".....<<.\B(.....................@.....L.........KNAy8/"...f.......k..Jm7j....R.5q....Rz..!@...].......Y.[........4.. .D8..&...t.J^O..Q.._..1.J.m5<'k.,....%T....i.\.;.;q..S./ 8.?Bu.............}D.Q....L....*..[.."e......15m..._.0.M........#..v!..<...@..?sc.y....*.....tX[........{.W4.Q...^u@..*..QP.......~.L9N....2r...4.....B..-\(...b.d...K...O.8..Un.......V.<.......A...V.....(..s..f..q.{N0.hS.,..;M.|G|.@.M.._.....7._6...C.0...A;L....%...M=Y.....f.JV.(.5.....0..?*...KZ....jM...8.6U...#...ew.?..?...........WE.Or..O>..{.'W2.........3m.O.u..Z8....H4@.w}.o:?~....]<!...%....}@.d...L.p.a.g ..K."..N1!%..S.bT.H.-.....e..`.0$...0t..DX..{.....#./...8.5..M...T.......D......V\C.zy.....3E:..>.{..).QW......q....9..n..1....8%,.........r.p@.>. ...Q.?.p..7.?..7...&..!.........`. .=....Sf..q.l.A.....L...t.}g..;...f....=.e.~.z....C..*R....H-..=...f..(t'.."....F...g._....n.J..U.4vr`}.....1..o@.....@.#...R. L8....z..].|......3..y..-./....K..6{...s.<R`.}6....?.......-..@.g..S....
<<< skipped >>>
HEAD /dl/toolbar/t7/data/7.5.5111.1712/googletoolbarinstaller_en_signed.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: dl.google.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 5030744
Content-Type: application/x-msdos-program
Etag: "416d3"
Expires: Tue, 06 Jan 2015 21:20:13 PST
Last-Modified: Tue, 25 Mar 2014 23:15:00 GMT
Server: downloads
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 06 Jan 2015 05:20:13 GMT
Alternate-Protocol: 80:quic,p=0.02
....
GET /dl/toolbar/t7/data/7.5.5111.1712/googletoolbarinstaller_en_signed.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 25 Mar 2014 23:15:00 GMT
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: dl.google.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 5030744
Content-Type: application/x-msdos-program
Etag: "416d3"
Expires: Tue, 06 Jan 2015 21:20:13 PST
Last-Modified: Tue, 25 Mar 2014 23:15:00 GMT
Server: downloads
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 06 Jan 2015 05:20:13 GMT
Alternate-Protocol: 80:quic,p=0.02
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R.&.3eu.3eu.3eu...u.3eu...u:3eu...u.3eu.3du.2eu...u.3eu...u.3eu.3eu.3eu...u.3euRich.3eu........................PE..L....F.S.................z..........9u............@...................................L...@.................................|...H.....................L.X............................................................................................text.............K.....PEC2*O......`....rsrc.................K............. ....reloc................L.............@...................................................................................................................................................................................................................................................................................................................................................................................................................................7%..l....7%.......{...@.k.i..Y.. ....O}...X..Q>!L........f.l.Hs..s...5.*.O..{0=L...L..j2}.\b.....s?P.........n......}M...^.......7..........5..).SF.f6..:.#.0...@|y.a-h......5>b......Jb6......u?l.q..Iu..fI$M.ex..A..5.3.)......k..u..~....y...U:..[.B..cHD.X...Yn...c............@..........2.F....q.."%.'..E.........).t.............{%...m.n............y.}.s.......a(...".....9.f...#."..l/....M..aA.3M.....B.k'.......]..z..w.8.B..2..S.z..l_....7=..3I[.l(.V.I.......!.K."c...`..5.7......w. .........3A...`.~.....
<<< skipped >>>
GET /pca3.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.verisign.com
HTTP/1.1 200 OK
Server: Apache
ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"
Last-Modified: Fri, 19 Dec 2014 01:00:19 GMT
Date: Tue, 06 Jan 2015 05:24:54 GMT
Content-Length: 933
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..141210000000Z..150331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2....{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N....* ....010207212031Z0!..N....-.1Gq.@...C..040401175251Z0!..Y......w`G........070411175657Z0!..Z`..H.@B....Z.*q..080403172017Z0!..l....I...Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1..7<.....e..010207211822Z0...*.H............5..v...V.._)....A... ....>.5]....6.(.0uFW.*:T...6$.....R...Y.N.k........%Jn..I.j*.6.3~...r../=l..?...9..V0..@Tk......fn?....0.A.HTTP/1.1 200 OK..Server: Apache..ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"..Last-Modified: Fri, 19 Dec 2014 01:00:19 GMT..Date: Tue, 06 Jan 2015 05:24:54 GMT..Content-Length: 933..Connection: keep-alive..Content-Type: application/pkix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..141210000000Z..150331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!.
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1762
content-transfer-encoding: binary
Cache-Control: max-age=574357, public, no-transform, must-revalidate
Last-Modified: Mon, 5 Jan 2015 20:49:30 GMT
Expires: Mon, 12 Jan 2015 20:49:30 GMT
Date: Tue, 06 Jan 2015 05:20:32 GMT
Connection: keep-alive
0..........0..... .....0......0...0......;O}a.!..u...au..eUNp..20150105204930Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...313..R...%V.......K3.....20150105204930Z....20150112204930Z0...*.H.............$M.....sd...e&...|.W3.y........bQ.N.I.nT.. A.G^fJ.@3(...Z.......&0*..u.n......uC......^...0e..W..J..wD8....u..G....?i.r...k.R.....tx.x...c.f.m.R.....el\.sG.......c%.h%.d...w"....RT...G...@q...o.F.*6...F......".._..s.....e...:..;X$..:......rb.9%G..Z..Hl...n....0...0...0...........2...'U.BM...g.B0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G50...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Certificate 30.."0...*.H.............0...............2&..PL...,..2....:..tH...`JG.%..*...s.c%...?t..J..0.q....~..k@X.l.i....0..kk..h.9"1.5?..s.....3[...u......]...R0..Z}....l..I.Y.....j\H.q...#.uw.4qz.#.J.....@2$"..$l.B.......D.ye..(..2.........@...... ...."... E..0M,..b{.^..s'....f.6.pr4.J........'j..........0...0...U.......0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0......0!..U....0...0.1.0...U....TGV-B-2760...U......;O}a.!..u...au..eUNp0...U.#..0.....e......0..C9...3130...*.H.............(.&..Dgr.Ve..#...5.N.v.Q
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CECkSxwyaK4o+9vYHRmLWi40= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=508188, public, no-transform, must-revalidate
Last-Modified: Mon, 5 Jan 2015 02:29:17 GMT
Expires: Mon, 12 Jan 2015 02:29:17 GMT
Date: Tue, 06 Jan 2015 05:20:37 GMT
Connection: keep-alive
0..........0..... .....0......0...0......u\..3Oo?U...H.....O!..20150105022917Z0s0q0I0... ...................F....0.yV......{&.K......&.......).... .>...Fb.......20150105022917Z....20150112022917Z0...*.H...............=*.5.....V.j...8f........]#=..4...^....~..h..c..r.R.L1.S....... ..B..Pd.T}..3.~%6....@.&..a..YK..3...m.%.....X.T.HZ.`..Z..&...18..M.?.V........23.0E--o.\....7...2....G.PQ....Og>........Lc....C....H...c0"......)T.....}k....|.8y...5]5....&h...R.W........F.....0...0...0........../...nj0...}..i..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...141204000000Z..150304235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Class 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0.........4.4...........o....?..f.........I.!.b.L...L..U.........rM.,.....=..cR4d.~*..k..x......=.WT.<.A2n1.qZyM.M..Q_...8....9....d.... ...'.........h..Z..I...(.b.jK..DO.ra..gb..j..A.(....mrzU.w.......Bv...l.:s..L....y.....u..n.)W......Y!....Q...,.i|.....:.Mu..DD1.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24600...*.H..............pjd....VpE.6.tO..@.....7.=.. ...........hi.......>....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H.............P.j.EA .\.w.ur.....1........]^.....rG....8..Q..d.j..t....H...9.i......=s..;(oq.A.....A.......5w......s..=.....4......Q....kR..<.Qcx.....4..|b..^..e=.......41.^.?.Stn...i....L.G..:W...8 .Wq........5..NK.lmg<q.6~(.*.......}...5.b..........@.....w.:....80|N..
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1453
content-transfer-encoding: binary
Cache-Control: max-age=447212, public, no-transform, must-revalidate
Last-Modified: Sun, 4 Jan 2015 09:34:14 GMT
Expires: Sun, 11 Jan 2015 09:34:14 GMT
Date: Tue, 06 Jan 2015 05:24:53 GMT
Connection: keep-alive
0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....20150104093414Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a..eR&.....Y.)..".\....20150104093414Z....20150111093414Z0...*.H.................P.OK.w3.B.R..9_*..-....][\....5'.A.jL..=.OZ...|.......?..R..#YB.6q|...'.P..G ..h...I.H9.`G.M.}..M...3.......p.."Ug....U...7.3.?.......$.._Q.\_./.....|.L..[......gzO'.C..6.....B.sK.D..H[......iPI.... ...Xp.T.]..LR....R:.m.J..T...lDP..p....J..d./D.F....2....0...0...0..3......./...b.v..-....l}0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority0...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1 OCSP Responder Certificate 30.."0...*.H.............0..........'......Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....H..3-; ).....0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M...T..pS.p..^|o....S..v.).).....r.v.qo$......C.V!....@.h#qh...u1T.].G0.]E...=._...... ........TE...Sa.s4........r...3.............0..0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.............$..H......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e.......a..D...........e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :,....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=495631, public, no-transform, must-revalidate
Last-Modified: Sun, 4 Jan 2015 23:04:05 GMT
Expires: Sun, 11 Jan 2015 23:04:05 GMT
Date: Tue, 06 Jan 2015 05:24:53 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..20150104230405Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5........M.s.Q~...@?j.......20150104230405Z....20150111230405Z0...*.H................G..z./....,FS?..1..H.b*.!\..U.X)._...\d.V.....a.....). ......;..9.pD.o4.....!...........5.O*....Gt...DM'...a.S../......<{;.Q#....*..~g...p.._WB.:1.....~T....=.1...w'.p#*q..]$.NO..!..e5.`Ic..@.kd. ..v....~......F.....l.........3U..T...^p3.....q..i,RMX%&....#0...0...0..........<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(..........p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS+zcBkvzl4= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1503
content-transfer-encoding: binary
Cache-Control: max-age=447628, public, no-transform, must-revalidate
Last-Modified: Sun, 4 Jan 2015 09:44:13 GMT
Expires: Sun, 11 Jan 2015 09:44:13 GMT
Date: Tue, 06 Jan 2015 05:25:01 GMT
Connection: keep-alive
0..........0..... .....0......0...0......&Km...."....}....,.c..20150104094413Z0s0q0I0... ........0..k....&..p..^.X.....{[E....z.1..j..F.WHP..G.Mxs..../.p./.^....20150104094413Z....20150111094413Z0...*.H.............I..S..2....$......<R......#/..].O...G..a@#..*.QKU.aU}5..G..O..D.e}...x.Z6...nM..~...l...F....$.... .D..t?..K.1.E!....N....u.)Z.I_.Q.....t.^w.Q.. ......R...;{%.#k.......j..M.$...y..|.]....<.:..]N`.......{....z.d....Q.....m1..&.{..LL.MR..bWa ..c.l..|.P.5.L......0...0...0............I...*....^n...0...*.H........0..1.0...U....US1.0...U....thawte, Inc.1(0&..U....Certification Services Division1806..U.../(c) 2006 thawte, Inc. - For authorized use only1.0...U....thawte Primary Root CA0...141202000000Z..151216235959Z0_1.0...U....US1.0...U....thawte, Inc.1907..U...0thawte Primary Root OCSP Responder Certificate 30.."0...*.H.............0.........x...F83..,.D.,2D.;JGc.|_.k.....B.7.....G}.M.s.....S.i.Uu.h.Aq..v...4:l..U.......T7l...~vl...r....{*..........V.o..8|.B..^.a.. ...z....x..s...\[Y....<....'> ..YC..7.zVk.$...o3..kao]c...>C./bPX.......I..Oc.....NN......g.....,/..]......qN.....V!<.3.)...y#.........i0g0...U.%..0... .......0... .....0......0...U.......0.0...U...........0!..U....0...0.1.0...U....TGV-B-2770...*.H................lt..\..z. ..N.f.!.S5d?J.&....r...D........L.`.s.p...HC.L.8f... .........GA7......P..Z.%.../............z.n.6~I...].).....W...W\|.uya..:...^...hW..7.Z.uc.'....:.xL...HS.....>.........5......%....3S....h........U....o.C.\.t.....G.._.C0(l.E9..6UTxg.gF ..;.....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECEGpWCCD6PprY5UEXNLHUCtU= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1396
content-transfer-encoding: binary
Cache-Control: max-age=501778, public, no-transform, must-revalidate
Last-Modified: Mon, 5 Jan 2015 00:44:23 GMT
Expires: Mon, 12 Jan 2015 00:44:23 GMT
Date: Tue, 06 Jan 2015 05:25:01 GMT
Connection: keep-alive
0..p......i0..e.. .....0.....V0..R0...............w/.|`....a...20150105004423Z0s0q0I0... ........l....r.vdv0..*.~Y..X....e?z.4..G.L.......q..jV. .>...A.4........20150105004423Z....20150112004423Z0...*.H.............7...8.....f......V8I.d..............r.d.{v/......T]8.e.8A...1.wE....N.~.J..].#*3..R.4.E...\w.K.. 3..F1..C....Z......Q}x..3..R,..TNv.t.iEpW...>......D[) .bU..NU....=.....h...U.*}.!Tg.>..h...1.$..s.i_n!..o....{..9.=.". ...9..."5<.N....@o.?.H..u0_.1r.<.....;.....0...0...0..y.......x..wW.M..@5....80...*.H........0J1.0...U....US1.0...U....Thawte, Inc.1$0"..U....Thawte Code Signing CA - G20...141210000000Z..150310235959Z0Y1.0...U....US1.0...U....Thawte, Inc.1301..U...*Thawte Code Signing ..
GET /tools/pso/ping?as=tbin&gu=pi&mode=3&sin=1&ein=0&version=7.5.5111.1712&brand=NCHD&hl=en&tbiv=7.5.5111.1712&time=1420521619&fitime=1420521619&browser=9.10.9200.16521&osver=6.1&ossp=1.0&osarch=64&ext=EXE&id=AC4C401CF3D73E6A044F1AA29EA5304205DE1wZWKM HTTP/1.1
User-Agent: Google Toolbar installer
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Tue, 06 Jan 2015 05:20:42 GMT
Expires: Tue, 06 Jan 2015 05:20:42 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 80:quic,p=0.02
Transfer-Encoding: chunked
2..ok..0..
GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Thu, 13 Nov 2014 06:02:42 GMT
Accept-Ranges: bytes
ETag: "88cab6f7ffcf1:0"
Server: Microsoft-IIS/8.5
VTag: 791163458000000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 554
Cache-Control: max-age=900
Date: Tue, 06 Jan 2015 05:25:00 GMT
Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Signing PCA..141112173206Z..150211055206Z.a0_0...U.#..0..........X..7.3...L...0... .....7.........0...U......W0... .....7......150210174206Z0...*.H................].`...D..9.>LO.ey...Qx%.^.P.& ...D.......b}.K..[.....5.m....).....H..6R....G/ju.........:..A.#.9!......D5...|".w.x..=.u..X6.7{..).XN....g......B.8.!&...........<7fS$..........t<X)%.b(0.L@..i..Kn.......fX... ,...K\....U1cp).........y.T..?rm.t..Y.}.E..-@...
GET /components/toolbars/NCH_GoogleToolbar.exe HTTP/1.0
Host: VVV.audiochannel.net
HTTP/1.1 200 OK
Date: Tue, 06 Jan 2015 05:20:04 GMT
Server: Apache/2.2.29
Last-Modified: Fri, 17 May 2013 06:15:28 GMT
ETag: "befd0-4dce3e8c8c000"
Accept-Ranges: bytes
Content-Length: 782288
Connection: close
Content-Type: application/octet-stream
X-Pad: avoid browser bug
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#yd.B.7.B.7.B.7..z7.B.7..l7.B.7.B.7.B.7.:.7.B.7...7.B.7.:.7.B.7Rich.B.7........................PE..L...?..I.................h...@...B...4............@.................................z................................................................................................................................................................text....g.......h.................. ..`.rdata...............l..............@..@.data...............................@....ndata...................................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H......G..H.P.u..u..u...|.@..K...SV.5..G.W.E.P.u.....@..e...E..E.P.u.....@..}..e....D.@........FR..VV..U... M..........M........E...FQ.....NU..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.P.u.....@..u....E..9}...n....~X.te.v4..L.@..E...tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W..h ....E..E.Pj.h.2G.W....@..u.W...u....E.P.u.....@._^3.[.....L$....G...i. @...T.....tUVW.q.3.;5..G.sD..i. @...D..S.....t.G.....t...O..t .....u...3....3...F. @..;5..G.r.[_^...U..QQ.U.
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1697
content-transfer-encoding: binary
Cache-Control: max-age=510852, public, no-transform, must-revalidate
Last-Modified: Mon, 5 Jan 2015 03:19:06 GMT
Expires: Mon, 12 Jan 2015 03:19:06 GMT
Date: Tue, 06 Jan 2015 05:24:54 GMT
Connection: keep-alive
0..........0..... .....0......0...0...A0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA OCSP Responder..20150105031906Z0s0q0I0... ........?.@..w.........Y.!......Q...==d6|h.[x....7..`..........cV.!.....20150105031906Z....20150112031906Z0...*.H..............S.X.....3d*L....._.u..M...U...#..kf.?yG$Z...g#..=.R.~..#...S=<.;..K..,.......G..%eUb..'...K.vBd..u8`..H..4..\..2.........1.....J........N.......'|....}.xq...9Y..l.f.[..q)DfS%;.}I......tm>O;.......b.0..(DZ.....x{]..\[...%.D.... ..NM........5..V.;t.l..2........0...0...0..{.........[..I|.....Zm..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)041.0,..U...%VeriSign Class 3 Code Signing 2004 CA0...140428000000Z..150729235959Z0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA OCSP Responder0.."0...*.H.............0.........Y....h..@..>.....%.-.....O...' y.........x..Gw.xF.....?..Z..u,.X.&..........3C..H.l.....f..;]s!.\"v...|....].@.....K7m2...N......-S.I......5n...G7. ..W....n..*..-f?EY.......UN...r...........-_.%..,P;b.....)(.P.4...,.%....<..6.....[r^X.EV..S...5#'Y.. .TD...........0...0...U.......0.0...U.%..0... .......0...U...........0... .....0......0f..U. ._0]0[..`.H...E....0L0#.. .........hXXps://d.symcb.com/cps0%.. .......0...hXXps://d.symcb.com/rpa0!..U....0...0.1.0...U....TGV-B-1080...U......"...?....`>q..i1o...0...U.#..0.....Q...==d6|h.[x....70...*.H.............B8@.$..wo......E.....P52"b*@'C\.y.(...n....h.f..7f.....v...pb<...]..|........
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=566541, public, no-transform, must-revalidate
Last-Modified: Mon, 5 Jan 2015 18:44:32 GMT
Expires: Mon, 12 Jan 2015 18:44:32 GMT
Date: Tue, 06 Jan 2015 05:25:00 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..20150105184432Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5.......A..2.....:...:......20150105184432Z....20150112184432Z0...*.H.............P*........D..)..Ex/.......P?)...K...BJ..G..x. \2....6y....\..t..0.1,y..S...{.....:..<... vn....&.$[.3...I...\ ...._.L..1@=cZ;..J....w.o.]s.n.......F.3.....V...P..NA/......\... ..%.`p...AA....W.?..@UI..3pi..E....%w.Z:~.C............`..:...:....UE..x...x.......#0...0...0..........<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(..........p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?88e08b79f1e607bf HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 03 Jul 2014 23:34:12 GMT
If-None-Match: "0b2464b1797cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT
ETag: "0b2464b1797cf1:0"
Cache-Control: max-age=86400
Date: Tue, 06 Jan 2015 05:20:27 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT..ETag: "0b2464b1797cf1:0"..Cache-Control: max-age=86400..Date: Tue, 06 Jan 2015 05:20:27 GMT..Connection: keep-alive..
GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Cache-Control: max-age = 812
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 23 Oct 2014 05:05:32 GMT
If-None-Match: "a2f3ff97eeecf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Thu, 23 Oct 2014 05:05:32 GMT
ETag: "a2f3ff97eeecf1:0"
Cache-Control: max-age=900
Date: Tue, 06 Jan 2015 05:21:08 GMT
Connection: keep-alive
....
GET /pki/crl/products/WinPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 06 Oct 2014 05:06:02 GMT
If-None-Match: "3e1c83923e1cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Sun, 21 Dec 2014 06:03:02 GMT
Accept-Ranges: bytes
ETag: "d2e35dc7e31cd01:0"
Server: Microsoft-IIS/8.5
VTag: 4389615400000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 561
Cache-Control: max-age=900
Date: Tue, 06 Jan 2015 05:21:08 GMT
Connection: keep-alive
0..-0......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1 0)..U..."Microsoft Windows Verification PCA..141220223154Z..150321105154Z._0]0...U.#..0.......p............<.J0... .....7.......0...U......30... .....7......150320224154Z0...*.H.............h.~oH#i.J.vh_.....A'B..g...........F....9c.{.m@Q.M.p...g.^ 4.r..Wv.Q.0.w..j....c9..w....I..%.~.l..F.......xo...._...o...7BR.;<..\R/ .....b.(....~..]|.v.u.i.X.B....I......./*...P..A..fi.}& .x.v{TFP[.G......A......L.o...)R.......V.u..V.../.Q..(L.].....uki~......
GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 04 Oct 2014 05:06:12 GMT
If-None-Match: "58cddbea90dfcf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Fri, 19 Dec 2014 06:02:00 GMT
Accept-Ranges: bytes
ETag: "9a9a44d511bd01:0"
Server: Microsoft-IIS/8.0
VTag: 438346843700000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 550
Cache-Control: max-age=900
Date: Tue, 06 Jan 2015 05:21:08 GMT
Connection: keep-alive
0.."0......0...*.H........0w1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-Stamp PCA..141218221600Z..150319103600Z._0]0...U.#..0...#4..RFp..@.v.. ..5..0... .....7.......0...U......10... .....7......150318222600Z0...*.H............./..0Q~.r.}.E....&\....F.Z.C..#..F.s........<&\..9G..-....j..N... .C.Fk....;l.....2.K5D.........-.>...(...g.0.S.[?...T4q>.ln...z..L.......5.5s@d.q.('..e...Y..Bo..q..........I....'....i>..y:.eH@h`..\...UA.m#.~.. ;.3..d..;..<..........p..s..J..N `Az......@..lHTTP/1.1 200 OK..Content-Type: application/pkix-crl..Last-Modified: Fri, 19 Dec 2014 06:02:00 GMT..Accept-Ranges: bytes..ETag: "9a9a44d511bd01:0"..Server: Microsoft-IIS/8.0..VTag: 438346843700000000..P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Content-Length: 550..Cache-Control: max-age=900..Date: Tue, 06 Jan 2015 05:21:08 GMT..Connection: keep-alive..0.."0......0...*.H........0w1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-Stamp PCA..141218221600Z..150319103600Z._0]0...U.#..0...#4..RFp..@.v.. ..5..0... .....7.......0...U......10... .....7......150318222600Z0...*.H............./..0Q~.r.}.E....&\....F.Z.C..#..F.s........<&\..9G..-....j..N... .C.Fk....;l.....2.K5D.........-.>...(...g.0.S.[?...T4q>.ln...z..L.......5.5s@d.q.('..e...Y..Bo..q..........I....'....i>..y:.eH@h`..\...UA.m#.~.. ;.3..
<<< skipped >>>
Map
The PUP connects to the servers at the folowing location(s):
Strings from Dumps
debut.exe_1832:
.rdata
.rdata
@.data
@.data
.rsrc
.rsrc
mscoree.dll
mscoree.dll
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
.mixcrt
.mixcrt
KERNEL32.DLL
KERNEL32.DLL
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
operator
operator
user32.dll
user32.dll
hXXp://%s/components/de/%s
hXXp://%s/components/de/%s
hXXp://%s/components/%s
hXXp://%s/components/%s
hXXp://VVV.audiochannel.net/versions/components/%s_de.txt
hXXp://VVV.audiochannel.net/versions/components/%s_de.txt
%s%d%d%d
%s%d%d%d
kernel32.dll
kernel32.dll
hXXp://cgi.nch.com.au/cgi-bin/regcheck.exe?cmd=v&id=%d&magic=%d&magicb=%d
hXXp://cgi.nch.com.au/cgi-bin/regcheck.exe?cmd=v&id=%d&magic=%d&magicb=%d
Cannot put days of week interval: %x
Cannot put days of week interval: %x
tb_%s_row.dat
tb_%s_row.dat
hXXp://VVV.audiochannel.net/versions/components/%s
hXXp://VVV.audiochannel.net/versions/components/%s
hXXp://VVV.audiochannel.net/components/toolbars/NCH_Chrome.exe
hXXp://VVV.audiochannel.net/components/toolbars/NCH_Chrome.exe
hXXp://VVV.audiochannel.net/components/toolbars/NCH_GoogleToolbar.exe
hXXp://VVV.audiochannel.net/components/toolbars/NCH_GoogleToolbar.exe
version="%s"
version="%s"
%s>
%s>
hXXp://VVV.audiochannel.net/versions/debut_de.txt
hXXp://VVV.audiochannel.net/versions/debut_de.txt
comctl32.dll
comctl32.dll
TaskDialogIndirect
TaskDialogIndirect
UxTheme.dll
UxTheme.dll
dwmapi.dll
dwmapi.dll
%d %d
%d %d
--%s--
--%s--
GET %s HTTP/1.0
GET %s HTTP/1.0
Host: %s
Host: %s
graph-video.facebook.com
graph-video.facebook.com
graph.facebook.com
graph.facebook.com
POST /me/%s? HTTP/1.0
POST /me/%s? HTTP/1.0
Content-Length: %d
Content-Length: %d
Content-Disposition: form-data; name="%s"
Content-Disposition: form-data; name="%s"
flickr.auth.getFrob
flickr.auth.getFrob
%sapi_key%smethod%s
%sapi_key%smethod%s
api.flickr.com/services/rest/
api.flickr.com/services/rest/
%s?api_key=%s&api_sig=%s&method=%s
%s?api_key=%s&api_sig=%s&method=%s
%sapi_key%sfrob%sperms%s
%sapi_key%sfrob%sperms%s
VVV.flickr.com/services/auth/
VVV.flickr.com/services/auth/
flickr.auth.getToken
flickr.auth.getToken
%sapi_key%sfrob%smethod%s
%sapi_key%sfrob%smethod%s
%s?api_key=%s&frob=%s&method=%s&api_sig=%s
%s?api_key=%s&frob=%s&method=%s&api_sig=%s
http=
http=
CONNECT %s:%d HTTP/1.0
CONNECT %s:%d HTTP/1.0
%s/%s
%s/%s
HTTP/1.
HTTP/1.
..\llib\net\ssl.cpp
..\llib\net\ssl.cpp
HTTP/1.1
HTTP/1.1
Email=%s&Passwd=%s&service=youtube&source=NCH Software-Debut-1.95
Email=%s&Passwd=%s&service=youtube&source=NCH Software-Debut-1.95
POST /accounts/ClientLogin HTTP/1.0
POST /accounts/ClientLogin HTTP/1.0
Host: google.com
Host: google.com
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
X-GData-Key: key=AI39si7iPVmebTnCN7UJpEAyFCl4RVfIx0zMzzwRMeX_9Nu-XzbjjazMrGIu90vaGka0C9qBj0rAJCnJEGFbd_vf90Ru4DrqFg
X-GData-Key: key=AI39si7iPVmebTnCN7UJpEAyFCl4RVfIx0zMzzwRMeX_9Nu-XzbjjazMrGIu90vaGka0C9qBj0rAJCnJEGFbd_vf90Ru4DrqFg
Content-Length: %u
Content-Length: %u
xmlns:media="hXXp://search.yahoo.com/mrss/"
xmlns:media="hXXp://search.yahoo.com/mrss/"
xmlns:yt="hXXp://gdata.youtube.com/schemas/2007">
xmlns:yt="hXXp://gdata.youtube.com/schemas/2007">
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
Content-Type: video/%s
Content-Type: video/%s
POST /feeds/api/users/default/uploads HTTP/1.1
POST /feeds/api/users/default/uploads HTTP/1.1
Host: uploads.gdata.youtube.com
Host: uploads.gdata.youtube.com
Authorization: GoogleLogin auth=%s
Authorization: GoogleLogin auth=%s
Slug: %s
Slug: %s
Content-Disposition: form-data; name="photo"; filename="%s"
Content-Disposition: form-data; name="photo"; filename="%s"
Content-Type: image/%s; charset=UTF-8
Content-Type: image/%s; charset=UTF-8
POST /services/upload/ HTTP/1.1
POST /services/upload/ HTTP/1.1
Host: api.flickr.com
Host: api.flickr.com
Content-Type: multipart/form-data; boundary=%s
Content-Type: multipart/form-data; boundary=%s
url_open_buf
url_open_buf
url_close_buf
url_close_buf
Authorization: Basic %s
Authorization: Basic %s
User-Agent: %s
User-Agent: %s
HTTP/
HTTP/
%dx%d
%dx%d
?#%X.y
?#%X.y
GetProcessHeap
GetProcessHeap
CreatePipe
CreatePipe
PeekNamedPipe
PeekNamedPipe
SetThreadExecutionState
SetThreadExecutionState
KERNEL32.dll
KERNEL32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
RegDeleteKeyW
RegDeleteKeyW
RegSetKeySecurity
RegSetKeySecurity
RegCreateKeyExW
RegCreateKeyExW
CryptDeriveKey
CryptDeriveKey
RegOpenKeyW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
comdlg32.dll
comdlg32.dll
GetViewportExtEx
GetViewportExtEx
SetViewportExtEx
SetViewportExtEx
GDI32.dll
GDI32.dll
acmDriverClose
acmDriverClose
acmDriverDetailsW
acmDriverDetailsW
acmDriverEnum
acmDriverEnum
acmDriverOpen
acmDriverOpen
MSACM32.dll
MSACM32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
ShellExecuteW
ShellExecuteW
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
SHDeleteEmptyKeyW
SHDeleteEmptyKeyW
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
CreateDialogIndirectParamW
CreateDialogIndirectParamW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
ExitWindowsEx
ExitWindowsEx
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowsHookExW
GetKeyState
GetKeyState
GetKeyNameTextW
GetKeyNameTextW
UnregisterHotKey
UnregisterHotKey
RegisterHotKey
RegisterHotKey
MapVirtualKeyW
MapVirtualKeyW
USER32.dll
USER32.dll
WINMM.dll
WINMM.dll
WS2_32.dll
WS2_32.dll
NETAPI32.dll
NETAPI32.dll
MSIMG32.dll
MSIMG32.dll
GdiplusShutdown
GdiplusShutdown
gdiplus.dll
gdiplus.dll
iphlpapi.dll
iphlpapi.dll
WININET.dll
WININET.dll
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
zcÃ
zcÃ
ndssh
ndssh
WQSSh
WQSSh
SSShn
SSShn
SSSho
SSSho
SSSh.
SSSh.
SSSh/
SSSh/
|$`SRjePSSSSh
|$`SRjePSSSSh
|$dRjgPSSSSh
|$dRjgPSSSSh
PRSSSSh
PRSSSSh
SQWRSSSSh
SQWRSSSSh
RSSSSh
RSSSSh
SPj{QSSSSh
SPj{QSSSSh
SPj|QSSSSh
SPj|QSSSSh
QSSSSh
QSSSSh
PSSSSSSh
PSSSSSSh
SPSSSSSSShd6@
SPSSSSSSShd6@
L$
L$
SSSSh
SSSSh
SQjfRSSSSh
SQjfRSSSSh
RQSSSSh
RQSSSSh
SPjgQSSSSh
SPjgQSSSSh
SPjhQSSSSh
SPjhQSSSSh
SSShlSB
SSShlSB
tASSh
tASSh
u ShP%C
u ShP%C
RPSSh
RPSSh
|$ WPSSh
|$ WPSSh
SRSSSSSSShd6@
SRSSSSSSShd6@
t.Vh \C
t.Vh \C
W)SSh
W)SSh
O)SSh
O)SSh
G)SSh
G)SSh
D$9SSh
D$9SSh
N)SSh
N)SSh
F)SSh
F)SSh
V)SSh
V)SSh
L$.QR
L$.QR
%Program Files% (x86)\NCH Software\Debut\debut.exe
%Program Files% (x86)\NCH Software\Debut\debut.exe
ssshhhWWW
ssshhhWWW
VVV...}}}
VVV...}}}
666666666666666666
666666666666666666
777777777
777777777
777777999
777777999
;7/30). %&$"*('
;7/30). %&$"*('
(%xSK
(%xSK
/'//'77'/'
/'//'77'/'
&&'&'$##
&&'&'$##
5'%%'%%;
5'%%'%%;
'.ONKD@;
'.ONKD@;
%6SUq
%6SUq
&&&((((( %F
&&&((((( %F
...02213
...02213
[.EJJEEEEED:88988888888[
[.EJJEEEEED:88988888888[
[$88480
[$88480
,,,,-,,,,%,%
,,,,-,,,,%,%
(6266662
(6266662
6(6666%--*.
6(6666%--*.
.)&&&(('*---.
.)&&&(('*---.
7111111
7111111
&(&((&(&(
&(&((&(&(
()))())))0
()))())))0
|{{{{|{{{{|{{|{{|{{{|
|{{{{|{{{{|{{|{{|{{{|
.CC./
.CC./
9999999
9999999
" " "3871!
" " "3871!
###{||||
###{||||
#42 (
#42 (
& 479830
& 479830
*27==
*27==
15?>
15?>
58=@@?>
58=@@?>
. 6 ::.
. 6 ::.
@7387>@3
@7387>@3
13111(((
13111(((
!%X=P
!%X=P
mhXXp://ns.adobe.com/xap/1.0/
mhXXp://ns.adobe.com/xap/1.0/
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
hXXp://ns.adobe.com/xap/1.0/
hXXp://ns.adobe.com/xap/1.0/
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
%d x %d %s
%d x %d %s
%d x %d
%d x %d
%d F/s
%d F/s
%d FPS
%d FPS
Webcam
Webcam
\\.\DebutFilter
\\.\DebutFilter
debutfilterx64.inf
debutfilterx64.inf
debutfilterinstallerx64.exe
debutfilterinstallerx64.exe
debutfilterx86.inf
debutfilterx86.inf
debutfilterinstallerx86.exe
debutfilterinstallerx86.exe
%d:%d:%d
%d:%d:%d
shell32.dll
shell32.dll
Software\NCH Software\%s\Settings
Software\NCH Software\%s\Settings
Software\NCH Swift Sound\%s\Settings
Software\NCH Swift Sound\%s\Settings
"%s" %%s
"%s" %%s
hXXp://VVV.nch.com.au/components/%s.exe
hXXp://VVV.nch.com.au/components/%s.exe
Warte auf %s
Warte auf %s
Debut wird fortfahren, wenn %s schlie
Debut wird fortfahren, wenn %s schlie
Datei nicht vorhanden: %s
Datei nicht vorhanden: %s
gbar, um %s zu laden
gbar, um %s zu laden
ffnen: %s
ffnen: %s
%d:%d:%d:%d
%d:%d:%d:%d
recordings.log
recordings.log
%s %s
%s %s
%u %c
%u %c
Datei "%s" bereits vorhanden. M
Datei "%s" bereits vorhanden. M
-show -type data -label BACKUP -list "%s" -burn -exit
-show -type data -label BACKUP -list "%s" -burn -exit
%s Upload fehlgeschlagen.
%s Upload fehlgeschlagen.
Konnte %s nicht hochladen
Konnte %s nicht hochladen
%d von %d Dateien erfolgreich hochgeladen
%d von %d Dateien erfolgreich hochgeladen
Einstellungen und Optionen anpassen
Einstellungen und Optionen anpassen
Von einer Webkamera aufzeichnen
Von einer Webkamera aufzeichnen
%s\%s
%s\%s
Hotkey
Hotkey
SOFTWARE\Microsoft\Windows\Currentversion\RunOnce
SOFTWARE\Microsoft\Windows\Currentversion\RunOnce
%s - Lizenzierte software
%s - Lizenzierte software
%s - Lizenziert f
%s - Lizenziert f
%s (Nicht lizenziert) Nur nicht-gewerbliche Privatnutzung
%s (Nicht lizenziert) Nur nicht-gewerbliche Privatnutzung
%sFormat
%sFormat
%sAspectRatio
%sAspectRatio
%sAspectRatioNum
%sAspectRatioNum
%sAspectRatioDen
%sAspectRatioDen
%sMPEG2Transport
%sMPEG2Transport
%sVideoInputPin
%sVideoInputPin
%sAudioInputPin
%sAudioInputPin
Software\NCH Software\%s\Registration
Software\NCH Software\%s\Registration
SendRunExe
SendRunExe
@debuthooksdll.dll
@debuthooksdll.dll
..\debuthooksdll\release\debuthooksdll.dll
..\debuthooksdll\release\debuthooksdll.dll
WindowsMedia_VideoBitrate
WindowsMedia_VideoBitrate
Unbekanntes Format: %s
Unbekanntes Format: %s
Um im WMV- oder ASF-Format aufzunehmen, ist (mindestens) Windows Media Player Version 9 notwendig.
Um im WMV- oder ASF-Format aufzunehmen, ist (mindestens) Windows Media Player Version 9 notwendig.
IPcamURL
IPcamURL
Unbekannter Befehl: %s
Unbekannter Befehl: %s
_debuthooksdll.dll
_debuthooksdll.dll
WebCamVideoSettings
WebCamVideoSettings
IPcamPassword
IPcamPassword
Item %d
Item %d
WebcamDeinterlace
WebcamDeinterlace
%s (%s)
%s (%s)
Aufnahme (F5) oder (%s)
Aufnahme (F5) oder (%s)
Pause (F6) oder (%s)
Pause (F6) oder (%s)
Stopp (F7) oder (%s)
Stopp (F7) oder (%s)
Momentaufnahme als JPG- oder PNG-Datei speichern (F8) oder (%s)
Momentaufnahme als JPG- oder PNG-Datei speichern (F8) oder (%s)
%s (%s) oder (%s)
%s (%s) oder (%s)
pfung %s verwenden oder das Symbol in der Taskleiste dr
pfung %s verwenden oder das Symbol in der Taskleiste dr
Windows Media Bildschirmcodec unterst
Windows Media Bildschirmcodec unterst
Windows Media Bildschirmcodec ist nur f
Windows Media Bildschirmcodec ist nur f
Webkamera
Webkamera
Wenn Sie fortfahren, wird Ihre Aufnahme angehalten. Sind Sie sicher, dass Sie zum Aufnahmemodus %s wechseln m
Wenn Sie fortfahren, wird Ihre Aufnahme angehalten. Sind Sie sicher, dass Sie zum Aufnahmemodus %s wechseln m
Momentaufnahmen-Datei %s ist bereits vorhanden.
Momentaufnahmen-Datei %s ist bereits vorhanden.
Ihre geplante Aufnahme '%s' wurde jetzt begonnen - Dauer: %s
Ihre geplante Aufnahme '%s' wurde jetzt begonnen - Dauer: %s
Ihre geplante Aufnahme '%s' konnte nicht starten
Ihre geplante Aufnahme '%s' konnte nicht starten
Zur Erstellung eines Webcam-Sicherheitssystems
Zur Erstellung eines Webcam-Sicherheitssystems
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\divx
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\divx
Kann "%s" Videokompressor nicht verwenden. Kompressoreinstellung wurde ge
Kann "%s" Videokompressor nicht verwenden. Kompressoreinstellung wurde ge
Zwischen der Zeitdauer (%s) und der tats
Zwischen der Zeitdauer (%s) und der tats
chlichen Aufnahmedauer (%s) wurde eine gro
chlichen Aufnahmedauer (%s) wurde eine gro
%s %d
%s %d
*.asf
*.asf
*.avi
*.avi
*.flv
*.flv
*.mkv
*.mkv
*.mov
*.mov
*.mp4
*.mp4
*.mpg
*.mpg
*.wmv
*.wmv
*.jpg
*.jpg
*.png
*.png
Wasserzeichen-Videoeffekte anpassen
Wasserzeichen-Videoeffekte anpassen
Farbe anpassen und Videoeffekte
Farbe anpassen und Videoeffekte
Farbe der Videoeffekte anpassen
Farbe der Videoeffekte anpassen
Beschriftung der Videoeffekte anpassen
Beschriftung der Videoeffekte anpassen
Webkamera aufnehmen als:
Webkamera aufnehmen als:
0:00:00.000
0:00:00.000
A%d:%.2d:%.2d:%.3d
A%d:%.2d:%.2d:%.3d
%d verwerfen
%d verwerfen
%d F/s/%d verwerfen
%d F/s/%d verwerfen
8:00:00.000
8:00:00.000
Ã% = Aktueller Tag
Ã% = Aktueller Tag
%SS% = Aktuelle Sekunde
%SS% = Aktuelle Sekunde
hlter Bereich: %d,%d; %d x %d
hlter Bereich: %d,%d; %d x %d
hlen: {%d, %d, %d, %d} Breite %d, H
hlen: {%d, %d, %d, %d} Breite %d, H
he %d
he %d
hlen: %s
hlen: %s
sndvol32.exe
sndvol32.exe
sndvol.exe
sndvol.exe
control.exe mmsys.cpl,,1
control.exe mmsys.cpl,,1
sndvol32.exe /rec
sndvol32.exe /rec
URL der Netzwerkkamera eingeben
URL der Netzwerkkamera eingeben
hXXp://VVV.altoedge.com/usbcapture/index.html
hXXp://VVV.altoedge.com/usbcapture/index.html
Anzeigen, wie man die URL der Netzwerkkamera abruft
Anzeigen, wie man die URL der Netzwerkkamera abruft
hXXp://VVV.nch.com.au/kb/de/10245.html
hXXp://VVV.nch.com.au/kb/de/10245.html
ltige URL
ltige URL
URL ist ung
URL ist ung
hren, um in Windows XP Aufnahme von Lautsprechern zu aktivieren.
hren, um in Windows XP Aufnahme von Lautsprechern zu aktivieren.
WebcamStretch
WebcamStretch
Audioaufnahme von %s
Audioaufnahme von %s
Wenn Sie die Einstellungen anpassen, werden Aufnahme und Vorschau angehalten. Sind Sie sicher, dass Sie die Einstellungen anpassen m
Wenn Sie die Einstellungen anpassen, werden Aufnahme und Vorschau angehalten. Sind Sie sicher, dass Sie die Einstellungen anpassen m
hrend der Anpassung dieser Einstellungen wird die Hauptvorschau pausiert. M
hrend der Anpassung dieser Einstellungen wird die Hauptvorschau pausiert. M
password
password
URL der Netzwerkkamera %s wurde entfernt
URL der Netzwerkkamera %s wurde entfernt
URL der Netzwerkkamera entfernt
URL der Netzwerkkamera entfernt
LTIGES FORMAT - erfordert entweder %autonumber%, %YYYY%, %MM%, Ã%, %HH%, %MIN% oder %SS%
LTIGES FORMAT - erfordert entweder %autonumber%, %YYYY%, %MM%, Ã%, %HH%, %MIN% oder %SS%
%s.avi
%s.avi
chste AutoNummerierung: %d
chste AutoNummerierung: %d
Bitte geben Sie die EXE- oder BAT-Datei an, die Sie ausf
Bitte geben Sie die EXE- oder BAT-Datei an, die Sie ausf
%s.jpg
%s.jpg
nger als %s (h:mm:ss).
nger als %s (h:mm:ss).
%s_%d
%s_%d
WebcamVideoSettings
WebcamVideoSettings
Hochladen %s
Hochladen %s
Global\%s
Global\%s
fmm%s
fmm%s
API-Test OK [%s].
API-Test OK [%s].
Local_Response_%d
Local_Response_%d
help/arrowlist.gif
help/arrowlist.gif
help/help.js
help/help.js
help/hlp.css
help/hlp.css
help/other.html
help/other.html
help/snapshot.html
help/snapshot.html
help/record.html
help/record.html
help/output.html
help/output.html
help/devices.html
help/devices.html
help/ooscreen.html
help/ooscreen.html
help/oonetwork.html
help/oonetwork.html
help/oodevices.html
help/oodevices.html
help/ltaskdatapanel.html
help/ltaskdatapanel.html
help/edittaskdlg.html
help/edittaskdlg.html
help/scheduler.html
help/scheduler.html
help/watermark.html
help/watermark.html
help/flickrauth.html
help/flickrauth.html
help/licenceterms.html
help/licenceterms.html
help/followmousecursor.html
help/followmousecursor.html
help/selectiontool.html
help/selectiontool.html
help/colorsettings.html
help/colorsettings.html
help/textcaption.html
help/textcaption.html
help/keychange.html
help/keychange.html
help/control.html
help/control.html
help/options.html
help/options.html
help/recordingslist.html
help/recordingslist.html
help/commandline.html
help/commandline.html
help/recordingcontrols.html
help/recordingcontrols.html
help/about.html
help/about.html
help/index.html
help/index.html
/InternetRepo/nch_com_au/components/x264enc5.exe
/InternetRepo/nch_com_au/components/x264enc5.exe
/InternetRepo/nch_com_au/components/mp3el2.exe
/InternetRepo/nch_com_au/components/mp3el2.exe
clickup.wav
clickup.wav
clickdown.wav
clickdown.wav
cursorright.png
cursorright.png
cursorboth.png
cursorboth.png
cursorleft.png
cursorleft.png
clickraw.png
clickraw.png
debutfilterx64.sys
debutfilterx64.sys
debutfilterx86.sys
debutfilterx86.sys
debutfilterx64.cat
debutfilterx64.cat
debutfilterx86.cat
debutfilterx86.cat
debut.exe
debut.exe
VVV.nchsoftware.com/capture/de/index.html
VVV.nchsoftware.com/capture/de/index.html
Debut Videorekorder.lnk
Debut Videorekorder.lnk
Software\Microsoft\Windows\CurrentVersion\Uninstall\Debut
Software\Microsoft\Windows\CurrentVersion\Uninstall\Debut
VVV.nchsoftware.com/capture/de/support.html
VVV.nchsoftware.com/capture/de/support.html
URLInfoAbout
URLInfoAbout
URLUpdateInfo
URLUpdateInfo
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
uninst.exe
uninst.exe
nnen Sie diese von VVV.nchsoftware.com/de herunterladen.
nnen Sie diese von VVV.nchsoftware.com/de herunterladen.
"%s" -uninstall
"%s" -uninstall
debutsetup_v1.95.exe
debutsetup_v1.95.exe
FSoftware\NCH Software\Debut\%s
FSoftware\NCH Software\Debut\%s
Software\NCH Software\Components\%s
Software\NCH Software\Components\%s
-LQUIET -instby %sDebut
-LQUIET -instby %sDebut
audiochannel.net
audiochannel.net
VVV.nch.com.au
VVV.nch.com.au
hren Sie dies von unten stehender URL aus und versuchen es erneut.
hren Sie dies von unten stehender URL aus und versuchen es erneut.
n%d-%d-%d
n%d-%d-%d
%s=%s
%s=%s
%s%s%s
%s%s%s
_debut_rl_%s
_debut_rl_%s
hXXp://VVV.nch.com.au/software/de/bug.html?software=Debut&version=1.95&xi=AbTermOrHang-Win%d%d
hXXp://VVV.nch.com.au/software/de/bug.html?software=Debut&version=1.95&xi=AbTermOrHang-Win%d%d
Win%d%d
Win%d%d
Ukn0(Msg%dLstCmd%d)
Ukn0(Msg%dLstCmd%d)
(Cmd%d)
(Cmd%d)
%s-%s-%s-%s
%s-%s-%s-%s
dbghelp.dll
dbghelp.dll
hXXp://VVV.nch.com.au/software/de/bug.html?software=Debut&version=1.95&lang=de&xi=GUI-%s
hXXp://VVV.nch.com.au/software/de/bug.html?software=Debut&version=1.95&lang=de&xi=GUI-%s
%d-%d-%%d
%d-%d-%%d
*.exe;*.com;*.bat;
*.exe;*.com;*.bat;
*.dat
*.dat
hXXps://secure.nch.com.au/cgi-bin/register-de.exe?software=debut&source=softwaretrial
hXXps://secure.nch.com.au/cgi-bin/register-de.exe?software=debut&source=softwaretrial
mhXXp://VVV.nchsoftware.com
mhXXp://VVV.nchsoftware.com
nnen Sie auf der unten stehenden Webseite finden. Sie k
nnen Sie auf der unten stehenden Webseite finden. Sie k
&usage=XX
&usage=XX
hrten Instanzen von Debut Videorekorder beendet wurden, sowie alle anderen Programme, die die Datei "%s" verwenden k
hrten Instanzen von Debut Videorekorder beendet wurden, sowie alle anderen Programme, die die Datei "%s" verwenden k
Installation kann nicht beendet werden, da in Datei "%s" nicht geschrieben werden kann.
Installation kann nicht beendet werden, da in Datei "%s" nicht geschrieben werden kann.
LLIBShowrelatedwhenchromeoff
LLIBShowrelatedwhenchromeoff
LLIBShowrelatedwhenchromeon
LLIBShowrelatedwhenchromeon
LLIBShowrelatedwhennochromeoff
LLIBShowrelatedwhennochromeoff
LLIBShowrelatedwhennochromeon
LLIBShowrelatedwhennochromeon
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\%s\UserChoice
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\%s\UserChoice
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\%s
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\%s
explorer.exe
explorer.exe
Advapi32.dll
Advapi32.dll
W"%s" %s
W"%s" %s
explorer.exe "%s"
explorer.exe "%s"
explorer.exe /select,"%s"
explorer.exe /select,"%s"
hXXp://VVV.nchsoftware.com/%s.html
hXXp://VVV.nchsoftware.com/%s.html
hXXp://VVV.nchsoftware.com/de/index.html
hXXp://VVV.nchsoftware.com/de/index.html
hXXp://VVV.nch.com.au/%s.html
hXXp://VVV.nch.com.au/%s.html
hXXp://VVV.nch.com.au/kb/de/%d.html
hXXp://VVV.nch.com.au/kb/de/%d.html
%%.ß
%%.ß
%sLock
%sLock
Local\DebutProcessEXE%s
Local\DebutProcessEXE%s
hXXp://VVV.nch.com.au/upgrade/de/index.html?software=debut&upgradeid=%d&upgradekey=%s
hXXp://VVV.nch.com.au/upgrade/de/index.html?software=debut&upgradeid=%d&upgradekey=%s
hXXp://VVV.nch.com.au/activate/de/index.html?code=%s
hXXp://VVV.nch.com.au/activate/de/index.html?code=%s
hXXps://secure.nch.com.au/cgi-bin/register-de.exe?software=debut&version=1.95%s%s%s%s%s%s%s%s&instby=%s
hXXps://secure.nch.com.au/cgi-bin/register-de.exe?software=debut&version=1.95%s%s%s%s%s%s%s%s&instby=%s
hXXp://VVV.nchsoftware.com/software/de/registered.html?software=%s&appname=%s&version=1.95&base=capture&domain=nchsoftware%s%s%s%s%s%s%s
hXXp://VVV.nchsoftware.com/software/de/registered.html?software=%s&appname=%s&version=1.95&base=capture&domain=nchsoftware%s%s%s%s%s%s%s
ID - Key:
ID - Key:
%s-%s
%s-%s
hXXp://VVV.nch.com.au/upgrade/de/index.html
hXXp://VVV.nch.com.au/upgrade/de/index.html
%s Registrierungscode:
%s Registrierungscode:
%s registrieren
%s registrieren
Hier klicken, wenn Sie Ihre 12-stellige Seriennummer noch nicht online aktiviert und keinen ID-Key erhalten haben.
Hier klicken, wenn Sie Ihre 12-stellige Seriennummer noch nicht online aktiviert und keinen ID-Key erhalten haben.
Wenn Sie Ihre Seriennummer bereits online aktiviert haben, sehen Sie in Ihren E-Mails nach dem ID-Key. Klicken Sie dann hier, um Ihren ID-Key einzugeben.
Wenn Sie Ihre Seriennummer bereits online aktiviert haben, sehen Sie in Ihren E-Mails nach dem ID-Key. Klicken Sie dann hier, um Ihren ID-Key einzugeben.
ssen Ihre Seriennummer online aktivieren, um den ID-Key zu erhalten, welcher zur Registrierung der Software n
ssen Ihre Seriennummer online aktivieren, um den ID-Key zu erhalten, welcher zur Registrierung der Software n
ID-Key ist notwendig, um die Registrierung abzuschlie
ID-Key ist notwendig, um die Registrierung abzuschlie
Alter Versionskey
Alter Versionskey
- Sie verwenden die richtige ID und den richtigen Key f
- Sie verwenden die richtige ID und den richtigen Key f
- Nur die ID und der Key f
- Nur die ID und der Key f
support/de/reg
support/de/reg
registration.txt
registration.txt
Name: %s
Name: %s
Lokation: %s
Lokation: %s
ID - Key: %d - %s
ID - Key: %d - %s
-clear -label "Debut Videorekorder Installer" -type data "%s" "%s"
-clear -label "Debut Videorekorder Installer" -type data "%s" "%s"
Key kann nicht validiert werden. Bitte gehen Sie ins Internet und versuchen Sie es erneut.
Key kann nicht validiert werden. Bitte gehen Sie ins Internet und versuchen Sie es erneut.
support/reg
support/reg
Hier klicken, um auf die NCH Software Webseite zu gehen und die aktuellen Preise anzuzeigen
Hier klicken, um auf die NCH Software Webseite zu gehen und die aktuellen Preise anzuzeigen
00:00:00
00:00:00
2013-12-01
2013-12-01
InstallReport
InstallReport
nch.com.au
nch.com.au
nchsoftware.com
nchsoftware.com
hXXp://VVV.%s/%s
hXXp://VVV.%s/%s
%s [Empfohlen]
%s [Empfohlen]
Google Chrome, der schnelle Webbrowser
Google Chrome, der schnelle Webbrowser
Kostenlose Spiele, Designs und Extras im Google Chrome Web Store
Kostenlose Spiele, Designs und Extras im Google Chrome Web Store
Warum Chrome:
Warum Chrome:
Google Chrome als Standardbrowser installieren
Google Chrome als Standardbrowser installieren
Mit der Google Toolbar wird die Suche im Web noch einfacher:
Mit der Google Toolbar wird die Suche im Web noch einfacher:
Suche von jeder beliebigen Website aus
Suche von jeder beliebigen Website aus
bersetzung von Webseiten
bersetzung von Webseiten
hXXp://VVV.google.com/toolbar/ie/partnereula.html?hl=de
hXXp://VVV.google.com/toolbar/ie/partnereula.html?hl=de
hXXp://VVV.google.com/accounts/TOS?hl=de
hXXp://VVV.google.com/accounts/TOS?hl=de
hXXp://VVV.google.com/intl/de/privacy/privacy-policy.html
hXXp://VVV.google.com/intl/de/privacy/privacy-policy.html
hXXp://VVV.google.com/chrome/intl/de/eula_text.html
hXXp://VVV.google.com/chrome/intl/de/eula_text.html
hXXp://VVV.google.com/chrome/intl/de/privacy.html
hXXp://VVV.google.com/chrome/intl/de/privacy.html
von Google Chrome zu.
von Google Chrome zu.
reject-chrome
reject-chrome
Automatischer Download der Installation-bei-Bedarf-Komponente "%s" fehlgeschlagen.
Automatischer Download der Installation-bei-Bedarf-Komponente "%s" fehlgeschlagen.
Webseite wird nun ge
Webseite wird nun ge
Webseite
Webseite
NCH Software\Debut%s
NCH Software\Debut%s
Debut%s
Debut%s
%sT%s
%sT%s
%s%sshmf%ii.bin.tmp
%s%sshmf%ii.bin.tmp
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
software\microsoft\windows\currentversion\app paths\%s
software\microsoft\windows\currentversion\app paths\%s
.html
.html
%s\shell\open\command
%s\shell\open\command
http\shell\open\command
http\shell\open\command
iexplore.exe
iexplore.exe
iexplorer.exe
iexplorer.exe
firefox.exe
firefox.exe
chrome.exe
chrome.exe
Wird installiert: Google Chrome
Wird installiert: Google Chrome
ChromeRequiresLaunch
ChromeRequiresLaunch
ChromeDebut
ChromeDebut
software\Google\No Chrome Offer Until
software\Google\No Chrome Offer Until
InstallingChrome
InstallingChrome
LaunchChromeOnInstall
LaunchChromeOnInstall
hXXp://VVV.nchsoftware.com/software/de/thanks.html?software=Debut&appname=%s&version=1.95&base=capture&domain=nchsoftware&buyoffer=debut&pclass=plus%s%s%s%s%s%s%s%s&instby=%s
hXXp://VVV.nchsoftware.com/software/de/thanks.html?software=Debut&appname=%s&version=1.95&base=capture&domain=nchsoftware&buyoffer=debut&pclass=plus%s%s%s%s%s%s%s%s&instby=%s
NCH_Chrome.exe
NCH_Chrome.exe
Chrome wurde leider nicht installiert, da w
Chrome wurde leider nicht installiert, da w
Chrome
Chrome
NCH_GoogleToolbar.exe
NCH_GoogleToolbar.exe
chrome-google
chrome-google
chrome
chrome
Google Chrome installieren - Gratis
Google Chrome installieren - Gratis
Chrome f
Chrome f
Wir empfehlen Google Chrome als bevorzugten Viewer unserer Hilfedateien.
Wir empfehlen Google Chrome als bevorzugten Viewer unserer Hilfedateien.
Google Chrome ist kostenlos und schnell.
Google Chrome ist kostenlos und schnell.
Google Chrome wird installiert
Google Chrome wird installiert
(EOF) Element should be terminated with %s>. Check you have terminated your element properly.
(EOF) Element should be terminated with %s>. Check you have terminated your element properly.
Tag hat kein schlie
Tag hat kein schlie
Misplaced %s> which does not match a .
Misplaced %s> which does not match a .
Element should be terminated with %s>, was with %s. Check you have terminated your element properly.
Element should be terminated with %s>, was with %s. Check you have terminated your element properly.
Ln %d, Col %d: %s
Ln %d, Col %d: %s
Parts of this software are copyright and fall under the Info-Zip License. To view the license terms please open VVV.nchsoftware.com/backup/kb/1188.html.
Parts of this software are copyright and fall under the Info-Zip License. To view the license terms please open VVV.nchsoftware.com/backup/kb/1188.html.
hXXp://VVV.nchsoftware.com/software/de/newsletter.html?software=Debut&version=1.95&lang=de%s%s
hXXp://VVV.nchsoftware.com/software/de/newsletter.html?software=Debut&version=1.95&lang=de%s%s
Die Version 1.95 von Debut Videorekorder funktioniert nur mit Windows 8 oder fr
Die Version 1.95 von Debut Videorekorder funktioniert nur mit Windows 8 oder fr
nnen Sie auf VVV.nchsoftware.com/de herunterladen.
nnen Sie auf VVV.nchsoftware.com/de herunterladen.
%s%*c
%s%*c
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
"%s" -logon
"%s" -logon
-setautorun %s
-setautorun %s
Technische Support-Seite
Technische Support-Seite
Classic FTP Software
Classic FTP Software
tar.gz
tar.gz
cftpsetup
cftpsetup
ClassicFTP
ClassicFTP
Software\Classes\%s
Software\Classes\%s
Software\NCH Software\%s
Software\NCH Software\%s
Software\NCH Swift Sound\%s
Software\NCH Swift Sound\%s
Schnelle Installation bei Bedarf %s
Schnelle Installation bei Bedarf %s
-extfind %s
-extfind %s
Software\Classes\.%s
Software\Classes\.%s
software\microsoft\windows\currentversion\explorer\fileexts\.%s\userchoice
software\microsoft\windows\currentversion\explorer\fileexts\.%s\userchoice
%sfile
%sfile
%s\shell
%s\shell
%s\shell\open
%s\shell\open
"%s" -extfind %s "%%L"
"%s" -extfind %s "%%L"
%s\DefaultIcon
%s\DefaultIcon
%SystemRoot%\system32\shell32.dll,19
%SystemRoot%\system32\shell32.dll,19
Software\Classes\%s\Shell\%s\command
Software\Classes\%s\Shell\%s\command
Software\Classes\%s\Shell\%s
Software\Classes\%s\Shell\%s
Software\Classes\%s\Shell
Software\Classes\%s\Shell
NCH Software\%s\%s.exe
NCH Software\%s\%s.exe
NCH Swift Sound\%s\%s.exe
NCH Swift Sound\%s\%s.exe
%s "%s"
%s "%s"
Software\Classes\%s\shell\open\command
Software\Classes\%s\shell\open\command
Software\Classes\%s\shell
Software\Classes\%s\shell
Software\Classes\%s\shell\open
Software\Classes\%s\shell\open
Software\Classes\%s\DefaultIcon
Software\Classes\%s\DefaultIcon
%s%s%s%s
%s%s%s%s
hXXp://VVV.nch.com.au/suggestions/de/index.html?software=Debut&version=1.95&lang=de%s%s
hXXp://VVV.nch.com.au/suggestions/de/index.html?software=Debut&version=1.95&lang=de%s%s
hXXp://VVV.nch.com.au/software/de/bug.html?software=Debut&version=1.95&lang=de
hXXp://VVV.nch.com.au/software/de/bug.html?software=Debut&version=1.95&lang=de
hXXp://VVV.nchsoftware.com/software/de/video.html
hXXp://VVV.nchsoftware.com/software/de/video.html
hXXp://VVV.facebook.com/NCHSoftwareDE
hXXp://VVV.facebook.com/NCHSoftwareDE
hXXp://twitter.com/nchsoftwarede
hXXp://twitter.com/nchsoftwarede
hXXps://plus.google.com/ nchsoftware
hXXps://plus.google.com/ nchsoftware
hXXp://VVV.facebook.com/sharer/sharer.php?u=%s
hXXp://VVV.facebook.com/sharer/sharer.php?u=%s
Ich habe gerade %s heruntergeladen. Probiere es hier aus:
Ich habe gerade %s heruntergeladen. Probiere es hier aus:
hXXp://VVV.twitter.com/home?status=%s%s
hXXp://VVV.twitter.com/home?status=%s%s
hXXps://plusone.google.com/_/ 1/confirm?hl=de&url=%s
hXXps://plusone.google.com/_/ 1/confirm?hl=de&url=%s
hXXp://VVV.stumbleupon.com/submit?url=%s&title=NCH Software
hXXp://VVV.stumbleupon.com/submit?url=%s&title=NCH Software
hXXp://VVV.linkedin.com/shareArticle?url=%s&title=NCH Software&mini=true
hXXp://VVV.linkedin.com/shareArticle?url=%s&title=NCH Software&mini=true
hXXp://VVV.nchsoftware.com/software/de/rateit.html?software=Debut&appname=%s&version=1.95&rating=%d&buyoffer=debut&os=Win&lang=de&base=capture&domain=nchsoftware%s%s%s%s%s&instby=%s
hXXp://VVV.nchsoftware.com/software/de/rateit.html?software=Debut&appname=%s&version=1.95&rating=%d&buyoffer=debut&os=Win&lang=de&base=capture&domain=nchsoftware%s%s%s%s%s&instby=%s
%s Startseite
%s Startseite
UVVV.nchsoftware.com/capture/de
UVVV.nchsoftware.com/capture/de
splash.jpg
splash.jpg
Vertrieben von %s
Vertrieben von %s
Lizenzierter Benutzer: %s
Lizenzierter Benutzer: %s
Zoom: %d%%
Zoom: %d%%
*.bmp;*.jif;*.jiff;*.jpeg;*.wmf;*.ico;*.gif;*.jpg;*.jif;*.jiff;*.jpeg;*.exif;*.png;*.tif;*.tiff
*.bmp;*.jif;*.jiff;*.jpeg;*.wmf;*.ico;*.gif;*.jpg;*.jif;*.jiff;*.jpeg;*.exif;*.png;*.tif;*.tiff
{8856F961-340A-11D0-A96B-00C04FD705A2}
{8856F961-340A-11D0-A96B-00C04FD705A2}
Col%d
Col%d
Bild %s wird entschl
Bild %s wird entschl
Bild %s wird verschl
Bild %s wird verschl
Portable Anymap
Portable Anymap
Portable Network Graphics
Portable Network Graphics
Joint Photographic Experts Group
Joint Photographic Experts Group
.wbmp
.wbmp
.tiff
.tiff
.jpeg
.jpeg
%s wird geladen
%s wird geladen
%s wird gespeichert
%s wird gespeichert
%s/microsoft/windows mail/local folders/%s
%s/microsoft/windows mail/local folders/%s
SMTP_Server
SMTP_Server
SMTP_Email_Address
SMTP_Email_Address
00000001
00000001
Software\Microsoft\Internet Account Manager\Accounts\%s
Software\Microsoft\Internet Account Manager\Accounts\%s
SMTP Email Address
SMTP Email Address
SMTP Server
SMTP Server
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\%s
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\%s
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
%s\%s\d
%s\%s\d
%s\Thunderbird
%s\Thunderbird
%s\profiles.ini
%s\profiles.ini
%s\%s\prefs.js
%s\%s\prefs.js
mail.accountmanager.defaultaccount
mail.accountmanager.defaultaccount
mail.account.%s.identities
mail.account.%s.identities
mail.identity.%s.useremail
mail.identity.%s.useremail
mail.smtp.defaultserver
mail.smtp.defaultserver
mail.smtpserver.%s.hostname
mail.smtpserver.%s.hostname
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Eudora.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Eudora.exe
deudora.ini
deudora.ini
eudora.ini
eudora.ini
%s\Qualcomm\Eudora\eudora.ini
%s\Qualcomm\Eudora\eudora.ini
SMTPServer
SMTPServer
Windows Mail
Windows Mail
Mozilla Thunderbird
Mozilla Thunderbird
hXXps://VVV.facebook.com/dialog/oauth?client_id=257995060915392&scope=publish_stream&redirect_uri=hXXps://VVV.facebook.com/connect/login_success.html&response_type=token
hXXps://VVV.facebook.com/dialog/oauth?client_id=257995060915392&scope=publish_stream&redirect_uri=hXXps://VVV.facebook.com/connect/login_success.html&response_type=token
hXXps://VVV.facebook.com/connect/login_success.html
hXXps://VVV.facebook.com/connect/login_success.html
login_error.php?
login_error.php?
{"value": "%s"}
{"value": "%s"}
Content-Disposition: form-data; filename="%s"
Content-Disposition: form-data; filename="%s"
Facebook hat Fehlercode (%d) zur
Facebook hat Fehlercode (%d) zur
ltiger API-Key
ltiger API-Key
ltige URL gefunden
ltige URL gefunden
hXXp://%s?api_key=%s&perms=%s&frob=%s&api_sig=%s
hXXp://%s?api_key=%s&perms=%s&frob=%s&api_sig=%s
hXXp://google.com
hXXp://google.com
hXXp://yahoo.com
hXXp://yahoo.com
%d.%d.%d.%d
%d.%d.%d.%d
libeay32.dll
libeay32.dll
ssleay32.dll
ssleay32.dll
google.com
google.com
Sport
Sport
Sports
Sports
Passwort ist notwendig.
Passwort ist notwendig.
uploads.gdata.youtube.com
uploads.gdata.youtube.com
ckgegeben: "%s"
ckgegeben: "%s"
Von Lokation: "%s"
Von Lokation: "%s"
Ewmvcore.dll
Ewmvcore.dll
Windows Media Video 9
Windows Media Video 9
Windows Media Video 8
Windows Media Video 8
Windows Media Video 7
Windows Media Video 7
32 bit support
32 bit support
WebCam JPEG
WebCam JPEG
hXXp://VVV.altoedge.com/usbcapture/video.html
hXXp://VVV.altoedge.com/usbcapture/video.html
chen anpassen.
chen anpassen.
Unsupported
Unsupported
%d x %d [%s], %.2lf fps, %s
%d x %d [%s], %.2lf fps, %s
%d x %d, %.2lf fps, %s
%d x %d, %.2lf fps, %s
NCHScreenCapture %d %d %d %d %lf %d %d %d %d %d %d %d
NCHScreenCapture %d %d %d %d %lf %d %d %d %d %d %d %d
NCHIPCamrCapture&url=%s
NCHIPCamrCapture&url=%s
&user=%s
&user=%s
&password=%s
&password=%s
LAudioMixer %d
LAudioMixer %d
%d %s
%d %s
%s/clickdown.wav
%s/clickdown.wav
%s/clickup.wav
%s/clickup.wav
nnen Sie die Codierung Ihres Videos individuell anpassen. Bedenken Sie haupts
nnen Sie die Codierung Ihres Videos individuell anpassen. Bedenken Sie haupts
Passt Gr
Passt Gr
e des Ausgabevideos anzupassen (d.h. Aufl
e des Ausgabevideos anzupassen (d.h. Aufl
Falsche Video-Bitrate festgelegt, muss von %d bis %d sein
Falsche Video-Bitrate festgelegt, muss von %d bis %d sein
%d Hz, %lu kbps, %s
%d Hz, %lu kbps, %s
%d Hz, %s
%d Hz, %s
BWindows Media Video 9 Screen
BWindows Media Video 9 Screen
Falsche Video-Bitrate angegeben, muss von 24 bis %d sein
Falsche Video-Bitrate angegeben, muss von 24 bis %d sein
K.wff
K.wff
@device:sw:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\ffdshow video encoder
@device:sw:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\ffdshow video encoder
WindowsMedia_Format
WindowsMedia_Format
WindowsMedia_VideoCodec
WindowsMedia_VideoCodec
WindowsMedia_SoundCodecIndex
WindowsMedia_SoundCodecIndex
WindowsMedia_SoundFormatIndex
WindowsMedia_SoundFormatIndex
VOB_TwoPass
VOB_TwoPass
%s_AVI
%s_AVI
@device:sw:{860BB310-5D01-11D0-BD3B-00A0C911CE86}\{00CADAC6-7EA1-418B-8DDD-DF8510030101}
@device:sw:{860BB310-5D01-11D0-BD3B-00A0C911CE86}\{00CADAC6-7EA1-418B-8DDD-DF8510030101}
Nmsvfw32.dll
Nmsvfw32.dll
e.cfg
e.cfg
Sie haben %s den Zugriff auf Ihr Facebook-Konto nicht erteilt.
Sie haben %s den Zugriff auf Ihr Facebook-Konto nicht erteilt.
hrend dem Uploadvorgang %s evtl. mehrere Male erneut autorisieren, wenn Sie nur tempor
hrend dem Uploadvorgang %s evtl. mehrere Male erneut autorisieren, wenn Sie nur tempor
ExportDialog
ExportDialog
ltiger API-Key f
ltiger API-Key f
api_key
api_key
api.flickr.com
api.flickr.com
Portable_Preset
Portable_Preset
Portable_FilePath
Portable_FilePath
Youtube_Password
Youtube_Password
Youtube_Keywords
Youtube_Keywords
Passwort notwendig.
Passwort notwendig.
Stichwort ist zu kurz: %s
Stichwort ist zu kurz: %s
Stichwort ist zu lang: '%s'
Stichwort ist zu lang: '%s'
YouTube Passwort:
YouTube Passwort:
hXXp://ffmpeg.org
hXXp://ffmpeg.org
avutil-52.nch.dll
avutil-52.nch.dll
swscale-2.nch.dll
swscale-2.nch.dll
avcodec-54.nch.dll
avcodec-54.nch.dll
avformat-54.nch.dll
avformat-54.nch.dll
swresample-0.nch.dll
swresample-0.nch.dll
t.wpp
t.wpp
.divx
.divx
.mjpeg
.mjpeg
.mpeg
.mpeg
.rmvb
.rmvb
.webm
.webm
.xvid
.xvid
E%s:%s
E%s:%s
Kann Antwort nicht verstehen: %s
Kann Antwort nicht verstehen: %s
Server hat ein Problem %d: %s
Server hat ein Problem %d: %s
Server hat kein Bild, aber stattdessen eine Webseite genannt.
Server hat kein Bild, aber stattdessen eine Webseite genannt.
Server zeigt Format an, welches nicht verstanden wird. %s
Server zeigt Format an, welches nicht verstanden wird. %s
Webserver reagiert nicht.
Webserver reagiert nicht.
Webserver hat Frame ausgegeben, der nicht entschl
Webserver hat Frame ausgegeben, der nicht entschl
Konnte nicht von Webserver lesen
Konnte nicht von Webserver lesen
.clpi
.clpi
Jeden Tag %s
Jeden Tag %s
%s, %s
%s, %s
%s (n
%s (n
%s (gleicher Tage)
%s (gleicher Tage)
K%s/clickraw.png
K%s/clickraw.png
Momentaufnahme %d
Momentaufnahme %d
"%s" - -
"%s" - -
"%s" -s %d -d -w -
"%s" -s %d -d -w -
FAAD2 AAC/HE-AAC/HE-AACv2/DRM decoder (c) Nero AG, VVV.nero.com
FAAD2 AAC/HE-AAC/HE-AACv2/DRM decoder (c) Nero AG, VVV.nero.com
"%s" -o raw
"%s" -o raw
Copyright (C) 2000-2002 Michel Lespinasse
Copyright (C) 2000-2002 Michel Lespinasse
Copyright (C) 1999-2000 Aaron Holtzman
Copyright (C) 1999-2000 Aaron Holtzman
r diese Komponente finden Sie auf: hXXp://VVV.opensource.org/licenses/lgpl-license.php
r diese Komponente finden Sie auf: hXXp://VVV.opensource.org/licenses/lgpl-license.php
"%s" %s - -
"%s" %s - -
"%s" -C %d -R %d -b %d
"%s" -C %d -R %d -b %d
"%s" -r
"%s" -r
-b %d --cbr --nores --nchvideo - -
-b %d --cbr --nores --nchvideo - -
Geplante_Aufnahme_%s
Geplante_Aufnahme_%s
Die Aufnahme "%s" ist zu lang. Sie muss k
Die Aufnahme "%s" ist zu lang. Sie muss k
Diese Aufnahme hat Start- oder Endzeiten, welche mit der Aufnahme "%s"
Diese Aufnahme hat Start- oder Endzeiten, welche mit der Aufnahme "%s"
nger als die maximal erlaubte Aufnahmedauer (Optionen->Aufnahme->Maximale Aufnahmedauer begrenzen). Die Aufnahme wird nach %s angehalten. M
nger als die maximal erlaubte Aufnahmedauer (Optionen->Aufnahme->Maximale Aufnahmedauer begrenzen). Die Aufnahme wird nach %s angehalten. M
%u:%.2u:%.2u.%.3u
%u:%.2u:%.2u.%.3u
%u:%.2u:%.2u
%u:%.2u:%.2u
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\iyuv
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\iyuv
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\i420
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\i420
Farbeinstellungen vom Video anpassen, indem Sie die Schieber nach links/rechts ziehen. Sie k
Farbeinstellungen vom Video anpassen, indem Sie die Schieber nach links/rechts ziehen. Sie k
Oddraw.dll
Oddraw.dll
@device:sw:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\DV Video Encoder
@device:sw:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\DV Video Encoder
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\ffds
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\ffds
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\mrle
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\mrle
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\m261
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\m261
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\m263
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\m263
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\fps1
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\fps1
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yv12
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yv12
%s (i420)
%s (i420)
%s (iyuv)
%s (iyuv)
%d Hz, %d Bit, %s
%d Hz, %d Bit, %s
Windows Media Audio V1
Windows Media Audio V1
Windows Media Audio V2
Windows Media Audio V2
ACELP.net
ACELP.net
T.spx
T.spx
"%s" "%s" "%s" -d
"%s" "%s" "%s" -d
"%s" -x "%s" "%s"
"%s" -x "%s" "%s"
"%s" -d -o "%s" -F "%s"
"%s" -d -o "%s" -F "%s"
"%s" -o "%s" "%s"
"%s" -o "%s" "%s"
"%s" -d -o "%s" "%s"
"%s" -d -o "%s" "%s"
"%s" "%s" "%s"
"%s" "%s" "%s"
.flac
.flac
SYSTEM\CurrentControlSet\Services\%s
SYSTEM\CurrentControlSet\Services\%s
hren. Wenn das Problem weiterhin auftritt, kontaktieren Sie bitte den NCH Software Support.
hren. Wenn das Problem weiterhin auftritt, kontaktieren Sie bitte den NCH Software Support.
en Sie alle Programme und versuchen es erneut. Wenn das Problem weiterhin auftritt, kontaktieren Sie bitte den NCH Software Support.
en Sie alle Programme und versuchen es erneut. Wenn das Problem weiterhin auftritt, kontaktieren Sie bitte den NCH Software Support.
hXXp://VVV.mp3dev.org
hXXp://VVV.mp3dev.org
%d:%.2d:%.2d
%d:%.2d:%.2d
.wavpcm
.wavpcm
.sndt
.sndt
.sndr
.sndr
.vorbis
.vorbis
.nist
.nist
.maud
.maud
.mat5
.mat5
.mat4
.mat4
.lpc10
.lpc10
.ircam
.ircam
.hcom
.hcom
.gsrt
.gsrt
.fssd
.fssd
.dvms
.dvms
.cvsd
.cvsd
.cdda
.cdda
.amr-wb
.amr-wb
.amr-nb
.amr-nb
Speex ACM Codec xiph.org
Speex ACM Codec xiph.org
(unverified) For the Record - hXXp://VVV.fortherecord.com
(unverified) For the Record - hXXp://VVV.fortherecord.com
Aureal Semiconductor RAW SPORT
Aureal Semiconductor RAW SPORT
Windows Media Audio Lossless V9
Windows Media Audio Lossless V9
Windows Media Audio Professional V9
Windows Media Audio Professional V9
Windows Media Audio V2 V7 V8 V9 / DivX audio (WMA) / Alex AC3 Audio
Windows Media Audio V2 V7 V8 V9 / DivX audio (WMA) / Alex AC3 Audio
Windows Media Audio V1 / DivX audio (WMA)
Windows Media Audio V1 / DivX audio (WMA)
Sipro Lab Telecom ACELP.KELVIN
Sipro Lab Telecom ACELP.KELVIN
Sipro Lab Telecom ACELP.net
Sipro Lab Telecom ACELP.net
Microsoft Windows Media, RT Voice
Microsoft Windows Media, RT Voice
Compaq Computer VSELP (codec for Windows CE 2.0 devices)
Compaq Computer VSELP (codec for Windows CE 2.0 devices)
%Program Files% (x86)\NCH Software\Debut
%Program Files% (x86)\NCH Software\Debut
C.diV@
C.diV@
,|F.hJYam;
,|F.hJYam;
.MHCQH
.MHCQH
:] %U
:] %U
%UNdv
%UNdv
SMTP verwenden, um E-Mail direkt zum Mailserver zu senden
SMTP verwenden, um E-Mail direkt zum Mailserver zu senden
SMTP-Mailhost:
SMTP-Mailhost:
Passwort:
Passwort:
Direkt an andere Seite senden (als eigener SMTP-Server fungieren)
Direkt an andere Seite senden (als eigener SMTP-Server fungieren)
Eine komplette Liste unserer Produkte finden Sie auf unserer unten stehenden Webseite. Dort finden Sie ggf. ein anderes Produkt, das sich besser f
Eine komplette Liste unserer Produkte finden Sie auf unserer unten stehenden Webseite. Dort finden Sie ggf. ein anderes Produkt, das sich besser f
e anpassen
e anpassen
Proportionen beschr
Proportionen beschr
&ID - Key:
&ID - Key:
e anpassen:
e anpassen:
SMTP verwenden, um E-Mails direkt an den E-Mail-Server zu versenden
SMTP verwenden, um E-Mails direkt an den E-Mail-Server zu versenden
WebM-Encodereinstellungen
WebM-Encodereinstellungen
Zwei-Pass-Codierung
Zwei-Pass-Codierung
Encodereinstellungen von Windows Media
Encodereinstellungen von Windows Media
Bitrate automatisch kalkulieren, damit Ihr Video auf eine DVD passt
Bitrate automatisch kalkulieren, damit Ihr Video auf eine DVD passt
Dieses Programm erfordert Ihre Autorisierung bevor es Ihre Fotos auf Flickr lesen oder hochladen kann. Flickr-Webseite muss verwendet werden, um dieses Programm zu autorisieren.
Dieses Programm erfordert Ihre Autorisierung bevor es Ihre Fotos auf Flickr lesen oder hochladen kann. Flickr-Webseite muss verwendet werden, um dieses Programm zu autorisieren.
Webcam / Aufnahmeger
Webcam / Aufnahmeger
hren (erweiterte Option, %file% als Dateipfad verwenden)
hren (erweiterte Option, %file% als Dateipfad verwenden)