Alt 25.11.2016, 17:56   #31
/// Malwareteam
Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig - Standard

Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

HKLM-x32\...\Run: [NWEReboot] => [X]
HKU\S-1-5-21-2689304980-1437917653-2625238874-1004\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-2689304980-1437917653-2625238874-1004\...\Policies\Explorer: [DisallowRun] 1
Task: {23A16D14-176B-4DF8-820A-094B90F7DEA6} - System32\Tasks\{0175D3FF-9509-45F5-96B5-BA0C2EB648D0} => pcalua.exe -a C:\Users\RONALD~1\AppData\Local\Temp\jre-8u60-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ACHTUNG
CustomCLSID: HKU\S-1-5-21-2689304980-1437917653-2625238874-1004_Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}\InprocServer32 -> %LOCALAPPDATA%\Pokki\ocdeskband_0.dll => Keine Datei

C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlipso-qlipso-silent-us.exe


C:\Users\Ronald Brauer\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

C:\Users\Ronald Brauer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FO0F26YQ\stubinst_pkg_de[1].cab

C:\Users\Ronald Brauer\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.05\agent\stub_data\stubinst_pkg_de.cab

C:\Users\Ronald Brauer\Desktop\Downloads alt\aGlotze-lnstall.exe

C:\Users\Ronald Brauer\Desktop\Downloads alt\JDownloader2Setup.exe

C:\Users\Ronald Brauer\Desktop\Downloads alt\Nero-lnstall.exe

C:\Users\Ronald Brauer\Desktop\Installer\HyperCam-lnstall.exe

C:\Users\Ronald Brauer\Desktop\Installer\streamtransport_setup.exe

C:\Users\Ronald Brauer\Desktop\Ron\Neue Downloads\setup_chrispc_free_videotube_downloader_8_15.exe

C:\Users\Ronald Brauer\Desktop\Ron\Neue Downloads\streamtransportsetup_25412.exe

C:\Users\Ronald Brauer\Documents\Downloads\asc4-setup-softonic1.exe

C:\Users\Ronald Brauer\Downloads\ashampoo_burning_studio_6_free_6.80_3639.exe

C:\Users\Ronald Brauer\Downloads\FFSetup3.5.1.exe

C:\Users\Ronald Brauer\Downloads\Free PDF to Word Doc Converter - CHIP-Downloader.exe

C:\Users\Ronald Brauer\Downloads\FreeStudio.exe

C:\Users\Ronald Brauer\Downloads\FreeYouTubeDownload21030.exe

C:\Users\Ronald Brauer\Downloads\FreeYouTubeToMp3Converter.exe

C:\Users\Ronald Brauer\Downloads\FreeYouTubeToMP3Converter32.exe

C:\Users\Ronald Brauer\Downloads\Nero_MediaHome_setup-16-8c_softonic_free.exe

C:\Users\Ronald Brauer\Downloads\prismsetup.exe

C:\Users\Ronald Brauer\Downloads\streamtransportsetup_25412.exe

C:\Users\Ronald Brauer\Downloads\Bewerbung wurde erfolgreich eingetragen-Dateien\default_adapter.js

C:\Users\Ronald Brauer\Downloads\Bewerbung wurde erfolgreich eingetragen-Dateien\minibar.js

C:\Users\Ronald Brauer\Downloads\Bewerbung wurde erfolgreich eingetragen-Dateien\minibar_002.js

C:\Users\Ronald Brauer\Downloads\Bewerbung wurde erfolgreich eingetragen-Dateien\minibar_003.js


Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Alt 25.11.2016, 23:51   #32
Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig - Standard

Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig

Meine Güte !!! ;-)) was Du Dir so ausdenkst!
Hier das Ergebnis:
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-11-2016
durchgeführt von Ronald Brauer (25-11-2016 23:37:40) Run:2
Gestartet von C:\Users\Ronald Brauer\Desktop
Geladene Profile: Ronald Brauer (Verfügbare Profile: Alternate & Ronald Brauer)
Start-Modus: Normal

fixlist Inhalt:
HKLM-x32\...\Run: [NWEReboot] => [X]
HKU\S-1-5-21-2689304980-1437917653-2625238874-1004\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-2689304980-1437917653-2625238874-1004\...\Policies\Explorer: [DisallowRun] 1
Task: {23A16D14-176B-4DF8-820A-094B90F7DEA6} - System32\Tasks\{0175D3FF-9509-45F5-96B5-BA0C2EB648D0} => pcalua.exe -a C:\Users\RONALD~1\AppData\Local\Temp\jre-8u60-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ACHTUNG
CustomCLSID: HKU\S-1-5-21-2689304980-1437917653-2625238874-1004_Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}\InprocServer32 -> %LOCALAPPDATA%\Pokki\ocdeskband_0.dll => Keine Datei

C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlipso-qlipso-silent-us.exe


C:\Users\Ronald Brauer\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

C:\Users\Ronald Brauer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FO0F26YQ\stubinst_pkg_de[1].cab

C:\Users\Ronald Brauer\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.05\agent\stub_data\stubinst_pkg_de.cab

C:\Users\Ronald Brauer\Desktop\Downloads alt\aGlotze-lnstall.exe

C:\Users\Ronald Brauer\Desktop\Downloads alt\JDownloader2Setup.exe

C:\Users\Ronald Brauer\Desktop\Downloads alt\Nero-lnstall.exe

C:\Users\Ronald Brauer\Desktop\Installer\HyperCam-lnstall.exe

C:\Users\Ronald Brauer\Desktop\Installer\streamtransport_setup.exe

C:\Users\Ronald Brauer\Desktop\Ron\Neue Downloads\setup_chrispc_free_videotube_downloader_8_15.exe

C:\Users\Ronald Brauer\Desktop\Ron\Neue Downloads\streamtransportsetup_25412.exe

C:\Users\Ronald Brauer\Documents\Downloads\asc4-setup-softonic1.exe

C:\Users\Ronald Brauer\Downloads\ashampoo_burning_studio_6_free_6.80_3639.exe

C:\Users\Ronald Brauer\Downloads\FFSetup3.5.1.exe

C:\Users\Ronald Brauer\Downloads\Free PDF to Word Doc Converter - CHIP-Downloader.exe

C:\Users\Ronald Brauer\Downloads\FreeStudio.exe

C:\Users\Ronald Brauer\Downloads\FreeYouTubeDownload21030.exe

C:\Users\Ronald Brauer\Downloads\FreeYouTubeToMp3Converter.exe

C:\Users\Ronald Brauer\Downloads\FreeYouTubeToMP3Converter32.exe

C:\Users\Ronald Brauer\Downloads\Nero_MediaHome_setup-16-8c_softonic_free.exe

C:\Users\Ronald Brauer\Downloads\prismsetup.exe

C:\Users\Ronald Brauer\Downloads\streamtransportsetup_25412.exe

C:\Users\Ronald Brauer\Downloads\Bewerbung wurde erfolgreich eingetragen-Dateien\default_adapter.js

C:\Users\Ronald Brauer\Downloads\Bewerbung wurde erfolgreich eingetragen-Dateien\minibar.js

C:\Users\Ronald Brauer\Downloads\Bewerbung wurde erfolgreich eingetragen-Dateien\minibar_002.js

C:\Users\Ronald Brauer\Downloads\Bewerbung wurde erfolgreich eingetragen-Dateien\minibar_003.js


HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NWEReboot => Wert erfolgreich entfernt
HKU\S-1-5-21-2689304980-1437917653-2625238874-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDriveTypeAutoRun => Wert erfolgreich entfernt
HKU\S-1-5-21-2689304980-1437917653-2625238874-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun => Wert erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23A16D14-176B-4DF8-820A-094B90F7DEA6}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23A16D14-176B-4DF8-820A-094B90F7DEA6}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{0175D3FF-9509-45F5-96B5-BA0C2EB648D0} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0175D3FF-9509-45F5-96B5-BA0C2EB648D0}" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-2689304980-1437917653-2625238874-1004_Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}" => Schlüssel erfolgreich entfernt
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlipso-qlipso-silent-us.exe => erfolgreich verschoben
C:\Users\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll => erfolgreich verschoben
C:\Users\Ronald Brauer\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj => erfolgreich verschoben
C:\Users\Ronald Brauer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FO0F26YQ\stubinst_pkg_de[1].cab => erfolgreich verschoben
C:\Users\Ronald Brauer\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.05\agent\stub_data\stubinst_pkg_de.cab => erfolgreich verschoben
C:\Users\Ronald Brauer\Desktop\Downloads alt\aGlotze-lnstall.exe => erfolgreich verschoben
C:\Users\Ronald Brauer\Desktop\Downloads alt\JDownloader2Setup.exe => erfolgreich verschoben
C:\Users\Ronald Brauer\Desktop\Downloads alt\Nero-lnstall.exe => erfolgreich verschoben
C:\Users\Ronald Brauer\Desktop\Installer\HyperCam-lnstall.exe => erfolgreich verschoben
C:\Users\Ronald Brauer\Desktop\Installer\streamtransport_setup.exe => erfolgreich verschoben
C:\Users\Ronald Brauer\Desktop\Ron\Neue Downloads\setup_chrispc_free_videotube_downloader_8_15.exe => erfolgreich verschoben
C:\Users\Ronald Brauer\Desktop\Ron\Neue Downloads\streamtransportsetup_25412.exe => erfolgreich verschoben
C:\Users\Ronald Brauer\Documents\Downloads\asc4-setup-softonic1.exe => erfolgreich verschoben
C:\Users\Ronald Brauer\Downloads\ashampoo_burning_studio_6_free_6.80_3639.exe => erfolgreich verschoben
C:\Users\Ronald Brauer\Downloads\FFSetup3.5.1.exe => erfolgreich verschoben
C:\Users\Ronald Brauer\Downloads\Free PDF to Word Doc Converter - CHIP-Downloader.exe => erfolgreich verschoben
C:\Users\Ronald Brauer\Downloads\FreeStudio.exe => erfolgreich verschoben
C:\Users\Ronald Brauer\Downloads\FreeYouTubeDownload21030.exe => erfolgreich verschoben
C:\Users\Ronald Brauer\Downloads\FreeYouTubeToMp3Converter.exe => erfolgreich verschoben
C:\Users\Ronald Brauer\Downloads\FreeYouTubeToMP3Converter32.exe => erfolgreich verschoben
C:\Users\Ronald Brauer\Downloads\Nero_MediaHome_setup-16-8c_softonic_free.exe => erfolgreich verschoben
C:\Users\Ronald Brauer\Downloads\prismsetup.exe => erfolgreich verschoben
C:\Users\Ronald Brauer\Downloads\streamtransportsetup_25412.exe => erfolgreich verschoben
C:\Users\Ronald Brauer\Downloads\Bewerbung wurde erfolgreich eingetragen-Dateien\default_adapter.js => erfolgreich verschoben
C:\Users\Ronald Brauer\Downloads\Bewerbung wurde erfolgreich eingetragen-Dateien\minibar.js => erfolgreich verschoben
C:\Users\Ronald Brauer\Downloads\Bewerbung wurde erfolgreich eingetragen-Dateien\minibar_002.js => erfolgreich verschoben
C:\Users\Ronald Brauer\Downloads\Bewerbung wurde erfolgreich eingetragen-Dateien\minibar_003.js => erfolgreich verschoben

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30627628 B
Java, Flash, Steam htmlcache => 39680685 B
Windows/system/drivers => 74814577 B
Edge => 0 B
Chrome => 50836553 B
Firefox => 65102397 B
Opera => 68304802 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 12980 B
LocalService => 0 B
NetworkService => 2005332 B
test => 0 B
Alternate => 0 B
Ronald Brauer => 295024521 B
fbwuser => 0 B

RecycleBin => 0 B
EmptyTemp: => 605.4 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 23:38:31 ====

Alt 28.11.2016, 16:10   #33
/// Malwareteam
Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig - Standard

Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig

Hast du noch irgendwelche Probleme mit deinem Rechner?

Normal wären wir fast fertig, aber da dein FRST nie gescheit geht, nutzen wir kurz einen Überblick mit einem anderen Tool noch:

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Alt 28.11.2016, 16:58   #34
Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig - Standard

Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig

Fast fertig klingt gut!
Zur Zeit habe ich keine Probleme mit dem PC, aber ich hab da noch 3 Fragen:
1.) Früher hat FRST funktioniert, warum jetzt nicht - evtl. ein FRST-Verhinderer-Virus?
2.) Mein Problem war ja die javaws.exe - Datei! Nach dem Deinstallieren von Java war das Problem erstmal weg. Aber da ich Java benötige: Taucht das Problem dann wieder auf?
3.) Ich habe Kaspersky deinstallier. Wie krieg ich es wieder?
Hier die angeforderten log-Dateien:
OTL logfile created on: 28.11.2016 16:30:41 - Run 1
OTL by OldTimer - Version     Folder = C:\Users\Ronald Brauer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18524)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 41,69% Memory free
7,93 Gb Paging File | 5,04 Gb Available in Paging File | 63,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 125,46 Gb Free Space | 21,04% Space Free | Partition Type: NTFS
Computer Name: RONALDARNO-PC | User Name: Ronald Brauer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Ronald Brauer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
PRC - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe ()
PRC - C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes)
PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes)
PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes)
PRC - C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe ()
PRC - C:\Program Files (x86)\Audials\Audials 12\AudialsNotifier.exe ()
PRC - C:\Program Files (x86)\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\dradio-Recorder\phonostar.exe (phonostar)
PRC - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe ()
PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
PRC - C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe (Sonix Technology Co., Ltd.)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Windows\vsnp2uvc.exe (Sonix)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\7a088fde14f3460d7d9d1e2e82c38b7e\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7b018c575afd61aad9d3d41b8dc7493c\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\88f6b5cc67a2c0706fe69363b54896da\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\90fea095821aa9078526989e41d80453\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\c8cabfd0f8f57bd1e60352a6a9d76f7a\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\94faed00766279b97a2dc10751ec67d3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\495bfc0a630cfade1bf12c348dfcf200\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3857e3b9565b1793e6c765e9a9d22e7f\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\126601833ad2cca08c64b55b21c1eb3f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\5ec5502d84cbd3b60ae74dbec13c3255\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\6683f014808596eebc3479cb91ecb183\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\28fa249c86a588f177f4d8096fd38a34\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d93be7426927e96be9d0a9f0be9c843f\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll ()
MOD - c:\program files (x86)\real\realplayer\RPDS\Tools\ffmpeg\mediautil.dll ()
MOD - c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll ()
MOD - C:\program files (x86)\real\realplayer\RealDownloader\dtvhooks.dll ()
MOD - C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe ()
MOD - C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe ()
MOD - C:\Program Files (x86)\Audials\Audials 12\StreamingClient.dll ()
MOD - C:\Program Files (x86)\Audials\Audials 12\SQLite3.dll ()
MOD - C:\Program Files (x86)\Audials\Audials 12\CrashRpt.dll ()
MOD - C:\Program Files (x86)\Audials\Audials 12\CrashHandlerNET.dll ()
MOD - C:\Program Files (x86)\Audials\Audials 12\boost_regex-vc90-mt-1_39.dll ()
MOD - C:\Program Files (x86)\Audials\Audials 12\boost_thread-vc90-mt-1_39.dll ()
MOD - C:\Program Files (x86)\Audials\Audials 12\boost_date_time-vc90-mt-1_39.dll ()
MOD - C:\Program Files (x86)\Audials\Audials 12\boost_system-vc90-mt-1_39.dll ()
MOD - C:\Program Files (x86)\Audials\Audials 12\AudialsNotifier.exe ()
MOD - C:\Program Files (x86)\Privoxy\mgwz.dll ()
MOD - C:\Program Files (x86)\FFsplit\Filters\FFsource.ax ()
MOD - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe ()
========== Services (SafeList) ==========
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PlaysService) -- C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe (Plays.tv, LLC)
SRV - (RealTimes Desktop Service) -- c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
SRV - (HitmanProScheduler) -- C:\Programme\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV - (RealPlayerUpdateSvc) -- C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (IGDCTRL) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RrNetCapFilterDriver) -- C:\Windows\SysNative\drivers\RrNetCapFilterDriver.sys (Audials AG)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (StarPortLite) -- C:\Windows\SysNative\drivers\StarPortLite.sys (StarWind Software)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (PStrip64) -- C:\Windows\SysNative\drivers\pstrip64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4F 51 D2 81 92 0C D0 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{C130F831-D2AA-4A22-BD8D-F89F2A705E4A}: "URL" = https://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?btnG=Google+Search&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com"
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?btnG=Google+Search&q="
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update.interval: 31536000
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version= c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version= c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll File not found
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar-Player: C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 48.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2016.06.11 07:21:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 48.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2016.10.13 14:08:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\BingSearchExtension: removed
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\DSE: true
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\Market: de-de
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\Package: DefaultPack
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\OSVersion: 6.1.7601.1
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\LVersion:
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\MFVersion: MF38.0.5 (x86 de)
[2014.05.13 20:02:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\Extensions
[2015.03.03 19:09:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\Firefox\Profiles\6i1k08cm.default-1412936889191\extensions
[2014.11.08 09:18:56 | 000,000,000 | ---D | M] (Amazon-Icon) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\Firefox\Profiles\6i1k08cm.default-1412936889191\extensions\amazon-icon@giga.de
[2014.11.08 09:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\Firefox\Profiles\6i1k08cm.default-1412936889191\extensions\staged
[2014.10.10 22:04:36 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\Firefox\Profiles\6i1k08cm.default-1412936889191\extensions\toolbar@web.de
[2014.11.08 09:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions
[2013.12.19 19:40:53 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{45d8ff86-d909-11db-9705-005056c00008}
[2014.09.25 08:09:19 | 000,000,000 | ---D | M] (Amazon-Icon) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\amazon-icon@giga.de
[2013.12.19 19:40:54 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\https-everywhere@eff.org
[2016.11.16 20:05:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\staged
[2015.06.11 09:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\Firefox\Profiles\w8mqfutb.default-1413719908419\extension-data
[2015.06.10 09:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\Firefox\Profiles\w8mqfutb.default-1413719908419\extension-data\youtubeunblocker__web@unblocker.yt
[2016.11.23 08:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\Firefox\Profiles\w8mqfutb.default-1413719908419\extensions
[2015.03.01 16:10:56 | 000,038,626 | ---- | M] () (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\firefox\profiles\6i1k08cm.default-1412936889191\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi
[2014.10.10 12:39:06 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\firefox\profiles\6i1k08cm.default-1412936889191\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.08.06 14:09:48 | 000,142,907 | ---- | M] () (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\unplug@compunach.xpi
[2013.11.08 11:40:28 | 000,716,686 | ---- | M] () (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi
[2013.10.28 13:16:32 | 000,534,765 | ---- | M] () (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.10.28 13:14:52 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.10.28 13:16:32 | 000,049,167 | ---- | M] () (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi
[2013.12.19 20:00:21 | 000,744,784 | ---- | M] () (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\staged\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi
[2013.12.19 20:00:20 | 000,535,138 | ---- | M] () (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.12.19 20:00:21 | 000,062,110 | ---- | M] () (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\staged\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi
[2016.08.16 21:59:21 | 000,021,735 | ---- | M] () (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\firefox\profiles\w8mqfutb.default-1413719908419\extensions\info@virustotal.com.xpi
[2016.04.27 18:35:36 | 000,101,486 | ---- | M] () (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\firefox\profiles\w8mqfutb.default-1413719908419\extensions\jocly@jetpack.xpi
[2016.03.19 17:29:19 | 000,559,490 | ---- | M] () (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\firefox\profiles\w8mqfutb.default-1413719908419\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2016.11.23 08:11:34 | 000,554,552 | ---- | M] () (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\firefox\profiles\w8mqfutb.default-1413719908419\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2016.10.11 08:08:28 | 000,734,889 | ---- | M] () (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\firefox\profiles\w8mqfutb.default-1413719908419\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
[2016.04.27 18:35:41 | 000,529,551 | ---- | M] () (No name found) -- C:\Users\Ronald Brauer\AppData\Roaming\mozilla\firefox\profiles\w8mqfutb.default-1413719908419\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2015.06.16 06:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2015.06.16 06:53:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2016.11.16 18:27:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2016.09.11 22:41:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2016.09.18 12:44:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2016.09.18 12:44:30 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\browser-mailcheck@web.de
[2010.12.12 09:02:15 | 000,151,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppl3260 (2).dll
========== Chrome  ==========
CHR - Extension: No name found = C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\caeaobpemokdfnidgaebncaooofnbfha\1.1_0\
CHR - Extension: No name found = C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\
CHR - Extension: No name found = C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfniaofdifgjfhcddboichcpdallcgjp\1.0.7_0\
CHR - Extension: No name found = C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\\
CHR - Extension: No name found = C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\1.1_0\
CHR - Extension: No name found = C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\
O1 HOSTS File: ([2016.03.03 23:24:24 | 000,449,990 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts:	www.007guard.com
O1 - Hosts:	007guard.com
O1 - Hosts:	008i.com
O1 - Hosts:	www.008k.com
O1 - Hosts:	008k.com
O1 - Hosts:	www.00hq.com
O1 - Hosts:	00hq.com
O1 - Hosts:	010402.com
O1 - Hosts:	www.032439.com
O1 - Hosts:	032439.com
O1 - Hosts:	www.0scan.com
O1 - Hosts:	0scan.com
O1 - Hosts:	1000gratisproben.com
O1 - Hosts:	www.1000gratisproben.com
O1 - Hosts:	1001namen.com
O1 - Hosts:	www.1001namen.com
O1 - Hosts:	100888290cs.com
O1 - Hosts:	www.100888290cs.com
O1 - Hosts:	www.100sexlinks.com
O1 - Hosts:	100sexlinks.com
O1 - Hosts:	10sek.com
O1 - Hosts:	www.10sek.com
O1 - Hosts:	www.1-2005-search.com
O1 - Hosts:	1-2005-search.com
O1 - Hosts:	123fporn.info
O1 - Hosts: 15475 more lines...
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DelaypluginInstall] C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe File not found
O4 - HKLM..\Run: [RealDownloader] C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe ()
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnp2uvc] C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe (Sonix Technology Co., Ltd.)
O4 - HKCU..\Run: [AudialsNotifier] C:\Program Files (x86)\Audials\Audials 12\AudialsNotifier.exe ()
O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe ()
O4 - HKCU..\Run: [phonostar-PlayerTimer] C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe ()
O4 - Startup: C:\Users\Ronald Brauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Video und DVD - Verknüpfung.lnk = C:\Users\Ronald Brauer\Desktop\Lotus-Kopien\Video und DVD [2016.11.28 09:01:58 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Amazon! - {c0e8ae32-0758-4c8d-ab71-23b361fe8964} - C:\Users\RONALD~1\AppData\Local\Temp\ie_script_fwde.htm File not found
O9 - Extra 'Tools' menuitem : Amazon! - {c0e8ae32-0758-4c8d-ab71-23b361fe8964} - C:\Users\RONALD~1\AppData\Local\Temp\ie_script_fwde.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D3E1A21-93E8-4F97-91A4-28D48EBD8FFC}: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84EE55D2-B916-4ED1-9B84-E41BB1628BBE}: DhcpNameServer =
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\WSWSVCUchrome - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\WSWSVCUchrome - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014.02.12 20:38:26 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2016.11.28 16:29:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ronald Brauer\Desktop\OTL.exe
[2016.11.24 08:19:07 | 002,412,032 | ---- | C] (Farbar) -- C:\Users\Ronald Brauer\Desktop\FRST64.exe
[2016.11.23 18:22:37 | 002,870,984 | ---- | C] (ESET) -- C:\Users\Ronald Brauer\Desktop\esetsmartinstaller_deu.exe
[2016.11.22 08:57:49 | 000,000,000 | ---D | C] -- C:\Users\Ronald Brauer\AppData\Roaming\JAM Software
[2016.11.22 08:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
[2016.11.22 08:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAM Software
[2016.11.21 21:32:55 | 000,000,000 | ---D | C] -- C:\Users\Ronald Brauer\Desktop\FRST-OlderVersion
[2016.11.21 19:41:44 | 022,851,472 | ---- | C] (Malwarebytes                                                ) -- C:\Users\Ronald Brauer\Desktop\mbam-setup-
[2016.11.21 19:34:44 | 004,747,704 | ---- | C] (AO Kaspersky Lab) -- C:\Users\Ronald Brauer\Desktop\tdsskiller.exe
[2016.11.18 17:24:49 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\7E24010D.sys
[2016.11.16 20:19:59 | 000,000,000 | ---D | C] -- C:\Users\Ronald Brauer\Desktop\Neuer Ordner
[2016.11.11 17:09:24 | 000,000,000 | ---D | C] -- C:\Users\Ronald Brauer\Desktop\Unsortiert
[2016.11.10 16:29:38 | 000,000,000 | ---D | C] -- C:\Users\Ronald Brauer\Start Menu
[2016.11.10 09:28:08 | 000,429,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2016.11.10 09:28:07 | 007,077,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2016.11.10 09:28:07 | 006,131,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2016.11.10 09:28:07 | 001,057,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2016.11.10 09:28:07 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2016.11.10 09:28:07 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2016.11.10 09:28:07 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2016.11.10 09:27:59 | 006,047,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2016.11.10 09:27:58 | 005,547,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2016.11.10 09:27:58 | 001,732,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2016.11.10 09:27:58 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2016.11.10 09:27:58 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2016.11.10 09:27:58 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2016.11.10 09:27:58 | 000,706,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2016.11.10 09:27:58 | 000,631,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2016.11.10 09:27:58 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2016.11.10 09:27:58 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2016.11.10 09:27:57 | 003,944,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2016.11.10 09:27:57 | 002,055,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2016.11.10 09:27:57 | 000,382,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2016.11.10 09:27:56 | 004,000,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2016.11.10 09:27:56 | 002,131,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2016.11.10 09:27:53 | 001,148,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10.IME
[2016.11.10 09:27:53 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2016.11.10 09:27:53 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2016.11.10 09:27:53 | 000,806,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2016.11.10 09:27:53 | 000,725,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2016.11.10 09:27:53 | 000,308,456 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2016.11.10 09:27:53 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tintlgnt.ime
[2016.11.10 09:27:53 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quick.ime
[2016.11.10 09:27:53 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qintlgnt.ime
[2016.11.10 09:27:53 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\phon.ime
[2016.11.10 09:27:53 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cintlgnt.ime
[2016.11.10 09:27:53 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\chajei.ime
[2016.11.10 09:27:53 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pintlgnt.ime
[2016.11.10 09:27:53 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tintlgnt.ime
[2016.11.10 09:27:53 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cintlgnt.ime
[2016.11.10 09:27:53 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pintlgnt.ime
[2016.11.10 09:27:52 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10.IME
[2016.11.10 09:27:52 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2016.11.10 09:27:52 | 000,877,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2016.11.10 09:27:52 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2016.11.10 09:27:52 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2016.11.10 09:27:52 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2016.11.10 09:27:52 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imkr80.ime
[2016.11.10 09:27:52 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imkr80.ime
[2016.11.10 09:27:52 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2016.11.10 09:27:52 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2016.11.10 09:27:52 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\input.dll
[2016.11.10 09:27:52 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
[2016.11.10 09:27:52 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2016.11.10 09:27:52 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2016.11.10 09:27:52 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quick.ime
[2016.11.10 09:27:52 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qintlgnt.ime
[2016.11.10 09:27:52 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\phon.ime
[2016.11.10 09:27:52 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chajei.ime
[2016.11.10 09:27:52 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2016.11.10 09:27:52 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2016.11.10 09:27:52 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2016.11.10 09:27:51 | 001,212,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2016.11.10 09:27:51 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2016.11.10 09:27:51 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2016.11.10 09:27:51 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2016.11.10 09:27:51 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2016.11.10 09:27:51 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2016.11.10 09:27:51 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2016.11.10 09:27:51 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2016.11.10 09:27:51 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2016.11.10 09:27:51 | 000,576,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2016.11.10 09:27:51 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2016.11.10 09:27:51 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2016.11.10 09:27:51 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2016.11.10 09:27:51 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2016.11.10 09:27:51 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2016.11.10 09:27:51 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2016.11.10 09:27:51 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2016.11.10 09:27:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2016.11.10 09:27:51 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2016.11.10 09:27:51 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2016.11.10 09:27:51 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2016.11.10 09:27:51 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2016.11.10 09:27:51 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\INETRES.dll
[2016.11.10 09:27:51 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2016.11.10 09:27:51 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2016.11.10 09:27:51 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2016.11.10 09:27:51 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2016.11.10 09:27:51 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2016.11.10 09:27:51 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2016.11.10 09:27:51 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2016.11.10 09:27:51 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2016.11.10 09:27:50 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2016.11.10 09:27:50 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2016.11.10 09:27:50 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2016.11.10 09:27:50 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2016.11.10 09:27:50 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2016.11.10 09:27:50 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2016.11.10 09:27:50 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2016.11.10 09:27:50 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2016.11.10 09:27:50 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2016.11.10 09:27:50 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2016.11.10 09:27:50 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2016.11.10 09:27:50 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2016.11.10 09:27:50 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2016.11.10 09:27:50 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2016.11.10 09:27:50 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2016.11.10 09:27:50 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2016.11.10 09:27:50 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2016.11.10 09:27:50 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2016.11.10 09:27:50 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2016.11.10 09:27:50 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2016.11.10 09:27:50 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2016.11.10 09:27:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2016.11.10 09:27:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2016.11.10 09:27:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2016.11.10 09:27:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2016.11.10 09:27:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2016.11.10 09:27:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2016.11.10 09:27:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2016.11.10 09:27:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2016.11.10 09:27:49 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2016.11.10 09:27:49 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2016.11.10 09:27:49 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2016.11.10 09:27:49 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2016.11.10 09:27:49 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2016.11.10 09:27:49 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2016.11.10 09:27:49 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2016.11.10 09:27:49 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2016.11.10 09:27:49 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2016.11.10 09:27:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2016.11.10 09:27:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2016.11.10 09:27:49 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2016.11.10 09:27:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2016.11.10 09:27:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2016.11.10 09:27:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2016.11.10 09:27:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2016.11.10 09:27:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2016.11.10 09:27:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2016.11.10 09:27:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2016.11.10 09:27:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2016.11.10 09:27:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2016.11.10 09:27:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2016.11.10 09:27:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2016.11.10 09:27:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2016.11.10 09:27:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2016.11.10 09:27:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2016.11.10 09:27:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2016.11.10 09:27:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2016.11.10 09:27:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2016.11.10 09:27:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2016.11.10 09:27:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2016.11.10 09:27:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2016.11.10 09:27:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2016.11.10 09:27:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2016.11.10 09:27:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2016.11.10 09:26:47 | 003,180,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2016.11.10 09:26:47 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2016.11.10 09:26:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2016.11.10 09:26:32 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2016.11.09 08:44:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2016.11.09 08:44:19 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2016.11.09 08:44:19 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2016.11.09 08:44:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2016.11.09 08:44:18 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2016.11.09 08:44:18 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2016.11.09 08:44:18 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2016.11.09 08:44:18 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2016.11.09 08:44:18 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2016.11.09 08:44:18 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2016.11.09 08:26:07 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2016.11.09 08:26:04 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2016.11.09 08:26:04 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2016.11.09 08:10:46 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icaapi.dll
[2016.11.09 08:07:20 | 000,756,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2016.11.09 08:07:20 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2016.11.09 08:07:19 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UtcResources.dll
[2016.11.09 08:06:39 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagtrack.dll
[2016.11.09 07:35:29 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlsbres.dll
[2016.11.09 07:35:29 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlsbres.dll
[2016.11.09 07:35:29 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZE.DLL
[2016.11.09 07:35:28 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZEL.DLL
[2016.11.09 07:35:28 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZE.DLL
[2016.11.09 07:35:28 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdgeoqw.dll
[2016.11.09 07:35:28 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZEL.DLL
[2016.11.09 07:35:27 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdgeoqw.dll
[2016.11.06 17:40:34 | 000,000,000 | ---D | C] -- C:\Users\Ronald Brauer\Desktop\EDV-Tipps
[2016.11.04 10:53:54 | 000,000,000 | ---D | C] -- C:\Users\Ronald Brauer\AppData\Roaming\TVgenial
[2016.11.04 10:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TVgenial
[2016.11.04 10:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVgenial5.5
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2016.11.28 16:28:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ronald Brauer\Desktop\OTL.exe
[2016.11.28 16:16:09 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016.11.28 16:08:46 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016.11.28 16:00:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016.11.28 15:58:45 | 000,026,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016.11.28 15:58:45 | 000,026,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016.11.28 15:50:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016.11.28 15:49:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016.11.28 15:48:55 | 3194,527,744 | -HS- | M] () -- C:\hiberfil.sys
[2016.11.24 08:18:51 | 002,412,032 | ---- | M] (Farbar) -- C:\Users\Ronald Brauer\Desktop\FRST64.exe
[2016.11.23 18:21:56 | 002,870,984 | ---- | M] (ESET) -- C:\Users\Ronald Brauer\Desktop\esetsmartinstaller_deu.exe
[2016.11.23 18:09:42 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2016.11.22 23:29:30 | 000,001,225 | ---- | M] () -- C:\Users\Ronald Brauer\Desktop\TreeSize Free.lnk
[2016.11.22 07:24:13 | 001,629,348 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016.11.22 07:24:13 | 000,702,942 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2016.11.22 07:24:13 | 000,657,174 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016.11.22 07:24:13 | 000,150,582 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2016.11.22 07:24:13 | 000,122,986 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016.11.21 19:43:40 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2016.11.21 18:48:04 | 022,851,472 | ---- | M] (Malwarebytes                                                ) -- C:\Users\Ronald Brauer\Desktop\mbam-setup-
[2016.11.21 18:34:10 | 004,747,704 | ---- | M] (AO Kaspersky Lab) -- C:\Users\Ronald Brauer\Desktop\tdsskiller.exe
[2016.11.18 17:24:49 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\7E24010D.sys
[2016.11.11 07:00:57 | 000,506,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016.11.09 08:37:43 | 001,602,692 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2016.11.08 17:17:36 | 000,796,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016.11.08 17:17:35 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016.11.07 17:04:37 | 000,007,602 | ---- | M] () -- C:\Users\Ronald Brauer\AppData\Local\Resmon.ResmonCfg
[2016.11.06 07:58:57 | 000,005,484 | ---- | M] () -- C:\Users\Ronald Brauer\AppData\Local\xecutor.xpr
[2016.11.06 07:58:57 | 000,005,484 | ---- | M] () -- C:\Users\Ronald Brauer\AppData\Local\xecutor._xp
[2016.11.02 16:36:15 | 000,382,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2016.11.02 16:32:08 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2016.11.02 16:32:05 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2016.11.02 16:32:03 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2016.11.02 16:32:01 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2016.11.02 16:22:36 | 000,308,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2016.11.02 16:16:15 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2016.11.02 15:53:37 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2016.11.22 08:57:44 | 000,001,225 | ---- | C] () -- C:\Users\Ronald Brauer\Desktop\TreeSize Free.lnk
[2016.11.21 19:43:40 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2016.07.04 15:42:58 | 000,000,000 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Local\{B5D6B04A-E7A6-4E42-A149-786037CE73C5}
[2016.06.30 18:16:14 | 000,239,616 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2016.06.30 18:16:09 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2016.06.09 16:09:14 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2016.06.09 15:57:34 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI
[2016.06.09 15:57:34 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2016.06.09 15:57:34 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2016.06.09 15:57:34 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2016.06.09 15:57:04 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2030.dat
[2016.06.09 15:56:49 | 000,000,247 | ---- | C] () -- C:\Windows\Brownie.ini
[2016.04.05 14:19:36 | 000,125,720 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016.04.05 14:19:36 | 000,042,264 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016.02.16 00:27:00 | 000,125,720 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-3-1.dll
[2016.02.16 00:25:40 | 000,042,264 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-3-1.exe
[2015.12.20 15:12:50 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2015.12.20 15:12:49 | 000,753,847 | ---- | C] () -- C:\Windows\unins000.exe
[2015.12.20 15:12:48 | 000,089,843 | ---- | C] () -- C:\Windows\unins000.dat
[2015.10.31 16:17:56 | 000,007,602 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Local\Resmon.ResmonCfg
[2015.09.11 15:01:53 | 000,000,098 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\CamStudio.Producer.command
[2015.09.11 13:13:39 | 000,001,206 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\CamStudio.Producer.ini
[2015.09.11 13:13:39 | 000,000,000 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\CamStudio.Producer.Data.ini
[2015.09.11 13:07:44 | 000,004,536 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\CamStudio.cfg
[2015.08.30 21:23:19 | 000,000,408 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\CamShapes.ini
[2015.08.30 21:23:19 | 000,000,408 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\CamLayout.ini
[2015.08.30 21:23:19 | 000,000,133 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\Camdata.ini
[2015.08.30 19:23:59 | 000,000,096 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\version2.xml
[2015.08.27 15:28:10 | 000,547,328 | ---- | C] () -- C:\Windows\SysWow64\mscc.dll
[2015.07.26 12:13:35 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2015.07.26 12:13:35 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2015.07.26 10:57:09 | 000,000,034 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\pdfdrawcodec.dll
[2015.07.16 02:17:26 | 000,143,872 | ---- | C] () -- C:\Windows\SysWow64\atieah32.exe
[2015.07.16 02:17:24 | 000,189,952 | ---- | C] () -- C:\Windows\SysWow64\amdgfxinfo32.dll
[2015.07.16 02:12:06 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\hsa-thunk.dll
[2015.05.22 20:43:58 | 000,013,807 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\PStrip.bko
[2015.05.22 18:43:13 | 000,013,807 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\PStrip.bk!
[2015.05.22 18:34:40 | 000,013,793 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\PStrip.bak
[2015.05.22 17:09:58 | 000,013,865 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\PStrip.ini
[2015.05.22 17:02:22 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2015.02.06 18:49:08 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2015.02.06 18:49:08 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2015.02.06 18:48:43 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2015.02.06 18:48:00 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe
[2015.02.05 12:15:26 | 000,004,864 | ---- | C] () -- C:\ProgramData\vczcspay.tpu
[2015.02.05 10:44:07 | 000,087,704 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2015.01.08 16:37:52 | 000,005,484 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Local\xecutor.xpr
[2015.01.08 16:37:52 | 000,005,484 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Local\xecutor._xp
[2015.01.07 18:06:53 | 000,119,065 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\ExpressBurn.dmp
[2013.12.31 14:25:42 | 000,000,005 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\WBPU-Q5-TTL.DAT
[2013.07.30 13:13:04 | 000,000,128 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\WB.CFG
[2013.06.19 13:13:07 | 000,000,005 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\WBPU-TTL.DAT
[2012.04.01 17:34:44 | 000,104,787 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\userenv.xml.urlencode
[2012.04.01 17:34:43 | 000,078,623 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\userenv.xml
[2011.12.22 16:13:33 | 000,037,888 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.19 07:23:19 | 000,203,972 | ---- | C] () -- C:\Users\Ronald Brauer\bookmarks-2010-09-19.json
[2010.09.04 16:28:41 | 000,000,784 | ---- | C] () -- C:\Users\Ronald Brauer\AppData\Roaming\wklnhst.dat
[2010.05.29 23:37:49 | 000,925,696 | ---- | C] () -- C:\Users\Ronald Brauer\s-1-5-21-2689304980-1437917653-2625238874-1004.rrr
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016.08.29 16:31:19 | 014,183,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
"" = %SystemRoot%\system32\shell32.dll -- [2016.08.29 16:12:50 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013.09.27 03:52:49 | 000,843,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013.09.27 02:14:40 | 000,634,880 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013.09.27 03:50:16 | 000,435,200 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FB1B13D8

< End of report >

Alt 28.11.2016, 17:00   #35
Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig - Standard

Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig

hier die zweite Datei:
OTL Extras logfile created on: 28.11.2016 16:30:41 - Run 1
OTL by OldTimer - Version     Folder = C:\Users\Ronald Brauer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18524)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 41,69% Memory free
7,93 Gb Paging File | 5,04 Gb Available in Paging File | 63,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 125,46 Gb Free Space | 21,04% Space Free | Partition Type: NTFS
Computer Name: RONALDARNO-PC | User Name: Ronald Brauer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
"{0242D18C-9A6C-4630-8781-C9E59AB925C8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{02B4BCB0-EC95-4A57-9057-B90A61988415}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 | 
"{07C27C60-677B-4191-A133-E71E63BCE9D7}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 | 
"{14DC7B64-FA09-48BF-BD15-593549553AC0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{187E17BA-3783-4701-ACED-9CC03FAE8191}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 | 
"{203807FC-1294-44DA-9C7D-7E8ABDB7132E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{22C99491-4258-4E97-B025-3CE8E94A511B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2DD1870C-29C1-461D-91FF-075C7B4A5F4C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{382C0702-47EB-46E1-B744-8084AF450AA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{51D8B2E1-B623-4E2B-BE05-E7A7F8DDFBC7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5750EF49-0864-467F-9979-C9DCDE6AD1C8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{58D2E14F-C8B4-4CDE-BB2A-C8DA91B17C5C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{60ED567C-D2B1-41B9-940F-6F1A0AD56492}" = lport=8317 | protocol=6 | dir=in | name=techsmith camtasia studio | 
"{61558C20-4CD9-4355-AB48-B217920F0417}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6BF7DF00-0442-494F-8246-A22742467C31}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{85E5C467-5566-4B35-A18D-EEFFA574A8C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8E8AFFC4-BE2D-49ED-8EF8-BC2F6B03F0E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{94C26438-75EA-41CA-8020-57528A2282BD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{968D9E0F-FD73-47F5-9823-1FD7AE4241D1}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9709C8E0-E911-4FEA-B636-38318A24ACC7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9F26BCD5-D1A3-469F-A12D-D17EF9E39673}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B4C06FEE-6B8C-4F8A-A109-4FA27AEBABE6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B61B35AF-1F4D-47D9-A3FB-F9544D7B5F5F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{C32B41AA-DF62-4DF3-9095-EC05A4A5BD70}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CD0AB130-4886-4BD4-944F-7A8C0495BB9A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DE13EAE4-9255-43B3-9907-7D660E71055B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E303FBA0-692D-4534-BD99-AB147241A05A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{EFCE9BBE-A5A9-4CCA-9716-C10C3A522698}" = lport=137 | protocol=17 | dir=in | app=system | 
========== Vista Active Application Exception List ==========
"{06B76CD1-74BF-4A18-B865-B7271E666CE9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{08B4CFD7-AE4B-4556-90A8-A2545214A2B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{09FBCB65-BFD2-4847-8662-3B034E3E1560}" = dir=in | app=c:\program files (x86)\apowersoft\streaming video recorder\apowersoftdownloaderhelp.dll | 
"{1113360C-E052-41DD-AAE0-F8DF819EE48C}" = dir=in | app=c:\program files (x86)\apowersoft\streaming video recorder\apowersoftplayer.dll | 
"{14A3F62E-74BF-4439-8BC6-C7221B33FE2A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1595194A-6C55-4599-A9DE-D46CCE9ACFF6}" = protocol=6 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zs456b\hpdiagnosticcoreui.exe | 
"{16168C5C-BDC5-48E3-A699-38F37DADBDA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{2077D279-6366-4FA2-898B-0A73032B4093}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{227117D0-9CA4-454D-871F-53038912FA27}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | 
"{25CD3A28-6C0B-44B0-8848-B39734E90B88}" = protocol=17 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zs3eb2\hppiw.exe | 
"{2600D45A-3920-4F88-89BB-49824237E48F}" = protocol=17 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zsca12.tmp\symnrt.exe | 
"{27EE3E90-B0C6-4F41-AA40-83746D1CB752}" = dir=out | app=c:\program files (x86)\apowersoft\streaming video recorder\apowersoftac.dll | 
"{2C4BC87E-B90C-4AE2-A03A-C9D5D98B442D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2D609FD4-5739-4D7D-9D66-BFEDA41E5915}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | 
"{30E53A20-DC8B-4948-91B9-EB6D066C3CC1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{315A7DF1-90DF-4F6F-B47B-87820EFAFC29}" = dir=in | app=c:\program files (x86)\apowersoft\streaming video recorder\apowersoftac.dll | 
"{325996EC-490E-4A17-A247-FF57EB4502F4}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr inc\raptr\raptr_im.exe | 
"{3316515E-66E2-4122-BB33-2DB50409EE9E}" = dir=out | app=c:\program files (x86)\apowersoft\streaming video recorder\apowersofthdsdump.dll | 
"{33D09201-229E-40DF-927F-1CDDA13701B0}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{34BA348D-D2F4-4A76-B55F-DC82181AAE62}" = protocol=6 | dir=in | app=c:\program files (x86)\tubedigger\tubedigger.exe | 
"{351E8EFB-5B1F-480C-AA63-13D2ED4AEC5D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{368DADBB-1EDD-4506-85D1-590815450BEA}" = dir=out | app=c:\program files (x86)\apowersoft\streaming video recorder\apowersoftdownloaderhelp.dll | 
"{405D927B-66F9-46D2-A8C8-E9982A23EA66}" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe | 
"{41FCCD33-ED40-4CEF-96F8-34940AF84A4B}" = protocol=17 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zsd4b3.tmp\symnrt.exe | 
"{42D9CA6E-64BF-4050-A70D-D6B85A02C481}" = protocol=17 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zsdccd.tmp\symnrt.exe | 
"{4B304370-F84F-417B-8263-7A310F2E7575}" = protocol=17 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zs44d5\hpdiagnosticcoreui.exe | 
"{4B89DDB1-BAB1-4059-BA3D-682383C1F0C7}" = protocol=6 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zs3615\hpdiagnosticcoreui.exe | 
"{4E30BFC4-D980-4224-9127-3B2313C634D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{5269FCE0-A009-45AF-B3CC-E5273F62D081}" = protocol=6 | dir=out | app=c:\program files (x86)\concept design\onlinetv 11\onlinetv.exe | 
"{528E65A9-E384-4919-9012-19E76D274E75}" = protocol=17 | dir=in | app=c:\program files (x86)\tubedigger\tubedigger.exe | 
"{53436A1F-0074-49A8-99A1-FA25634A3B40}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr inc\raptr\raptr.exe | 
"{54C15AFC-0347-4426-96A3-B5F97424C4CA}" = dir=in | app=c:\program files (x86)\audials\audials 12\audials.exe | 
"{5520B1AD-FD7C-4F5B-B4BF-6F7BE8F08CC9}" = protocol=6 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zsec96.tmp\symnrt.exe | 
"{55457DE9-AD00-452E-B8DE-F3A139B129C8}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe | 
"{566FE47C-F9BB-4686-B6B8-F02F51B781B3}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr inc\playstv\playstv.exe | 
"{57267394-DD42-47D9-A9A0-4C144A661C04}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{5F8336A9-A5C1-462C-80B6-BD5F47B26C6E}" = dir=out | app=c:\program files (x86)\apowersoft\streaming video recorder\apowersoftdump.dll | 
"{62CE7D0B-ECDC-47E1-ABA6-7314F66A2CF7}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{648A2480-EFF5-49BA-BA4A-A493047F2E02}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{67CE3AFA-DEEA-410F-8882-690F44430F39}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | 
"{695B2813-BAAF-42AB-AC17-7DEE76EFEFE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{6BE91DC9-F213-47F6-8B71-892E91792E3C}" = protocol=17 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zs3615\hpdiagnosticcoreui.exe | 
"{6F43E504-FEE4-4C51-9E2C-775C7B6648B8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7351F74E-76AD-48C6-843F-7A3F67D6683C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7983923A-059B-4F20-B5E1-CD399653643A}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr inc\playstv\playstv.exe | 
"{7AA149AF-BB7B-47A9-AFE6-49C90F05CCDC}" = protocol=6 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zs9bf9.tmp\symnrt.exe | 
"{7AEE7B6E-6793-4DA2-BED3-7DFD13C60521}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7DA70632-FEA2-4EC3-AE0E-38FF225EA872}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{7DB0ADD6-C503-4C8E-8A0F-F6D4AF18D742}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7F69E6FB-8515-40E9-96E3-84C7D388415C}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr inc\raptr\raptr.exe | 
"{82CB24E8-FB10-4C02-BC85-4C71E096235D}" = protocol=17 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zs9bf9.tmp\symnrt.exe | 
"{85F61124-0A98-404C-927B-20DC2DC9BEA8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{884BA79D-FC38-4388-B35E-640DC28DA96A}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe | 
"{88554DEF-F7EA-47DC-BF96-A2781516C27B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{88D646A0-8A2B-4A12-8151-5573062C131F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{9089CA8C-E2FF-470C-9E89-1EBE6F267E2F}" = protocol=6 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zs4122\hpdiagnosticcoreui.exe | 
"{930B7EDE-5031-403D-9AC9-EF7979E6A7E7}" = dir=in | app=c:\program files (x86)\apowersoft\streaming video recorder\apowersofthdsdump.dll | 
"{9388557D-ED9D-4163-AE41-9BAAEACFE1E0}" = protocol=6 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zs3eb2\hppiw.exe | 
"{9668991C-182F-4AD0-A396-37E32595E876}" = dir=in | app=c:\program files (x86)\nero\km\nmdllhost.exe | 
"{98820971-FC28-4FF3-99D0-B334A2037E94}" = dir=out | app=c:\program files (x86)\apowersoft\streaming video recorder\apowersoftsrv.dll | 
"{9A49888A-9E79-4AF6-B3C9-59DC35346427}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9B5F71C4-8187-4E25-AC26-B5891B35229A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9B94D1C4-E2C5-4CC2-A2AF-DF42A266F9B5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9FE885B7-EB77-4718-A109-5FCB51895EE8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{A02260D0-769B-4536-A864-693C518A7396}" = protocol=17 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zs4122\hpdiagnosticcoreui.exe | 
"{A6D5718B-85C4-45B3-A6AD-E46BA10F016D}" = dir=in | app=c:\program files (x86)\apowersoft\streaming video recorder\apowersoftdump.dll | 
"{AE8B17CB-9025-4E09-88E9-9876DD66C216}" = protocol=17 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zsec96.tmp\symnrt.exe | 
"{B1F613C3-70B6-48B0-AB70-C1AEEC02CE6B}" = protocol=17 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zs456b\hpdiagnosticcoreui.exe | 
"{B2C240C4-C9CD-4E33-8BB1-CCB284A87A47}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B7D23C50-1BFC-42AA-9D29-43B1C527D9FE}" = dir=out | app=c:\program files (x86)\apowersoft\streaming video recorder\apowersoftplayer.dll | 
"{C3473F83-C82C-4D74-8ABD-030C8AC7DB47}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C4927691-C058-47B1-99D3-D9CD004FDD76}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8E3536B-7C9E-499D-A874-6D910288737A}" = protocol=17 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zs359c\hpdiagnosticcoreui.exe | 
"{CA07C14B-1734-4492-9F8D-A02E791DCFF9}" = protocol=6 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zs359c\hpdiagnosticcoreui.exe | 
"{CB5F28E7-3837-4147-B7B8-F758E2CBE919}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | 
"{CC5FA639-BFFD-4752-BFF9-50E93E99D09A}" = protocol=6 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zsdccd.tmp\symnrt.exe | 
"{CD50340F-0420-469D-85C1-B8B3A3A0DC43}" = dir=in | app=c:\program files (x86)\apowersoft\streaming video recorder\streaming video recorder.exe | 
"{CE771EDF-E7F1-4F14-BE7E-55035D95C151}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CE7C27F4-132B-43DC-98FE-74EAEDA87625}" = dir=out | app=c:\program files (x86)\apowersoft\streaming video recorder\streaming video recorder.exe | 
"{CEFC1392-4E27-4337-B0F3-943E602DBA18}" = protocol=6 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zs44d5\hpdiagnosticcoreui.exe | 
"{D2B86AB5-BF63-4B5F-B146-3169C6A64E84}" = protocol=6 | dir=out | app=system | 
"{D2DE94AA-D053-42B4-A322-E374A1010624}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{D674B8D7-7432-4DD6-8954-B62744842E41}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D89E7FE4-8050-4F42-AD30-91204C3FA4BE}" = protocol=6 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zsca12.tmp\symnrt.exe | 
"{DBD72C3C-7D60-4DD1-9447-E4D38AAC04BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8675A2F-0457-428D-9E0C-5697701BBAF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA30215D-3418-4337-8022-0F797CEF2DEF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F098C24B-C2EA-457D-A918-B258CEA74E5F}" = protocol=6 | dir=in | app=c:\users\ronald brauer\appdata\local\temp\7zsd4b3.tmp\symnrt.exe | 
"{F470BB27-7072-4B5E-A1BC-B3D4D81E069E}" = dir=in | app=c:\program files (x86)\apowersoft\streaming video recorder\apowersoftsrv.dll | 
"{F9635555-9C49-4558-9416-45C8AB397FD4}" = protocol=6 | dir=in | app=c:\program files (x86)\concept design\onlinetv 11\onlinetv.exe | 
"{FB00C03A-3E23-4067-B37B-420CD0263878}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr inc\raptr\raptr_im.exe | 
"{FE4C4F00-83D6-4A86-A723-E503CC12410F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FF8F04AF-BD14-46EA-8A6B-0B2673344D75}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{584BE8CA-4EC7-49A5-8176-B97E7E435369}C:\program files (x86)\dradio-recorder\phonostar.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dradio-recorder\phonostar.exe | 
"TCP Query User{5B4CE298-EE56-44CE-9B6A-35B7FA3E7569}C:\program files (x86)\toggla\toggla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\toggla\toggla.exe | 
"UDP Query User{830BD064-C593-4849-B912-21C990F68576}C:\program files (x86)\dradio-recorder\phonostar.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dradio-recorder\phonostar.exe | 
"UDP Query User{880C70C5-FB35-4326-96D8-4C378EF1F8EE}C:\program files (x86)\toggla\toggla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\toggla\toggla.exe | 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020EB053-529D-4FFB-AD9F-40374ACB949A}" = calibre 64bit
"{04B83666-3A62-452B-85D3-70F8117F2329}_is1" = CamStudio 2.7.3
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1" = ConvertHelper 3.1.1
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{426582A8-202F-D13C-8BD5-F00551BAFC93}" = AMD Wireless Display v3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D512595-BDA6-E291-4BC6-CC2FF891AB05}" = AMD Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{78ACE60E-0CB7-4935-BCD4-F33422105607}" = AMD Settings - Branding
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B6CFE66-6961-3E02-3C57-9BA146AFB935}" = AMD Wireless Display v3.0
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8F2415FA-72F2-F029-0450-4EB2FAE484C5}" = AMD Accelerated Video Transcoding
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.6.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{AAC5C889-B75D-3368-BC63-CB660DE44C66}" = Microsoft .NET Framework 4.6.1 (DEU)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B678797F-DF38-4556-8A31-8B818E261868}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}" = Microsoft .NET Framework 4.6.1
"{EAED8692-5B63-4665-B857-D626633691DA}" = vs2015_redist x64
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F46AA0F1-E284-4878-A462-5F11B9166C0E}" = iTunes
"{F6BF49D7-479E-23FE-A8A9-63D193D05697}" = AMD Drag and Drop Transcoding
"7-Zip" = 7-Zip 16.02 (x64)
"AMD Catalyst Install Manager" = AMD Install Manager
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.72.1
"HitmanPro37" = HitmanPro 3.7
"Recuva" = Recuva
"VLC media player" = VLC media player
"VulkanRT1.0.3.1" = Vulkan Run Time Libraries
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{01310914-E3B8-40E8-BCF7-9C42E0639A43}" = gotomaxx PDFMAILER
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{0C2D7460-3633-F05A-4504-A4BAF0508E63}" = AMD Catalyst Control Center
"{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding
"{12E727B6-24CD-0CA2-E63F-815CE9F03BC1}" = CCC Help Spanish
"{13743594-F75E-491E-9EFF-203C8F8DF705}" = RealDownloader
"{148E8CA6-BEF1-41C5-8805-BF1286C6884B}" = Brother HL-2030
"{150D88F1-40AF-4678-A39D-BCE2332F34E5}" = Nero Abstract Themes
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{17DB3734-EAB4-4717-954B-C860EE162FBA}" = Video Power
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1E3745C1-674D-4B2E-B8F7-3F4088950ED7}_is1" = TubeDigger 5.4.4
"{1F0342F5-8369-3CD1-99DD-E9BC44473708}" = Google Chrome Frame
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20E59B20-3E77-B07B-B854-2B03CE86FC64}" = CCC Help Greek
"{22124B84-93B2-4603-B212-146665E4B6B1}" = Nero Blu-ray Player
"{226552DB-BCAF-5406-8283-5F500AFC0C16}" = CCC Help Norwegian
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{24A500E4-0B12-4D62-9973-2C7E23CCA750}" = Nero Kwik Media
"{26024DF7-8D9A-0047-3AA1-63AC45B68413}" = CCC Help Italian
"{27642EF6-3F88-403B-81AE-8A721A821D8B}" = Microsoft Expression Encoder 4
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{31796434-736D-4601-6D86-D95696812FAF}" = CCC Help Hungarian
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C4CB5BB-ED29-DC38-32E0-2E3024FCB7D9}" = Toggla
"{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1" = Video Download Capture Version 4.9.6
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{410F406E-7AFC-4E9F-BF7E-0CB3C72BDAB9}" = RealDownloader
"{41727356-2969-83D0-9DAF-41DFB6CE6C82}" = CCC Help Japanese
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{4A152727-C4C4-4666-818A-11C9D8AAE71C}" = Audials
"{4e8ca438-78fb-4658-ac5b-2d128f60c54e}" = RealDownloader
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53DB9A5D-87C7-5067-D8A2-F53FB3F621BB}" = CCC Help Polish
"{5883C8CF-D9F6-CACD-01E9-8D4DE18B7B86}" = CCC Help Korean
"{5A9F93EE-DF6F-AE8E-A43E-76B12F2BA707}" = CCC Help Russian
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{62CFAD8C-4A87-490F-95F7-D10ED7501AD0}" = Nero MediaHome
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{69967F97-E880-44B9-8383-5278BBC8809B}" = Adobe Playpanel
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7382003B-637E-2598-F9D6-0B4C70EA358F}" = CCC Help Chinese Standard
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F2CBFF-0687-BBAD-6A44-C0034AFE71FA}" = CCC Help French
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{799AFA36-4EA5-4323-8689-74C06645A26B}" = Prerequisite installer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80CE5A20-ACAD-46A7-94A0-5FD34A7744F3}" = Video Downloader
"{82458834-6226-4A34-AE96-6907354F9F36}_is1" = FFsplit version 0.7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89699A99-8D90-469A-9BD8-72C42FF45317}_is1" = Xecutor Version
"{8A4C3184-DA2F-4553-BF61-83F5690C3048}_is1" = concept/design onlineTV 11
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{93ED5459-3A8E-67EB-C68F-47CD6AFE25A4}" = CCC Help Turkish
"{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}" = vc2012_redist
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96443F45-13E2-11D6-AC87-00D0B7A9E540}" = Arx Fatalis
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.7
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0030B28-1F49-2734-BFD7-74666118637E}" = CCC Help Portuguese
"{A03D0AB9-E804-E8B1-2EC5-0E28DAEAC11A}" = Catalyst Control Center Localization All
"{A0CC276F-2890-DE82-1C93-BF827B3DCD2D}" = Catalyst Control Center Graphics Previews Common
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}" = Camtasia Studio 8
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9574DE7-641A-E17B-F3D3-1026521380FE}" = simfy
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-0804-1033-1959-001824205020}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1031-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Deutsch
"{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}" = OpenOffice 4.1.1
"{AF2D6CE8-FF11-72F6-DA20-DF02E68E211D}" = CCC Help Thai
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B2F0BB2B-34ED-AEB8-CFD5-B4405D8DAD54}" = CCC Help Swedish
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B791E0AB-87A9-41A4-8D98-D13C2E37D928}" = Nero Info
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BB842C3B-B4B1-4586-BED1-C5F07ABB0E09}" = Nero MediaHome Free
"{BD46163A-0331-4A61-B65A-7B66D7C93F8E}" = vs2015_redist x86
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BD96BA19-5A46-E2F7-5652-E13BBA085317}" = CCC Help Finnish
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C2409A7D-665E-F6E9-CAE1-DFCF83DBF632}" = CCC Help Danish
"{C4A8B568-5F30-E41F-5F15-80E0902C204E}" = CCC Help Dutch
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{DF072839-834E-4AE6-A410-9D825B356A3D}" = LOADSTREET Web-Media-Sauger Demo
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E281AD0E-78A6-DE8A-9903-A449EE18FB17}" = CCC Help English
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5AB3F65-7FAC-41C6-B176-7599D2404BB2}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{E8478C78-A2BE-A85B-4EDC-FB02B6AE1A3E}" = CCC Help German
"{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CA8888-41BB-7DCE-D9A4-751AFC4F1353}" = CCC Help Czech
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1" = Ezvid
"{FC965A47-4839-40CA-B618-18F486F042C6}" = Skype™ 7.28
"{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}" = QuickTime 7
"{FF5E3D2F-586A-3CF2-CFAE-3B03862F5512}" = CCC Help Chinese Traditional
"{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}" = Apple Software Update
"7-Zip" = 7-Zip 16.00
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 23 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 23 NPAPI
"AngelPacMan_is1" = AngelPacMan
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 5.8.2
"Ashampoo Burning Studio 11_is1" = Ashampoo Burning Studio 11 v.11.0.3
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Audacity_is1" = Audacity 2.0.6
"Avi2Dvd" = Avi2Dvd 0.6.4
"AviSynth" = AviSynth 2.5
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Bidou_is1" = Bidou
"BoltPDF" = Bolt PDF Printer
"BrettspielWelt" = BrettspielWelt
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"Debut" = Debut Video Capture Software
"Discover Painting for Kids SE" = Discover Painting for Kids SE
"Dominoes Deluxe" = Dominoes Deluxe
"Doxillion" = Doxillion Dokumentkonverter
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.6
"DVD Flick_is1" = DVD Flick
"DVDFab 9_is1" = DVDFab (24/01/2015)
"Encoder_4.0.4276.0" = Microsoft Expression Encoder 4
"ExpressBurn" = Express Burn
"ExpressZip" = Express Zip
"ffdshow_is1" = ffdshow [rev 2202] [2008-10-10]
"Finale NotePad 2012" = Finale NotePad 2012
"FormatFactory" = FormatFactory
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free DVD Creator (by minidvdsoft)_is1" = Free DVD Creator version 2.0
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free Studio_is1" = Free Studio version 5.0.6
"Free YouTube Download_is1" = Free YouTube Download version
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version
"Freemake Music Box_is1" = Freemake Music Box
"Galaxy of Games Gold Edition" = Galaxy of Games Gold Edition
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"HyperCam 2" = HyperCam 2
"HyperCam 3 3.6.1311.20" = HyperCam 3
"LAME_is1" = LAME v3.99.3 (for Windows)
"m3jpegV3" = Morgan M-JPEG codec V3
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version
"Mini Golf Special Edition" = Mini Golf Special Edition
"Movavi Screen Capture Studio 6" = Movavi Screen Capture Studio 6
"Mozilla Firefox 48.0 (x86 de)" = Mozilla Firefox 48.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OnLine TV Lite" = OnLine TV Lite
"Opera 39.0.2256.48" = Opera Stable 39.0.2256.48
"Opera 41.0.2353.69" = Opera Stable 41.0.2353.69
"PDFBearbeiten_is1" = PDFBearbeiten V2.3
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.03.8
"PlaysTV" = PlaysTV
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"Prism" = Prism Videodatei-Konverter
"Privoxy" = Privoxy (remove only)
"PROHYBRIDR" = 2007 Microsoft Office system
"Raptr" = Raptr
"RealPlayer 18.1" = RealPlayer (RealTimes)
"Revo Uninstaller" = Revo Uninstaller 1.95
"Screen Movie Studio_is1" = Screen Movie Studio version 2.6.2
"Screen Recorder 1" = Screen Recorder 1
"Simfy" = simfy
"smartision ScreenCopy_is1" = smartision ScreenCopy 2.3
"StarBurn_is1" = StarBurn Version 13 (Build 0x20110818)
"Steam App 200510" = XCOM: Enemy Unknown
"Streamripper" = Streamripper (Remove only)
"StreamTorrent 1.0" = StreamTorrent 1.0
"Toggla" = Toggla
"TreeSize Free_is1" = TreeSize Free V3.4.5
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall
"VideoPad" = VideoPad Video-Editor
"VLC media player" = VLC media player 2.1.0
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"WavePad" = WavePad Sound Editor
"Websuche" = Websuche
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
"{759f3f42-04f6-4249-b26e-3990036ebeb8}" = Entropy Piano Tuner
"Super Internet TV (Free Edition)_is1" = Super Internet TV v8.1 (Free Edition)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.11.2016 16:18:06 | Computer Name = RonaldArno-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version:, Zeitstempel:
 0x00000000  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.23569, Zeitstempel:
 0x57f7c06e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000048f24  ID des fehlerhaften
 Prozesses: 0x177c  Startzeit der fehlerhaften Anwendung: 0x01d24665487d4ea0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 1bb54d86-b283-11e6-a3d4-001c4afac163
Error - 24.11.2016 16:56:13 | Computer Name = RonaldArno-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\dradio-Recorder\phonostar.exe". Fehler in  Manifest- oder Richtliniendatei 
"" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error - 25.11.2016 03:04:00 | Computer Name = RonaldArno-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version:, Zeitstempel:
 0x00000000  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.23569, Zeitstempel:
 0x57f7c06e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000048f24  ID des fehlerhaften
 Prozesses: 0x6f8  Startzeit der fehlerhaften Anwendung: 0x01d246e5eaeb13ac  Pfad der
 fehlerhaften Anwendung: C:\Program Files\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 568f71cc-b2dd-11e6-8b1e-001c4afac163
Error - 25.11.2016 07:41:46 | Computer Name = RonaldArno-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version:, Zeitstempel:
 0x00000000  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.23569, Zeitstempel:
 0x57f7c06e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000048f24  ID des fehlerhaften
 Prozesses: 0x13e0  Startzeit der fehlerhaften Anwendung: 0x01d24710019c3bc9  Pfad der
 fehlerhaften Anwendung: C:\Program Files\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 247fb0da-b304-11e6-8b1e-001c4afac163
Error - 25.11.2016 19:32:35 | Computer Name = RonaldArno-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version:, Zeitstempel:
 0x00000000  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.23569, Zeitstempel:
 0x57f7c06e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000048f24  ID des fehlerhaften
 Prozesses: 0xf34  Startzeit der fehlerhaften Anwendung: 0x01d2476ec0e46eb4  Pfad der
 fehlerhaften Anwendung: C:\Program Files\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 7135cd5c-b367-11e6-ab0b-001c4afac163
Error - 26.11.2016 04:18:18 | Computer Name = RonaldArno-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version:, Zeitstempel:
 0x00000000  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.23569, Zeitstempel:
 0x57f7c06e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000048f24  ID des fehlerhaften
 Prozesses: 0x1554  Startzeit der fehlerhaften Anwendung: 0x01d247b4ca00590f  Pfad der
 fehlerhaften Anwendung: C:\Program Files\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: e277d8d0-b3b0-11e6-9dcd-001c4afac163
Error - 26.11.2016 05:02:41 | Computer Name = RonaldArno-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version:, Zeitstempel:
 0x00000000  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.23569, Zeitstempel:
 0x57f7c06e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000048f24  ID des fehlerhaften
 Prozesses: 0x10ac  Startzeit der fehlerhaften Anwendung: 0x01d247c14bf91d33  Pfad der
 fehlerhaften Anwendung: C:\Program Files\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 15c7c2f1-b3b7-11e6-9dcd-001c4afac163
Error - 26.11.2016 08:23:24 | Computer Name = RonaldArno-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version:, Zeitstempel:
 0x00000000  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.23569, Zeitstempel:
 0x57f7c06e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000048f24  ID des fehlerhaften
 Prozesses: 0xebc  Startzeit der fehlerhaften Anwendung: 0x01d247dc9981659c  Pfad der
 fehlerhaften Anwendung: C:\Program Files\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 2015a912-b3d3-11e6-9dcd-001c4afac163
Error - 27.11.2016 04:21:29 | Computer Name = RonaldArno-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version:, Zeitstempel:
 0x00000000  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.23569, Zeitstempel:
 0x57f7c06e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000048f24  ID des fehlerhaften
 Prozesses: 0x19a0  Startzeit der fehlerhaften Anwendung: 0x01d248853301befa  Pfad der
 fehlerhaften Anwendung: C:\Program Files\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 7e9892cf-b47a-11e6-a21d-001c4afac163
Error - 28.11.2016 11:08:29 | Computer Name = RonaldArno-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: downloader2.exe, Version:,
 Zeitstempel: 0x57cb1259  Name des fehlerhaften Moduls: unknown, Version:,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x1368  Startzeit der fehlerhaften Anwendung: 0x01d24986c97f9a53  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe
 des fehlerhaften Moduls: unknown  Berichtskennung: 84b540c2-b57c-11e6-89bc-001c4afac163
[ System Events ]
Error - 26.11.2016 17:12:33 | Computer Name = RonaldArno-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Plays.tv Update Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
Error - 26.11.2016 17:13:03 | Computer Name = RonaldArno-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 RealPlayer Update Service erreicht.
Error - 27.11.2016 03:16:32 | Computer Name = RonaldArno-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Plays.tv Update Service erreicht.
Error - 27.11.2016 03:16:32 | Computer Name = RonaldArno-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Plays.tv Update Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
Error - 27.11.2016 13:58:40 | Computer Name = RonaldArno-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Plays.tv Update Service erreicht.
Error - 27.11.2016 13:58:40 | Computer Name = RonaldArno-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Plays.tv Update Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
Error - 28.11.2016 01:29:29 | Computer Name = RonaldArno-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Plays.tv Update Service erreicht.
Error - 28.11.2016 01:29:29 | Computer Name = RonaldArno-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Plays.tv Update Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
Error - 28.11.2016 10:49:23 | Computer Name = RonaldArno-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Plays.tv Update Service erreicht.
Error - 28.11.2016 10:49:23 | Computer Name = RonaldArno-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Plays.tv Update Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
< End of report >
PS: Wenn alles erledigt ist nach Deiner Meinung bitte ich um abschließendes ok, damit ich Java und Kaspersky wieder laden kann.

Alt 28.11.2016, 17:32   #36
/// Malwareteam
Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig - Standard

Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig

FRST hat bei dir doch nie einen vollständigen Addition.txt Log ausgespuckt.

Windows 7 Home Premium Service Pack 1
Dein System hat einen katastrophalen Update Stand, unbedingt Service Pack und die Updates danach manuell installieren! Das kann unter Umständen auch der Grund sein, das FRST und Java bei dir nicht gescheit funktionieren.

Ich erkenne so jetzt momentan keine aktive Malware auf deinem System.

Die Logs von deinem Rechner sehen jetzt für mich sauber aus: Herzlichen Glückwunsch - du bist Clean

Zum Schluss müssen wir noch etwas aufräumen und ich gebe dir ein paar Hinweise mit auf den Weg:

Wichtig: Entfernen der verwendeten Tools
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Malwarebytes Anti-Malware und ESET kannst du als Ergänzung zu deiner bestehenden Antivirus-Lösung auf dem Computer belassen und deinen Computer damit regelmäßig scannen.

Persönliche Empfehlungen
Das wichtigste zu erst:
  • Aktiviere unbedingt die automatischen Updates von Windows und stelle auch sicher, dass diese regelmäßig installiert werden.
  • Aktiviere immer eine Firewall - die in Windows integrierte reicht dazu vollkommen aus.
  • Verwende immer ein Antivirenprogramm und stelle sicher, dass es sich regelmäßig aktualisiert.

    Wenn du kein Geld ausgeben möchtest, empfehle ich dir auf Windows 8.1 bzw. Windows 10 einfach den Defender zu benutzen. Solltest du noch Windows 7 verwenden, verwende als kostenlose Lösung die Microsoft Security Essentials.

    Wenn dir etwas besserer Schutz mit Verhaltenserkennung etwas wert ist, um so auch optimalerweise ganz neue Schadsoftware zu erkennen, empfehle ich dir eine der beiden folgenden Lösungen:

Schutz vor unerwünschter Software
Adware ist zu einer Art permanenten Bedrohung geworden, weil immer mehr Programme versuchen, einem beim Installieren noch was anderes unterzujubeln - und wie schnell hat man da ein Häkchen übersehen?

Darum: pass auf, wenn du dir Software aus dem Internet herunterlädst! Viele Portale im Internet wie Chip, Softonic und Sourceforge versuchen häufig, dir Adware oder sonstige Downloader mit unerwünschten Programmen unterzujubeln. Downloade nach Möglichkeit immer direkt von der Herstellerseite oder alternativ von einem sauberen Download-Portal, wie von FilePony.de.
Lese dir dazu auch folgenden Artikel durch: CHIP-Installer - was ist das? - Anleitungen

Selbst wenn du ein Programm von einer seriösen Quelle heruntergeladen hast, ist das keine Garantie, dass dein Programm nicht doch versucht, unerwünschte Änderungen an deinem Computer vorzunehmen. So versuchen immer mehr Programme, durch modifizierte Installationsroutinen unerwünschte Programme mit auf deinen PC zu schleusen. Das klappt leider auch häufig, weil viele Anwender nicht lesen, was auf dem Bildschirm steht und stattdessen schnell durchklicken.
Deshalb: Wenn du ein Programm installierst, wähle immer die benutzerdefinierte Installation und schaue, was du da gerade eigentlich alles mit einem Klick auf "Ok" oder "Weiter" abnickst - entferne entsprechend die Haken bei Dingen, die du nicht möchtest. Wer lesen kann, ist klar im Vorteil!

Benutze keine Optimizer, Cleaner oder sonstige SpeedUp Wunder, da diese Tools fast nie einen auch nur messbaren Performancegewinn bringen.
Du kannst jedoch regelmäßig auf deinem PC die Datenträgerbereinigung ausführen, so gewinnst du belegten Speicherplatz zurück.

Aktiviere in deiner Virenschutzlösungen den "Schutz vor potentiell unerwünschter Software", um dich bestmöglich zu schützen.

Guter Trick: Wenn du den kostenlosen Windows Defender benutzt (ab Windows 8), kannst du einen vergleichbaren Schutz durch einen kleinen Trick auch nutzen! Lese dazu folgenden Artikel um dich mehr zu informieren: Windows mit verstecktem Adware-Killer
Zum aktivieren dieses "Tricks" lade einfach nur diese Datei und führe sie aus: MpEnablePlus.reg

Tipps, um dein System sicherer zu machen
Halte immer deine Plug-ins und Software, insbesondere deinen Browser aktuell. Deinstalliere wenn möglich Java und den Adobe Flashplayer von deinem Computer. Neuerdings benötigt man sie fast nie mehr und stellen darum nur mehr eine unnötige Sicherheitslücke auf deinem Computer dar. Wenn du sie doch unbedingt benötigst, halte sie aber unbedingt aktuell.

Weiters kannst du dir Malwarebytes Anti-Exploit installieren. Es schützt gegen viele aktuelle Sicherheitslücken und erhöht so deine Sicherheit.

Ändere regelmäßig deine Passwörter! Zudem musst du sichere Passwörter benutzen, das bedeutet: mindestens 8 Zeichen, Groß- und Kleinbuchstaben und Sonderzeichen.
Ganz wichtig: benutze pro Account ein anderes Passwort!
Tipp: Benutze einen Spruch, den du dir leicht merken kannst, als Hilfe für ein Passwort! Zum Beispiel: Der Himmel ist blau und wenn es regnet?-grau ==> DHibuwer?-grau

Unterstütze uns und empfiehl uns weiter

Du kennst Freunde und Bekannte, die Probleme mit ihrem Computer haben? Schick sie doch zu uns auf das Trojaner Board, wir helfen gerne

Wenn du uns mit einer Spende unterstützen möchtest, freuen wir uns sehr und dies kannst du hier tun: http://www.trojaner-board.de/79994-s...ndenkonto.html Herzlichen Dank dafür

Wir machen diese Tätigkeit hier freiwillig, darum freue ich mich besonders über ein kurzes Danke, wenn du mit mir zufrieden warest oder sonst über Verbesserungsvorschläge - das kannst du gerne hier machen

Besuche und like unsere Facebook-Seite!

Danke für deine Mitarbeit und alles Gute!

Bitte gib mir Bescheid, wenn du das alles gelesen hast und du keine weiteren Fragen mehr hast.
--> Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig

Alt 28.11.2016, 17:57   #37
Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig - Standard

Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig

Mein Update-Stand ist ziemlich aktuell, ich habe nachgeschaut (s. Anhänge).
Ich werde also Java wieder installieren und hoffe, es gibt keine Probleme.
Habe ich das Service Pack oder nicht? Wie kann ich das erfahren?
Bin noch nicht fertig!
Werde die beiden Updates und dann Java installieren. Melde mich dann wieder.
Miniaturansicht angehängter Grafiken
-update.jpg   -update2.jpg  

Alt 28.11.2016, 19:01   #38
Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig - Standard

Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig

Habe die beiden updates installiert, so wie auch Java.
Es gibt bislang keine Probleme
Wie kann ich Kaspersky wieder installieren????

Alt 28.11.2016, 20:34   #39
/// Malwareteam
Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig - Standard

Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig

ah ja, sorry, hab das mit dem service pack mit windows vista vertauscht. dein Windows passt schon so

Indem du es von der website herunterlädst und installierst? ...

Unterstütze uns mit einer Spende

Alt 01.12.2016, 15:51   #40
Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig - Standard

Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig

Hier folgen die angekündigten Absturz-Meldungen im Anhang.
Miniaturansicht angehängter Grafiken
-absturz0.jpg   -absturz1.jpg   -absturz2.jpg   -absturz3.jpg  

Alt 01.12.2016, 17:30   #41
/// Malwareteam
Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig - Standard

Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig

bitte schreibe das ganze einfach hier direkt und mir nicht immer mit einer PM, ich sehe auch so, dass du hier geschrieben hast, wenn ich mich einlogge

Bitte lade dir die neuste Version von WhoCrashed auf deinen Computer: WhoCrashed Download
  • Installiere es
  • Starte es als Administrator
  • Klicke oben links auf den Button "Analyze"
  • Scrolle herunter, die Bereiche Crash Dump Analysis und Conclusion bitte ins Forum kopieren

Bitte poste dein Ergebnis zwischen Code-Tags
Wenn ein Log zu lange ist, teile ihn bitte auf mehrere Antworten.


Drücke einfach die # in Antwortfenster und füge den Log dazwischen ein


Alt 01.12.2016, 20:03   #42
Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig - Standard

Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig

Hallo Rafael,
beim Start unserer Problembehandlung schriebst Du, daß ich mich nach 36 Stunden per PM melden solle - wenn das nicht mehr gilt ist es auch ok, dann nur noch hier.
Es folgen die Daten:
Crash Dump Analysis

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Thu 01.12.2016 15:21:17 your computer crashed
crash dump file: C:\Windows\Minidump\120116-48282-01.dmp
This was probably caused by the following module: dxgkrnl.sys (0xFFFFF880052FF8BF) 
Bugcheck code: 0x50 (0xFFFFF901000000F7, 0x0, 0xFFFFF880052FF8BF, 0x5)
file path: C:\Windows\system32\drivers\dxgkrnl.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: DirectX Graphics Kernel
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. 
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time. 

On Thu 01.12.2016 15:21:17 your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: dxgkrnl.sys (dxgkrnl!TdrResetFromTimeout+0x118E3) 
Bugcheck code: 0x50 (0xFFFFF901000000F7, 0x0, 0xFFFFF880052FF8BF, 0x5)
file path: C:\Windows\system32\drivers\dxgkrnl.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: DirectX Graphics Kernel
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. 
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time. 


2 crash dumps have been found and analyzed. No offending third party drivers have been found. Connsider using WhoCrashed Professional which offers more detailed analysis using symbol resolution. Also configuring your system to produce a full memory dump may help you. 

Read the topic general suggestions for troubleshooting system crashes for more information. 

Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
Danke für Deine Geduld

Alt 01.12.2016, 20:36   #43
/// Malwareteam
Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig - Standard

Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig

Also ich würde dich hier mal an die Windows Sektion verweisen, es kann gut sein, dass dein Windows ne Macke hat oder sonstwie dein Computer nen Problemchen hat.

Malware hat hiermit soweit ich das momentan sehe jedenfalls nichts damit zu tun.

Alles Gute!

Alt 01.12.2016, 20:39   #44
Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig - Standard

Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig

Wie soll ich diesen Thread an die Windows Sektion übergeben oder verweisen - bitte das Vorgehen beschreiben, da ich das noch nie gemacht habe.

Alt 01.12.2016, 20:42   #45
/// Malwareteam
Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig - Standard

Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig

Mach einfach ein neues Thema dort, poste das Crash Dump Analysis File von gerade und beschreibe dein Problemchen

Alles rund um Windows - Trojaner-Board

Themen zu Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig
arbeitsspeicher, ausführung, bereit, bildschirm, compu, computer, etliche, gestartet, inter, interne, internet, javaws.exe, kostet, nichts, schaltet, schwarzer, schwarzer bildschirm, versuche, zahlen

Ähnliche Themen: Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig

  1. Infisziert mit Javaws.exe*32
    Plagegeister aller Art und deren Bekämpfung - 30.07.2016 (11)
  2. Wieviel Arbeitsspeicher ist bei Mint Cinnamon3 64Bit bei altem Computer sinnvoll
    Alles rund um Mac OSX & Linux - 07.07.2016 (23)
  3. Javaws.exe*32 öffnet über 6000 Prozesse
    Plagegeister aller Art und deren Bekämpfung - 23.05.2016 (8)
  4. Tausende Prozesse JAVAWS im Taskmanager
    Plagegeister aller Art und deren Bekämpfung - 11.02.2016 (31)
  5. Facebook macht eine Systemfehler Meldung die meinen PC zum sofortigen neustart erzwingt.
    Plagegeister aller Art und deren Bekämpfung - 06.05.2015 (5)
  6. Facebook macht eine Systemfehler Meldung die meinen PC zum sofortigen neustart erzwingt.
    Alles rund um Windows - 03.05.2015 (1)
  7. SVCHOST macht Rechner langsam, belegt bei Internetverbindung für Minuten 100% Arbeitsspeicher
    Log-Analyse und Auswertung - 31.03.2015 (9)
  8. Computer Arbeitsspeicher ausgelastet durch dllhost.exe
    Log-Analyse und Auswertung - 05.08.2014 (2)
  9. COM Surrogate Prozess macht den Arbeitsspeicher voll
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (15)
  10. BKA-Variante "Der computer ist für die Verletzung..." hat meinen Computer befallen!
    Log-Analyse und Auswertung - 15.08.2012 (15)
  11. Computer macht Geräusche
    Log-Analyse und Auswertung - 22.03.2011 (8)
  12. Virus macht meinen Computer immer langsamer!
    Plagegeister aller Art und deren Bekämpfung - 23.02.2011 (3)
  13. Irgendwas macht aus meinen Ordnern Anwendungen
    Plagegeister aller Art und deren Bekämpfung - 18.05.2010 (22)
  14. Macht sich da einer an meinen PC ran ?
    Plagegeister aller Art und deren Bekämpfung - 08.11.2009 (3)
  15. Was frisst meinen Arbeitsspeicher?!
    Plagegeister aller Art und deren Bekämpfung - 26.05.2009 (11)
  16. Wer kontrolliert meinen Computer?
    Mülltonne - 20.12.2008 (0)
  17. Bin verzweifelt Vundo macht meinen PC platt!!!
    Plagegeister aller Art und deren Bekämpfung - 15.01.2008 (2)

Zum Thema Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig - Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code: Alles auswählen Aufklappen ATTFilter - Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig...
Du betrachtest: Javaws.exe zertrümmert meinen Arbeitsspeicher und macht den Computer arbeitsunfähig auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.