Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/CoinMiner.J bei Windows 8.1 lässt sich nicht entfernen. (https://www.trojaner-board.de/167451-tr-coinminer-j-windows-8-1-laesst-entfernen.html)

Tianhe Liu 01.06.2015 04:47
TR/CoinMiner.J bei Windows 8.1 lässt sich nicht entfernen.
 
Hallo. Deutsch ist nicht meine Muttersprache, daher entschuldige ich mich für eventuelle Unklarheiten im Voraus.

Nach der Ausführung einer Installationsdatei (Quelle Internet) meldet Avira TR/CoinMiner.J. Ich konnte zwar die betroffene Datei in die Quarantäne schieben und danach auch löschen, aber das Problem bestand nach jedem Neustart. Die Meldung kam nicht, als ich den PC ohne Internet in Betrieb nahm.

Die Versuche, das Problem selbst mit Malwarebytes und AdwCleaner zu lösen schlugen fehl.

Die benötigten Logfiles sind in dieser Reihenfolge aufgelistet.
-defogger
-FRST64 (FRST)
-FRST64 (Addition)
-Gmer (Problem beim Scann. Fehlermeldung: C:\WINDOWS\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.)
-MBAM (Erster Scann)
-MBAM (Rescann nach Löschen der Funde und Neustart)
-AdwCleaner

defogger
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 04:45 on 01/06/2015 (Tianhe)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST64 (FRST)
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Tianhe (administrator) on TLIU-PC on 01-06-2015 04:48:21
Running from C:\Users\Tianhe\Desktop
Loaded Profiles: Tianhe &  (Available Profiles: Tianhe)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SynptSync64.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [SynAsusGestureAPIMgr] => C:\Program Files\Synaptics\SynTP\SynAsusGestureAPIMgr.exe [736568 2012-09-17] (Synaptics)
HKLM\...\Run: [AsusNewUI] => C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe [1367864 2012-09-17] ()
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-09-17] (Synaptics Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-15] (Logitech Inc.)
HKLM\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-04-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-19] ()
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-08-09] (InstallShield Software Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Atheros Communications)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2888384 2015-05-15] (Valve Corporation)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\Run: [uTorrent] => C:\Users\Tianhe\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\Run: [BaiduYunGuanjia] => D:\Programme (x86)\BaiduYunGuanjia\BaiduYunGuanjia.exe [4646344 2014-08-22] ()
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-08-09] (InstallShield Software Corporation)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-28] (Electronic Arts)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2861104 2015-05-25] (Blizzard Entertainment)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\Run: [iFunBox Fast App Install Handler] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe /tray
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\MountPoints2: {13c25ee8-dae3-11e3-bf23-dc85de75e14e} - "F:\setup.exe"
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2888384 2015-05-15] (Valve Corporation)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\Tianhe\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BaiduYunGuanjia] => D:\Programme (x86)\BaiduYunGuanjia\BaiduYunGuanjia.exe [4646344 2014-08-22] ()
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-08-09] (InstallShield Software Corporation)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-28] (Electronic Arts)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2861104 2015-05-25] (Blizzard Entertainment)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iFunBox Fast App Install Handler] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe /tray
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {13c25ee8-dae3-11e3-bf23-dc85de75e14e} - "F:\setup.exe"
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-25] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Tianhe\AppData\Roaming\Mozilla\Firefox\Profiles\8oKzF9rg.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> D:\Programme (x86)\BaiduYunGuanjia\npYunWebDetect.dll [2014-08-22] (Baidu.com, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll No File
FF Plugin-x32: @show.sina.com.cn/SHOWSSO -> C:\Program Files (x86)\sina\SinaUcChatRoom\npSHOWLoginSSOAxCtrl.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1146134481-3092128511-1725324078-1002: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin HKU\S-1-5-21-1146134481-3092128511-1725324078-1002: ubisoft.com/uplaypc -> D:\Programme (x86)\Tom Clancy`s H.A.W.X. 2\Tom Clancy's H.A.W.X. 2\orbit\npuplaypc.dll No File
FF Plugin HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> D:\Programme (x86)\Tom Clancy`s H.A.W.X. 2\Tom Clancy's H.A.W.X. 2\orbit\npuplaypc.dll No File
FF Extension: Avira Browser Safety - C:\Users\Tianhe\AppData\Roaming\Mozilla\Firefox\Profiles\8oKzF9rg.default\Extensions\abs@avira.com [2015-03-02]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-22]
CHR Extension: (YouTube) - C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-22]
CHR Extension: (Google Search) - C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-22]
CHR Extension: (iCloud Bookmarks) - C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-09-26]
CHR Extension: (AdBlock) - C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-10]
CHR Extension: (Bookmark Manager) - C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-23] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U0 abststwx; C:\Windows\System32\drivers\bnim.sys [79064 2015-06-01] (Malwarebytes Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2014-04-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-04] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-14] (Disc Soft Ltd)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2014-04-23] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [13696 2012-10-04] (ASUSTek Computer Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-17] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 04:48 - 2015-06-01 04:48 - 00028947 _____ () C:\Users\Tianhe\Desktop\FRST.txt
2015-06-01 04:47 - 2015-06-01 04:48 - 00000000 ____D () C:\FRST
2015-06-01 04:46 - 2015-06-01 04:46 - 02108928 _____ (Farbar) C:\Users\Tianhe\Desktop\FRST64.exe
2015-06-01 04:45 - 2015-06-01 04:45 - 00000474 _____ () C:\Users\Tianhe\Desktop\defogger_disable.log
2015-06-01 04:45 - 2015-06-01 04:45 - 00000000 _____ () C:\Users\Tianhe\defogger_reenable
2015-06-01 04:44 - 2015-06-01 04:44 - 00050477 _____ () C:\Users\Tianhe\Desktop\Defogger.exe
2015-06-01 04:43 - 2015-06-01 04:43 - 00000000 ____D () C:\Users\Tianhe\Documents\The Witcher 3
2015-06-01 04:40 - 2015-05-28 05:52 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-06-01 04:38 - 2015-05-28 09:04 - 42719888 _____ () C:\WINDOWS\system32\nvcompiler.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 37741712 _____ () C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 30480528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 22946960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 16185352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 14495448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 13304280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 11830512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 10995528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-06-01 04:38 - 2015-05-28 09:04 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 02599056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435306.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435306.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 01050440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 00982856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 00974480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 00503408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 00407112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-06-01 04:32 - 2015-06-01 04:32 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\bnim.sys
2015-06-01 04:06 - 2015-06-01 04:14 - 00000000 ____D () C:\AdwCleaner
2015-06-01 04:03 - 2015-06-01 04:03 - 02231296 _____ () C:\Users\Tianhe\Desktop\AdwCleaner_4.206.exe
2015-06-01 03:35 - 2015-06-01 04:17 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-01 03:33 - 2015-06-01 03:33 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-01 03:33 - 2015-06-01 03:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-01 03:33 - 2015-06-01 03:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-06-01 03:33 - 2015-06-01 03:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-01 03:33 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-01 03:33 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-01 03:33 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-01 03:25 - 2015-06-01 03:25 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Tianhe\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-01 02:15 - 2015-06-01 02:15 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Origin
2015-05-31 22:56 - 2015-05-31 22:56 - 00000000 ____D () C:\Users\Tianhe\Desktop\[秀人网]美媛馆 2015-04-08 丽莉Lily丶
2015-05-31 21:21 - 2015-05-31 21:22 - 18506455 _____ (WizBrother) C:\Users\Tianhe\Desktop\超次元海王星精华攻略宝典.exe
2015-05-29 12:31 - 2015-05-29 12:34 - 16187468 _____ () C:\Users\Tianhe\Desktop\315.rar
2015-05-29 01:19 - 2015-06-01 04:40 - 00000000 ____D () C:\WINDOWS\LastGood
2015-05-29 01:19 - 2015-06-01 04:39 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-29 01:19 - 2015-04-03 15:21 - 00048784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-05-29 01:19 - 2015-04-03 15:21 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-05-25 15:57 - 2015-05-29 01:37 - 00000000 ____D () C:\Users\Tianhe\AppData\Local\NVIDIA
2015-05-25 15:57 - 2015-05-29 01:19 - 00001399 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-05-25 15:57 - 2015-05-25 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-25 15:57 - 2015-05-23 03:47 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-05-25 15:57 - 2015-05-23 03:47 - 01571696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-05-25 15:57 - 2015-05-23 03:47 - 01320304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-05-25 15:57 - 2015-05-23 03:47 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-05-25 15:56 - 2015-05-25 15:57 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-05-25 15:55 - 2015-05-28 09:04 - 14987528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-05-25 15:55 - 2015-05-28 09:04 - 02986392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-05-25 15:55 - 2015-05-13 08:52 - 00195912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-05-25 15:55 - 2015-05-13 08:52 - 00031552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-05-25 15:55 - 2015-05-12 08:27 - 15048816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\SETD6E5.tmp
2015-05-25 15:55 - 2015-05-12 08:27 - 02971776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\SETB961.tmp
2015-05-25 15:55 - 2015-05-12 08:27 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435286.dll
2015-05-25 15:55 - 2015-05-12 08:27 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435286.dll
2015-05-19 11:42 - 2015-05-22 02:18 - 00000000 ____D () C:\Users\Tianhe\Documents\Windward
2015-05-17 11:20 - 2015-05-17 11:22 - 00000000 ____D () C:\Users\Tianhe\AppData\Roaming\MoreTerra
2015-05-17 11:20 - 2015-05-17 11:20 - 00152543 _____ () C:\Users\Tianhe\Desktop\MoreTerra.zip
2015-05-17 11:20 - 2015-05-17 11:20 - 00000000 ____D () C:\Users\Tianhe\Desktop\MoreTerra
2015-05-13 17:29 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 17:29 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 17:09 - 2015-05-16 02:38 - 00184250 _____ () C:\Users\Tianhe\Desktop\Tap Titans v2.2.2 Online Spreadsheet.xlsx.xlsx
2015-05-13 01:01 - 2015-05-13 01:01 - 00051314 _____ () C:\Users\Tianhe\Desktop\Builder2.6.4.zip
2015-05-12 23:16 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-12 23:16 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-12 23:16 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-12 23:16 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-12 23:16 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-12 23:16 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-12 23:16 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-12 23:16 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-12 23:16 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-12 23:16 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-12 23:16 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-12 23:16 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-12 23:15 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 23:15 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 23:15 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-12 23:15 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-12 23:15 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-12 23:15 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-12 23:15 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-12 23:15 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-12 23:15 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-12 23:15 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-12 23:15 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-12 23:15 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-12 23:15 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-12 23:15 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-12 23:15 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-12 23:15 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-12 23:15 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-12 23:15 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-12 23:15 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-12 23:15 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-12 23:15 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-12 23:15 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-12 23:15 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-12 23:15 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-12 23:15 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-12 23:15 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-12 23:15 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-12 23:15 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-12 23:15 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-12 23:15 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-12 23:15 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-12 23:15 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-12 23:15 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-12 23:15 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-12 23:15 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-12 23:15 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-12 23:15 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-12 23:15 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-12 23:15 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-12 23:15 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-12 23:15 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-12 23:15 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 23:15 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 23:15 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 23:15 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-12 23:15 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 23:15 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-12 23:15 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 23:15 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-12 23:15 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-12 23:15 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-12 23:15 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-12 23:15 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-12 23:15 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-12 23:15 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-12 23:15 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-12 23:15 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-12 23:15 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-12 23:15 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-12 23:15 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-12 23:15 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-12 23:15 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-12 23:15 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-12 23:15 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-12 23:15 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-12 23:15 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 23:15 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-07 00:12 - 2015-05-07 01:46 - 00000000 ____D () C:\Users\Tianhe\Documents\Endless Legend
2015-05-05 14:09 - 2015-05-05 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 04:47 - 2012-12-23 00:41 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-01 04:45 - 2013-11-11 06:23 - 00000000 ____D () C:\Users\Tianhe
2015-06-01 04:45 - 2012-12-22 15:53 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1146134481-3092128511-1725324078-1002
2015-06-01 04:41 - 2013-11-11 06:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-06-01 04:41 - 2013-11-11 06:15 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-06-01 04:41 - 2012-12-22 16:29 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-01 04:40 - 2013-08-22 16:46 - 00342298 _____ () C:\WINDOWS\setupact.log
2015-06-01 04:38 - 2013-11-11 06:16 - 01437616 _____ () C:\WINDOWS\WindowsUpdate.log
2015-06-01 04:38 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-06-01 04:32 - 2014-02-12 14:10 - 00000000 ___HD () C:\WINDOWS\PIF
2015-06-01 04:22 - 2013-09-30 06:14 - 02467344 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-01 04:22 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-06-01 04:22 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-06-01 04:22 - 2012-12-22 18:15 - 00522396 _____ () C:\WINDOWS\system32\prfh0804.dat
2015-06-01 04:22 - 2012-12-22 18:15 - 00165966 _____ () C:\WINDOWS\system32\prfc0804.dat
2015-06-01 04:16 - 2012-12-22 19:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-06-01 04:16 - 2012-12-22 15:47 - 00000401 _____ () C:\Users\Tianhe\AppData\Roaming\sp_data.sys
2015-06-01 04:15 - 2013-11-11 06:44 - 00000000 ___DO () C:\Users\Tianhe\SkyDrive
2015-06-01 04:15 - 2013-09-29 21:04 - 00467704 _____ () C:\WINDOWS\PFRO.log
2015-06-01 04:15 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-06-01 04:15 - 2012-12-22 16:29 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-01 04:14 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-06-01 04:11 - 2012-12-25 05:08 - 00000000 ____D () C:\Users\Tianhe\AppData\Roaming\Orbit
2015-06-01 04:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-06-01 02:47 - 2013-01-18 22:40 - 00000000 ____D () C:\Users\Tianhe\Desktop\Games
2015-06-01 02:41 - 2013-12-22 16:30 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F80EB9B7-B900-415A-8276-36BD2D9568C6}
2015-06-01 02:15 - 2014-12-01 16:42 - 00000000 ____D () C:\ProgramData\Origin
2015-06-01 02:10 - 2012-12-22 19:13 - 00000000 ____D () C:\Users\Tianhe\AppData\Roaming\uTorrent
2015-05-31 12:59 - 2012-12-22 19:10 - 00000000 ____D () C:\Users\Tianhe\AppData\Roaming\vlc
2015-05-30 10:52 - 2013-01-01 01:47 - 02170880 ___SH () C:\Users\Tianhe\Desktop\Thumbs.db
2015-05-29 01:28 - 2013-01-01 01:46 - 00000000 ____D () C:\Users\Tianhe\AppData\Roaming\Skype
2015-05-29 01:11 - 2012-12-26 05:20 - 00000000 ____D () C:\Users\Tianhe\Documents\My Games
2015-05-29 01:11 - 2012-11-12 18:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-28 09:04 - 2013-11-11 06:16 - 00112968 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-05-28 09:04 - 2013-11-11 06:16 - 00105288 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-05-28 09:04 - 2013-09-05 03:37 - 17486856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-05-28 09:04 - 2013-09-05 03:36 - 15864064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-05-28 09:04 - 2013-09-05 03:36 - 12852152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-05-28 09:04 - 2013-09-05 03:36 - 00030966 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-05-28 09:04 - 2013-09-05 03:35 - 03379680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-05-28 06:15 - 2013-11-11 06:16 - 06872904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-05-28 06:15 - 2013-11-11 06:16 - 03491984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-05-28 06:15 - 2013-11-11 06:16 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-05-28 06:15 - 2013-11-11 06:16 - 00937288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-05-28 06:15 - 2013-11-11 06:16 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-05-28 06:15 - 2013-11-11 06:16 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-05-27 12:48 - 2014-05-27 00:57 - 04408727 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-05-26 19:10 - 2012-12-22 19:10 - 00000000 ___RD () C:\Users\Tianhe\Desktop\Application
2015-05-25 15:57 - 2014-04-24 22:53 - 00000000 ____D () C:\Users\Tianhe\AppData\Local\NVIDIA Corporation
2015-05-25 15:57 - 2013-11-11 06:16 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-05-25 15:57 - 2013-11-11 06:15 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-25 15:53 - 2013-08-22 16:44 - 00491904 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-25 15:29 - 2014-04-24 22:37 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-25 15:28 - 2014-10-17 12:08 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-25 15:27 - 2014-10-17 12:08 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-05-25 15:13 - 2013-12-21 14:55 - 00000000 ____D () C:\Users\Tianhe\AppData\Local\Battle.net
2015-05-25 11:43 - 2015-03-06 23:43 - 00000000 ____D () C:\Users\Tianhe\AppData\Roaming\TS3Client
2015-05-25 11:40 - 2013-12-21 14:56 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-05-25 11:34 - 2013-01-23 12:50 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-05-25 11:33 - 2013-12-21 14:55 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-20 15:50 - 2015-04-05 00:11 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-20 15:50 - 2015-04-05 00:11 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-20 15:50 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-16 23:36 - 2012-12-22 16:29 - 00004106 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 23:36 - 2012-12-22 16:29 - 00003870 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 18:12 - 2012-08-17 02:52 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-15 18:01 - 2013-01-01 01:45 - 00000000 ____D () C:\ProgramData\Skype
2015-05-13 18:37 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-13 18:01 - 2013-03-14 03:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 18:01 - 2013-03-14 03:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 17:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-13 17:59 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-13 17:29 - 2013-02-14 22:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 17:28 - 2013-07-24 09:42 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-13 17:23 - 2012-12-22 16:14 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-13 17:22 - 2013-03-14 03:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 17:21 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 08:52 - 2015-01-22 23:46 - 01558848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-05-12 08:27 - 2013-09-05 03:37 - 17540416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\SETB823.tmp
2015-05-12 08:27 - 2013-09-05 03:36 - 15858728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\SETAADF.tmp
2015-05-12 08:27 - 2013-09-05 03:36 - 12849056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\SETC5F9.tmp
2015-05-12 08:27 - 2013-09-05 03:35 - 03363224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\SETA03B.tmp
2015-05-05 19:59 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-05 14:08 - 2015-03-02 18:39 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-05 14:08 - 2015-03-02 18:39 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys

==================== Files in the root of some directories =======

2014-09-22 23:36 - 2014-09-22 23:36 - 1177208 _____ () C:\Users\Tianhe\AppData\Roaming\AndyCleanupTool.exe
2014-09-22 23:36 - 2014-09-22 23:36 - 1176696 _____ () C:\Users\Tianhe\AppData\Roaming\AndyCleanVM.exe
2012-12-22 15:47 - 2015-06-01 04:16 - 0000401 _____ () C:\Users\Tianhe\AppData\Roaming\sp_data.sys
2014-05-16 01:20 - 2014-05-20 12:11 - 0000067 _____ () C:\Users\Tianhe\AppData\Roaming\yyinif.ini
2014-05-15 23:16 - 2014-05-27 01:02 - 0007609 _____ () C:\Users\Tianhe\AppData\Local\Resmon.ResmonCfg
2012-08-17 02:52 - 2012-07-30 08:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-17 02:52 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some files in TEMP:
====================
C:\Users\Tianhe\AppData\Local\Temp\AutoRun.exe
C:\Users\Tianhe\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Tianhe\AppData\Local\Temp\avgnt.exe
C:\Users\Tianhe\AppData\Local\Temp\dl_peer_id.dll
C:\Users\Tianhe\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Tianhe\AppData\Local\Temp\eauninstall.exe
C:\Users\Tianhe\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Tianhe\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Tianhe\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Tianhe\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Tianhe\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe
C:\Users\Tianhe\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Tianhe\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Tianhe\AppData\Local\Temp\nvStInst.exe
C:\Users\Tianhe\AppData\Local\Temp\Quarantine.exe
C:\Users\Tianhe\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tianhe\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Tianhe\AppData\Local\Temp\sqlite3.dll
C:\Users\Tianhe\AppData\Local\Temp\unins000.exe
C:\Users\Tianhe\AppData\Local\Temp\utt12EE.tmp.exe
C:\Users\Tianhe\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Tianhe\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Tianhe\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Tianhe\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Tianhe\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Tianhe\AppData\Local\Temp\Wildstar.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-31 12:31

==================== End of log ============================

Tianhe Liu 01.06.2015 04:48
Weitere Logfiles
 
FRST64 (Addition)
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Tianhe at 2015-06-01 04:50:14
Running from C:\Users\Tianhe\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1146134481-3092128511-1725324078-500 - Administrator - Disabled)
Gast (S-1-5-21-1146134481-3092128511-1725324078-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1146134481-3092128511-1725324078-1007 - Limited - Enabled)
Tianhe (S-1-5-21-1146134481-3092128511-1725324078-1002 - Administrator - Enabled) => C:\Users\Tianhe
UpdatusUser (S-1-5-21-1146134481-3092128511-1725324078-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.8.142.61628 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.8.142.61628 - Alcor Micro Corp.) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Fan Filter Checker (HKLM-x32\...\{2B0E8920-47D0-4F4D-BE03-76397409B837}) (Version: 1.0.0001 - ASUS)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.2 - ASUS)
ASUS Product Demo Movie  (HKLM-x32\...\{DC06C90B-C5BE-42F6-B74D-A9503170998C}) (Version: 1.0.3 - ASUS )
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.019 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.7 - Electronic Arts)
FINAL FANTASY XIII (HKLM-x32\...\Steam App 292120) (Version:  - SQUARE ENIX)
FINAL FANTASY XIII-2 (HKLM-x32\...\Steam App 292140) (Version:  - SQUARE ENIX)
Free YouTube to MP3 Converter version 3.12.44.820 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.44.820 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hyperdimension Neptunia Re Birth1 Update 19.02.2015 (HKLM-x32\...\SHlwZXJkaW1lbnNpb25OZXB0dW5pYVJlQmlydGgx_is1) (Version: 1 - )
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.154 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{D1D37853-0004-3E36-A7AA-74F4EEA35F64}) (Version: 4.5.50930 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (de-DE) (HKLM-x32\...\{955F43D9-38C4-4C22-BEE3-1A6C63F968FA}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-AU) (HKLM-x32\...\{FA19A2B8-9A24-49B0-A51C-CF4A6B4B2B62}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-CA) (HKLM-x32\...\{0C96ED3F-83E2-4917-89DC-7837DC775FEC}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-GB) (HKLM-x32\...\{E0D13850-F97C-4B30-9F05-862299CE8DA5}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-IN) (HKLM-x32\...\{3B06AC90-DE68-44A9-95EB-0A3C1AF1514F}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-US) (HKLM-x32\...\{66D57636-BD4B-402F-9E7D-5E89C28C8136}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (es-ES) (HKLM-x32\...\{5D4A25B6-3A4E-409B-90FA-EDE99E2006B4}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (es-MX) (HKLM-x32\...\{BE94188A-CA4F-4AC7-A1B3-52D37882C30D}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (fr-CA) (HKLM-x32\...\{58DE670F-4977-4A23-9D2E-8C82A2072920}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (fr-FR) (HKLM-x32\...\{4D2DDB98-1FE6-4CFE-BCFD-EFE27FF24FAE}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (it-IT) (HKLM-x32\...\{9267D7E7-5872-4CB1-B4E3-377F4CA272D0}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (ja-JP) (HKLM-x32\...\{A06F3EA5-7C55-4505-8982-534BA05F49BE}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (ko-KR) (HKLM-x32\...\{1D8F6891-9B7F-4F08-A54E-C568D8C33276}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (pt-BR) (HKLM-x32\...\{F6B5EB21-0ABF-487C-B9A9-D9DB259C4403}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (pt-PT) (HKLM-x32\...\{DAFE30C6-C638-4505-9372-2ECD1A1B317C}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (ru-RU) (HKLM-x32\...\{9419B7EA-6A4B-4A57-8E2A-3BDD4676118F}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (zh-CN) (HKLM-x32\...\{BAD2A75A-1708-47BA-A498-20890D2C78A7}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (zh-HK) (HKLM-x32\...\{6BAA03F9-B2E5-40EB-8871-703FF0046E9D}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (zh-TW) (HKLM-x32\...\{28292B72-CF8A-4915-A5F5-07FF1E44C6F5}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{eef338d3-0e4c-4606-8dad-9be8d6a6c0fd}) (Version: latest - ppy Pty Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
SDK Debuggers (x32 Version: 8.100.26629 - Microsoft Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.7 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Tencent QQ (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.75.2739.0 - Tencent Technology (Shenzhen) Company Limited)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Total War: Rome II Additional Depots (HKLM-x32\...\Steam App 243660) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1529.1 - Microsoft Corporation) Hidden
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{25981ccc-475f-4b68-850b-89d3fc287ff1}) (Version: 8.100.26695 - Microsoft Corporation)
Windward (HKLM-x32\...\Steam App 326410) (Version:  - Tasharen Entertainment Inc.)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
百度云管家 (HKLM-x32\...\百度云管家) (Version: 4.8.3 - 百度在线网络技术(北京)有限公司)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1146134481-3092128511-1725324078-1002_Classes\CLSID\{679F137C-3162-45da-BE3C-2F9C3D093F64}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)

==================== Restore Points =========================

20-05-2015 15:48:36 Windows Update
24-05-2015 09:57:01 Installed Sid Meier's Pirates!
25-05-2015 15:36:33 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
25-05-2015 15:37:13 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
29-05-2015 01:08:51 Removed Sid Meier's Pirates!
30-05-2015 18:58:07 Removed Ubisoft Game Launcher

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1285F950-8E20-4FC4-A906-E32CBD3A274E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {3A03913D-43A2-4438-AB9A-57DE6E6CB275} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3D1A0FDC-ECA8-404B-8F30-B37617E3C2C4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {3D69AD54-9AEF-4B7E-9425-5A6C98F87FF9} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-17] (Synaptics Incorporated)
Task: {42B37D42-F1E7-4C6F-888B-0D3F35B94A3B} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1146134481-3092128511-1725324078-1002
Task: {5F5E9F79-83AB-4C54-B91A-5081AD132F8A} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {74F81A3E-3DAD-4145-99AE-8161E0AC6D5A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
Task: {7EB63763-6B27-4315-A098-43CE6C166694} - System32\Tasks\{BFA6F639-ACB2-4340-B75A-AB91ADF38D6D} => pcalua.exe -a "C:\Program Files (x86)\Kamidori Alchemy Meister\神採りアルケミーマイスター\AGE.EXE" -d "C:\Program Files (x86)\Kamidori Alchemy Meister\神採りアルケミーマイスター\"
Task: {81E7176B-BCB6-4223-99ED-D5A843E7E136} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-10-04] (ASUS)
Task: {94801A0E-0FEF-4F34-8CAC-36D97D0BEEB7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {96D2B45F-6B6E-49F4-9336-A53A7C2A662A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {A05AE199-3C5A-452A-A924-871C9F3239E2} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {B7CB8D89-B046-42D0-BEB0-506D5AEE9BF7} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {CBC7D5DD-E8AA-4E29-AC78-A5BCA055562C} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-06-01] () <==== ATTENTION
Task: {D01D50C6-D26C-48B9-AF77-71A95C56A19F} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-09-24] (ASUS)
Task: {F929BC80-E0D9-4283-B233-C4D1444A937B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-22] (Google Inc.)
Task: {FB2D5381-D661-4B9B-B32C-37ABE98EC370} - System32\Tasks\{E2B868AD-4CCE-469E-B3EB-A376D7582B61} => pcalua.exe -a "D:\Programme (x86)\SoftStar\PAL4\仙剑4宽屏&amp;UI修正工具.exe" -d "D:\Programme (x86)\SoftStar\PAL4"
Task: {FDC8B365-3D19-4778-8A4A-1A72217A253F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-22] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-04 16:58 - 2012-10-04 16:58 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-10-04 16:58 - 2012-10-04 16:58 - 00041856 _____ () C:\Program Files\ASUS\P4G\plctrl.dll
2014-09-03 17:45 - 2014-08-22 05:32 - 00253896 _____ () D:\Programme (x86)\BaiduYunGuanjia\YunShellExt64.dll
2013-09-25 04:04 - 2013-09-25 04:04 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-25 04:01 - 2013-09-25 04:01 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-25 04:08 - 2013-09-25 04:08 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2012-10-17 09:41 - 2012-09-17 05:13 - 01367864 _____ () C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe
2012-11-12 18:32 - 2011-09-19 12:40 - 00466944 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2013-11-11 06:16 - 2015-05-28 06:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-25 15:57 - 2015-05-23 03:48 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2012-09-11 16:01 - 2012-09-11 16:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2013-03-12 18:10 - 2015-04-16 19:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 14:02 - 2015-04-23 04:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-05-21 20:49 - 2015-05-15 03:58 - 02396352 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-20 14:02 - 2015-04-23 04:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 14:02 - 2015-04-23 04:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-08-30 14:22 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 14:22 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 14:22 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-30 14:22 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-30 14:22 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2012-12-22 20:27 - 2015-05-15 03:57 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-12-22 20:27 - 2015-05-11 21:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-12 18:23 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-05-25 19:42 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-25 19:42 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Tianhe\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Tianhe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Tianhe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\StartupApproved\Run: => "BaiduYunGuanjia"
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "BaiduYunGuanjia"
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Battle.net"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{E7DB48A8-0F26-48A3-A202-B6B8B29267DF}D:\programme (x86)\baldur's gate - enhanced edition\baldur.exe] => (Allow) D:\programme (x86)\baldur's gate - enhanced edition\baldur.exe
FirewallRules: [TCP Query User{08153326-88F6-4614-B24B-E4EF80DE5A21}D:\programme (x86)\baldur's gate - enhanced edition\baldur.exe] => (Allow) D:\programme (x86)\baldur's gate - enhanced edition\baldur.exe
FirewallRules: [UDP Query User{7C72F0B1-26A4-4B29-A554-B8343466E307}D:\programme (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) D:\programme (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [TCP Query User{BA3608AB-B123-458A-A937-4D17CA851801}D:\programme (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) D:\programme (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{A3A0B27D-5177-441C-90CD-54CD86F7A0C1}D:\programme (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Allow) D:\programme (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe
FirewallRules: [TCP Query User{1E771698-E259-4FF5-954A-B660F5C1F1E6}D:\programme (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Allow) D:\programme (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe
FirewallRules: [{5EB091E5-3AA6-4345-8290-007E30260BDF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{F090ADCE-7AC7-4AA0-A085-CE3BB3ABC258}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [UDP Query User{492EE97D-6288-4C8C-90EF-25968734276D}C:\users\tianhe\appdata\roaming\baidu\baiduyunguanjia\baiduyunguanjia.exe] => (Allow) C:\users\tianhe\appdata\roaming\baidu\baiduyunguanjia\baiduyunguanjia.exe
FirewallRules: [TCP Query User{26CFB700-6C69-4CBD-B0A9-8E8363E3EF19}C:\users\tianhe\appdata\roaming\baidu\baiduyunguanjia\baiduyunguanjia.exe] => (Allow) C:\users\tianhe\appdata\roaming\baidu\baiduyunguanjia\baiduyunguanjia.exe
FirewallRules: [UDP Query User{3407A371-E57E-4C4E-9402-742315512B08}D:\programme (x86)\guild wars 2\gw2.exe] => (Block) D:\programme (x86)\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{A5545523-A00A-4A61-9904-0B95C49FA167}D:\programme (x86)\guild wars 2\gw2.exe] => (Block) D:\programme (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{B863F9E6-1D64-4D9F-B6C2-9918A826A473}D:\programme (x86)\guild wars 2\gw2.exe] => (Allow) D:\programme (x86)\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{2856AF62-367B-4D6C-8DF0-9DAC74DDAC18}D:\programme (x86)\guild wars 2\gw2.exe] => (Allow) D:\programme (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{0FC45BA9-02A9-450A-8DE2-EE74E8F1E947}C:\users\tianhe\appdata\local\temp\gw2.exe] => (Allow) C:\users\tianhe\appdata\local\temp\gw2.exe
FirewallRules: [TCP Query User{D1A26616-BB38-4913-B5D4-398A767C3903}C:\users\tianhe\appdata\local\temp\gw2.exe] => (Allow) C:\users\tianhe\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{7C1D51C0-6AD9-43B1-870E-B2B31C738A89}D:\programme (x86)\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\programme (x86)\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [TCP Query User{BEF7399B-FA25-41A9-BCF6-2EDAA0F16F93}D:\programme (x86)\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\programme (x86)\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [UDP Query User{66E2C251-B0E8-40A5-B58C-08E7C6E0EA62}D:\programme (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing_x64.exe] => (Allow) D:\programme (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing_x64.exe
FirewallRules: [TCP Query User{98529EF9-CC3E-4276-8F26-3BD635C58CB2}D:\programme (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing_x64.exe] => (Allow) D:\programme (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing_x64.exe
FirewallRules: [{89A24DA9-6D6D-487E-A648-59FF7196959E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{EADA56C8-34E3-456D-831B-99D28B35D804}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [UDP Query User{74541B50-AB59-4A5E-A7B7-E80F642B8C67}C:\program files (x86)\bioware\mass effect 2\binaries\masseffect2.exe] => (Allow) C:\program files (x86)\bioware\mass effect 2\binaries\masseffect2.exe
FirewallRules: [TCP Query User{82991A83-7DA6-445A-ABCD-B9437DE5375D}C:\program files (x86)\bioware\mass effect 2\binaries\masseffect2.exe] => (Allow) C:\program files (x86)\bioware\mass effect 2\binaries\masseffect2.exe
FirewallRules: [UDP Query User{6045C1AF-9982-4EFE-9A79-26403EA3AF6A}C:\program files (x86)\orbitdownloader\orbitdm.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitdm.exe
FirewallRules: [TCP Query User{E0DDF100-A288-4736-B814-BFF311EA53C1}C:\program files (x86)\orbitdownloader\orbitdm.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitdm.exe
FirewallRules: [UDP Query User{40F0ADFD-5AD9-4E18-BFAD-8A234D0F4B52}C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe] => (Allow) C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe
FirewallRules: [TCP Query User{C2AAF51F-56A5-4665-A6AA-61478419084E}C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe] => (Allow) C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe
FirewallRules: [UDP Query User{B9124A5C-7D00-4823-BC91-5DC7D0E0E9EA}C:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe] => (Allow) C:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe
FirewallRules: [TCP Query User{D61B79D8-47C5-410C-9884-6BE842405069}C:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe] => (Allow) C:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe
FirewallRules: [{AF941968-814F-4B18-930B-72FF7AC8F4EE}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{37C44140-966B-487F-AE3B-AECF7D2903FF}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{0ADDB954-DD9E-4F3F-8D89-C36A55F1FBF2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{5B73899B-DBCD-49C2-A533-ABAD4C8D9572}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{03864AB7-CF8C-443B-9D23-681B53A07191}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0C1A616C-EAFD-46D0-9F75-24BE27E45F15}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CA20DFE4-A7CA-4381-8DA7-9EE237058159}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [UDP Query User{2DCDD0BE-FEA0-4704-8926-68DCB1F546B0}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [TCP Query User{19D6AD9D-1131-4D2B-83CB-7D4BB5344855}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [UDP Query User{9842C42E-7BA3-49C6-8CD5-E90D8E867501}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [TCP Query User{5865580E-2380-41F3-B0A2-C5D97B80A628}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [{4A0358EB-8021-4B18-BDDA-BF7693F9B387}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{2B89E3EC-BC77-4BAA-B3AD-B4B3254EA4F0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [UDP Query User{E1A7CF22-B09A-4F2C-A944-DB480C9B1CDC}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Block) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{A7B52CFF-7F7A-4AF1-AC65-5F1765A89901}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Block) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{9401B562-C90B-46B1-9CFB-DB2EAFF5070A}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [TCP Query User{FEF1BF43-77B5-4C5C-AA56-CCDDF3D553BE}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [{D373A6A1-402C-44D2-8B61-71AF2BB21931}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{FC66D16B-681F-4F99-886C-FCB0FCEC70B8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{A28473B4-AE27-4289-A2FD-1AD86EC2FCC9}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\txupd.exe
FirewallRules: [{402406AC-8853-4E32-8B1F-F7D4736E6C31}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\txupd.exe
FirewallRules: [{E331DDF4-C10A-476C-A61B-B9DD6F342EB5}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\auclt.exe
FirewallRules: [{6ADC49E9-9843-460E-AC0B-0DAFA11F4381}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\auclt.exe
FirewallRules: [{75B54D02-A932-4207-9F8A-FFE4B2FA3284}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{747C465F-A2F3-4FE3-BBEB-9F1EE6C1D15D}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [UDP Query User{6D243F2C-53C0-4F6B-BE86-B5BCA943B23F}C:\program files (x86)\activision\call of duty black ops ii\t6sp.exe] => (Allow) C:\program files (x86)\activision\call of duty black ops ii\t6sp.exe
FirewallRules: [TCP Query User{76459709-D2E9-410E-B889-1B604D6DBAE0}C:\program files (x86)\activision\call of duty black ops ii\t6sp.exe] => (Allow) C:\program files (x86)\activision\call of duty black ops ii\t6sp.exe
FirewallRules: [UDP Query User{936E6352-A0A0-4FCF-9D16-4994EADA8A36}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{AA35696B-C0C8-400F-846E-C8E22761528B}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E615415E-1C85-4FBF-9D97-048CDF8AEB73}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{8EF44A01-8594-4258-AD5E-E69A582818BF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [UDP Query User{03A37720-6A3C-4B58-8481-42678E5FB9F1}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [TCP Query User{AC82BBF5-198C-470F-BA43-53318333EDBA}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [{1F3CF3E0-A8DC-4AEA-961B-5AA1328C8691}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{ACB4366E-F8B0-4B07-B543-FBA11FDEF030}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{3B3EA4F9-94CB-454F-8012-3EFD20D2F7E2}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{9C083526-FDE9-47FD-AC96-5048ABFFC378}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe
FirewallRules: [TCP Query User{D8B04B88-0BF4-4DD7-B7A3-190B82D4A33D}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe
FirewallRules: [{5EA46C0B-F550-4411-A1B4-E8C71EDEA7D5}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{486D306F-58DC-4A07-A40E-3E68EE905EA7}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [UDP Query User{BA452A7A-C587-4ACE-BCCE-DAAC8366A30C}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe
FirewallRules: [TCP Query User{99E7CC8A-9976-4814-825D-5D897543316B}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe
FirewallRules: [{C19994ED-708C-4050-A9BF-7A7230095B8F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{C5CB9D3C-D45E-4E7E-B24E-16724B71D3DA}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{601CE243-9249-4B19-9251-0349CCD06460}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{B32D2D9C-10C4-41F8-878E-C60CE359010F}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{0F2E59DD-DF47-482A-86D4-7738E41FFE69}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{C2D74735-0276-4C99-B596-C791603E0110}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{D10ED157-5E81-4861-A134-EF4D88978FA8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{91430179-2F43-4B3A-8057-8F172CD3379B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{389B9760-4B95-45D7-805A-9EB811014356}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{98625F50-C49D-410F-A355-B3F9B4699C65}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CC9CBFDA-4923-403A-AC86-FCE400970737}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FE2854C2-D11F-47BF-9BAA-16295FF69F8D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{722784BA-3D90-4885-821D-A0B8CD1FAB71}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C7D09CE9-79EF-4A86-946E-FA01ABAFD406}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{51BF7BBA-2131-41E2-B462-704BBDD47C4B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{71C9984F-2875-4123-9D7F-1BC143DF1255}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{40CC44CB-D409-4A87-9793-85D347B8C36F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{4DAC90F5-E77D-4601-B7CF-34D5ACF87189}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{D7E89D3A-4AAD-4931-B64D-66A149FE6386}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{A60C517B-B392-4EBC-ABF4-3BCFAB10AACD}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [TCP Query User{053C36C0-E856-4C57-9D38-5788101D3377}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [UDP Query User{5E01975B-0817-4D04-B49E-17FFCE87E462}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [TCP Query User{118D95EC-D94F-45D3-969E-28C7537958B1}D:\programme (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe] => (Allow) D:\programme (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{4250445D-454D-4CD7-A315-542BE89F8A7A}D:\programme (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe] => (Allow) D:\programme (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe
FirewallRules: [{474E606F-4085-4A66-BDA7-E9FE9757292E}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\ThunderMPServer.exe
FirewallRules: [{B4884F87-F3EA-4177-801B-E016E9BEFCB7}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\ThunderMPServer.exe
FirewallRules: [{5EC4E867-4EEC-46BD-B22B-2C7B21B2071D}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\Program\XMP.exe
FirewallRules: [{427B981C-4893-4246-9E97-B71385DA213F}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\Program\XMP.exe
FirewallRules: [{66ADD135-959B-47BE-AE41-88869B7CC03A}] => (Allow) C:\Users\Public\Thunder Network\XMP4\Core\Program\xmp.exe
FirewallRules: [{14FDF14C-4D8C-4532-8139-5F2289A335F5}] => (Allow) C:\Users\Public\Thunder Network\XMP4\Core\Program\xmp.exe
FirewallRules: [{0FE5F40A-2A39-4EB2-97A4-E1A5AD726328}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{0751035F-99A5-4FF1-A5F3-A30B27EFF4B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{23B3CB30-BBED-48BB-90D6-5E62DC3AB13B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{24195E8E-B4C4-44BF-BC30-225CF1EEE1B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{10DD7F58-143E-44F7-AE3D-69E5DC1C812E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{D490D15A-2544-4D8E-89FA-796353E53CF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{5272367E-66E8-4CDC-AF87-B7041DCB872E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{F0AB0C16-70CA-4864-98E8-08DB94C8EFA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{CE0E9AF2-E44D-4239-88D2-95C1F59BC88B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A5A28E60-A050-4967-8DD0-F2C15CA4CC10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{3A0E5C5E-D805-4F95-89AB-97E7C751FA8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{1FD40C38-AB8D-447C-AE12-0E1824950A9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{ED9F3C35-B827-47AE-B9E6-DBC73088AE93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{88B0B217-9DEC-42B0-83E8-96C8E114BFD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{05FAABD2-4617-4829-87AF-2A957059519A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{903B4285-7F2B-4CCC-B414-F89E88EFF3D4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{D74EC4AE-5CB1-4989-8FBB-72DB91E62B8F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A27E3449-BCF2-4FED-98AA-AE2C8061C1AC}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{FD3C13B8-1859-4CA6-B11D-206708B097E4}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{FB56996E-B3C9-4143-9727-2C5993A95AAD}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{65414A55-6914-45EC-8B3C-55EA35E169D8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{1B4E6B46-AC5A-43DE-9010-388A05E3F3D2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{B95CDB8B-46C3-489E-9ED4-0E114684DA1C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{E1F1A289-6165-4433-BB0B-E910C08A0751}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [TCP Query User{3D757F42-EA04-4AC8-8FDA-BF185AAB00D7}C:\program files (x86)\hearthstone\hearthstone.exe] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{412B1D81-B2BD-4F14-B81A-8DDBB34660DC}C:\program files (x86)\hearthstone\hearthstone.exe] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{EB809F3C-5699-4E40-AEFE-F979069CDDAA}D:\programme (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) D:\programme (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [UDP Query User{A7EC7228-8288-4AE8-9A4C-A0E9A0E0F151}D:\programme (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) D:\programme (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{E6E4E62F-0BC6-4A74-AFF1-5745D3F9C7FC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{36D8F1F1-DF17-4C87-95B4-6351A52C4E0A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{7A17B5E9-BCC2-469F-98A4-CD080AD73761}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{073F2C73-C03B-4504-A7CE-B2118ED8B314}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{F22EDB14-146E-42E9-A986-B0B791717989}] => (Allow) LPort=7777
FirewallRules: [{FCE4D309-F056-45B6-A864-74BC77334DEF}] => (Allow) LPort=7777
FirewallRules: [{743348B0-9EA8-429B-BB7C-0485CD4AA3EB}] => (Allow) C:\Users\Tianhe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{73321C9C-372C-4B5F-B011-558BCB06442E}] => (Allow) C:\Users\Tianhe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EF95425A-328D-467F-9606-CE580F9FD245}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{D1D1D9C7-FCA7-4544-B368-31D7C6B81E1A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{A4C4D460-9BD4-4BA7-92FD-4EB4017DDE4B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{427C00A8-4637-4258-9097-A312600AFE32}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{919CB23C-53D9-4D53-8F93-E5DD6018C9F1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{1313DBA0-B575-4156-981B-97CB4B67906C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [TCP Query User{036E6480-B08D-408E-8F19-6814F348F6D1}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [UDP Query User{54652FC8-DCC1-4C99-800E-903EDF513253}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{3061F54A-37AB-4083-AA54-6F6A4D0E2614}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{0DA75F02-6959-45B7-8F6D-A6672107EED4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{E2AD832B-0CF2-42B6-89B3-DDD5B77E0F97}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{18FDD5B6-6C9B-4679-9896-0DB573D50B57}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{25981E6B-8827-4FEB-B456-956389F69C96}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{D0D12EE4-CC0F-49FF-9CF2-1BCBB0917528}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{6384A984-4525-4297-9D03-68028AEA964A}] => (Allow) C:\Users\Tianhe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D9C94297-83C0-4248-8656-B376C7D1684F}] => (Allow) C:\Users\Tianhe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{06419AF3-5244-4007-BE70-B77694A18F15}D:\program files (x86)\hawx 2\hawx2_dx11.exe] => (Allow) D:\program files (x86)\hawx 2\hawx2_dx11.exe
FirewallRules: [UDP Query User{16B7C75B-9FD3-4B21-A65B-0E5C220E61C5}D:\program files (x86)\hawx 2\hawx2_dx11.exe] => (Allow) D:\program files (x86)\hawx 2\hawx2_dx11.exe
FirewallRules: [TCP Query User{7094A8CD-E690-45D1-B3FE-7A6A6103F1CB}D:\programme (x86)\hawx 2\hawx2_dx11.exe] => (Allow) D:\programme (x86)\hawx 2\hawx2_dx11.exe
FirewallRules: [UDP Query User{2D847612-1209-48C7-9352-C796B59051B2}D:\programme (x86)\hawx 2\hawx2_dx11.exe] => (Allow) D:\programme (x86)\hawx 2\hawx2_dx11.exe
FirewallRules: [{F45C25F8-DA06-4929-8A4E-D3C0480E31B2}] => (Allow) D:\Programme (x86)\Age of Wonders III\AoW3.exe
FirewallRules: [{1BF47544-BC7D-4481-B4F5-C8FF2A82A4ED}] => (Allow) D:\Programme (x86)\Age of Wonders III\AoW3_Debug.exe
FirewallRules: [{7314067D-0338-4F88-97BC-C85BDB7029AE}] => (Allow) D:\Programme (x86)\Age of Wonders III\AoW3Launcher.exe
FirewallRules: [TCP Query User{6C04B06E-6868-492D-84F4-EC1A19A78ED8}D:\programme (x86)\resident evil 6\bh6.exe] => (Allow) D:\programme (x86)\resident evil 6\bh6.exe
FirewallRules: [UDP Query User{AC257D48-F896-4D36-8788-F162B6F06959}D:\programme (x86)\resident evil 6\bh6.exe] => (Allow) D:\programme (x86)\resident evil 6\bh6.exe
FirewallRules: [{4D9CF5CB-6278-43BD-9707-32C8335FD50B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{660E54E7-6034-4872-BAAC-84D2420E3B66}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{B7944765-A628-42DB-85D2-25320C0C4978}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{48AFC7E9-DF95-458D-8BA3-61D6BFB58615}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{FCE3F0A2-AC51-49CB-8099-AF13CFBFDE6A}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\Game Dev Tycoon\GameDevTycoon.exe
FirewallRules: [{70B16E74-1D10-498D-B96A-075AFC41964E}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\Game Dev Tycoon\GameDevTycoon.exe
FirewallRules: [{6D18D4FF-8905-4F48-A804-FAD9EEBA4FB5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{09B4125B-F5EB-4291-9D61-77C4EBA30834}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{5282B2F6-464E-432E-BFCD-B809547FD85B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CC004272-256D-4CB1-B39D-3243542973B1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{47EB16B1-591C-48F4-B33B-B602F2D149C7}D:\programme (x86)\divinity - original sin\shipping\eocapp.exe] => (Allow) D:\programme (x86)\divinity - original sin\shipping\eocapp.exe
FirewallRules: [UDP Query User{8A0C27DC-13FD-4BD7-B93F-FB5933803387}D:\programme (x86)\divinity - original sin\shipping\eocapp.exe] => (Allow) D:\programme (x86)\divinity - original sin\shipping\eocapp.exe
FirewallRules: [{420016A9-8193-4989-BFAB-58D5CF7D0E86}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{43F96B43-33C0-4919-A46F-3AD038E2EE44}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{43F5A880-5C8A-4938-91C7-B6C4CDA6D19F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{030DFBFE-C018-45DF-9C66-91407CE1739D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D22C5838-7748-41E7-9390-D22420BE10EC}] => (Allow) D:\Programme (x86)\Diablo III\Diablo III.exe
FirewallRules: [{DE409A11-A2CC-4E56-9764-7F4289FC2F73}] => (Allow) D:\Programme (x86)\Diablo III\Diablo III.exe
FirewallRules: [{F1A78F0C-DB28-41A0-B364-DA10983E5FA6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{234CB540-1BE1-489E-9274-01EB822C1F2E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [TCP Query User{52EAA764-B746-41B7-94EB-FFDDD4890AA6}D:\programme (x86)\baiduyunguanjia\baiduyunguanjia.exe] => (Allow) D:\programme (x86)\baiduyunguanjia\baiduyunguanjia.exe
FirewallRules: [UDP Query User{A1FA865D-E1C7-424D-9FD4-0E13ADD21469}D:\programme (x86)\baiduyunguanjia\baiduyunguanjia.exe] => (Allow) D:\programme (x86)\baiduyunguanjia\baiduyunguanjia.exe
FirewallRules: [{95604C83-9B66-4D4B-8268-D678E37A2217}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{B0692533-EECE-4C0A-9A41-B891D5A9B92B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [TCP Query User{459AB0F4-C5ED-4CF3-8744-34FE10A901FA}D:\programme (x86)\baiduyunguanjia\baiduyunguanjia.exe] => (Block) D:\programme (x86)\baiduyunguanjia\baiduyunguanjia.exe
FirewallRules: [UDP Query User{4560853E-EF02-4BBC-B120-FE1B9D5A7586}D:\programme (x86)\baiduyunguanjia\baiduyunguanjia.exe] => (Block) D:\programme (x86)\baiduyunguanjia\baiduyunguanjia.exe
FirewallRules: [TCP Query User{0C77D128-9738-41D6-84C2-B4C435327AC4}C:\programdata\battle.net\agent\agent.3323\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3323\agent.exe
FirewallRules: [UDP Query User{3D11FF2C-CF1C-4E3E-BE67-89B6EFCE97EC}C:\programdata\battle.net\agent\agent.3323\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3323\agent.exe
FirewallRules: [{302F3D40-B156-4B43-A023-3E46AC452A88}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{74D705F7-91E8-433B-8070-DCA56083DC7C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [TCP Query User{E560D41C-1507-46EE-AFA1-FB984675F6A2}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
FirewallRules: [UDP Query User{DBBB1DD0-F139-4ED3-9263-26C21C2081B7}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
FirewallRules: [{D9BEB3E0-DC84-44AC-8531-6C797BCD05DA}] => (Block) C:\program files\andy\andy.exe
FirewallRules: [{CFC8F042-496C-4192-90C2-B08AF7DA6341}] => (Block) C:\program files\andy\andy.exe
FirewallRules: [{C5FEAA45-0DD0-4577-9CB8-A64C56491735}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{EE30CBCF-841A-40AB-B9D2-0EDF74CCA2BE}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{814D926A-B9B4-4010-88F5-E7A73B606B84}] => (Allow) C:\Program Files (x86)\sina\SinaUcChatRoom\Container.exe
FirewallRules: [TCP Query User{F6C03E21-87D9-424F-836A-F8D67F21D9B8}D:\program files\guagua\guagua\ggchat.exe] => (Allow) D:\program files\guagua\guagua\ggchat.exe
FirewallRules: [UDP Query User{46131512-9A6D-4501-AB5B-664F43EA646D}D:\program files\guagua\guagua\ggchat.exe] => (Allow) D:\program files\guagua\guagua\ggchat.exe
FirewallRules: [{21149BDB-AB41-4725-9BCB-3692420F8DBA}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\FINAL FANTASY XIII\FFXiiiLauncher.exe
FirewallRules: [{4EEE165C-8A32-4D0B-B370-01D2F987612A}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\FINAL FANTASY XIII\FFXiiiLauncher.exe
FirewallRules: [{970752B2-4503-4A42-B3BC-44109D458C22}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{A5F946E9-7405-4DB7-A8F4-43A5762D30DE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{BDAF4113-B361-4FBC-B11E-DDE4D250D648}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{530903C9-F2E7-4B97-B870-68D8578D5100}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{906DA12C-FD51-4CAE-98E6-E2FBFA1E6E52}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{0AECE47B-2D22-4A1D-8940-FB890FAC997F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{C691AB06-69A5-4E37-A90A-22BB8D4906D3}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{03C2DF30-C8FD-44CE-8E9C-02E4F9F2F6B2}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{4A2D13D0-EE98-4F99-BAE1-A6F767461FD6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{BFC1F8E4-0009-4FC8-A045-6F2BD7A9E1BF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{9D2EE201-AA61-41A1-A5F6-ABC906193072}D:\programme (x86)\heroes of the storm\versions\base32524\heroesofthestorm.exe] => (Allow) D:\programme (x86)\heroes of the storm\versions\base32524\heroesofthestorm.exe
FirewallRules: [UDP Query User{AF133E74-0D02-4D42-8742-97BE3D8D7382}D:\programme (x86)\heroes of the storm\versions\base32524\heroesofthestorm.exe] => (Allow) D:\programme (x86)\heroes of the storm\versions\base32524\heroesofthestorm.exe
FirewallRules: [TCP Query User{8F8CC45C-664D-4395-90AB-31460912F113}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{4D9DB183-524E-49D2-AAC5-2E1737B27A4B}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{455CA33C-44EB-4102-ACDC-DD5C082E6F92}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{1246B766-E21A-4B2F-A77D-684C29C07499}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{FBA54B4C-D401-4699-88AE-00DFA44B05A8}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{822D0DE3-7918-448E-A11C-8F6F0CC6EE63}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{B13C7003-8A04-45EB-B375-AEBCCC465D5F}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\FINAL FANTASY XIII-2\FFXiii2Launcher.exe
FirewallRules: [{C3D293DB-72D4-4857-BD81-176D6F97B216}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\FINAL FANTASY XIII-2\FFXiii2Launcher.exe
FirewallRules: [{F47CE7B9-AEE6-4032-B628-1E7E71B694F3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{6D1F21D5-8AEC-4749-88BA-B59E57C87B31}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{706B8254-FA04-4257-97C6-B68E46B43603}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{64580712-D370-4443-B52C-1CED28EDBF2D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{2456FBB2-235B-4E6A-9A89-D9C775DF176D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{64FE81A9-D02E-4B52-90CE-CD74051E7F5A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{D559051B-47C5-4903-9E5B-C40D2C909E2B}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{B238534F-64DA-4EE8-BD72-A3FF2BA22B0A}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [TCP Query User{418CC587-D761-4205-B5F8-7A82DFD9C234}D:\programme (x86)\ea games\need for speed most wanted\nfs13.exe] => (Allow) D:\programme (x86)\ea games\need for speed most wanted\nfs13.exe
FirewallRules: [UDP Query User{F59E5FC0-DF52-4599-AC0F-B12D160E6580}D:\programme (x86)\ea games\need for speed most wanted\nfs13.exe] => (Allow) D:\programme (x86)\ea games\need for speed most wanted\nfs13.exe
FirewallRules: [TCP Query User{0ADFABE1-4D69-444C-BB52-FB436E820652}D:\programme (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe] => (Allow) D:\programme (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{8967B2ED-E2C7-4E92-9614-EF8415DA69DD}D:\programme (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe] => (Allow) D:\programme (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe
FirewallRules: [{4F4A0D6A-6CF9-413C-A6B8-156C5B1E911F}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A6F9B439-C0B4-4DC2-B7E3-916CD6C8733E}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{75FE1FB6-CEDD-48E8-ABD5-F1CDE6191E82}] => (Allow) D:\Programme (x86)\Origin\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{4F6EDCE6-91C4-4FE2-B868-163E06C89288}] => (Allow) D:\Programme (x86)\Origin\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{E24EE1FC-E2E9-40E3-84A6-0F87C9B60955}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{6D7CEF3F-709A-4C12-835D-44A9051DB648}C:\users\tianhe\appdata\local\temp\i1429097395\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\tianhe\appdata\local\temp\i1429097395\windows\resource\jre\bin\javaw.exe
FirewallRules: [UDP Query User{A19EDAF5-7533-4A34-BDF2-8064772D1BF0}C:\users\tianhe\appdata\local\temp\i1429097395\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\tianhe\appdata\local\temp\i1429097395\windows\resource\jre\bin\javaw.exe
FirewallRules: [TCP Query User{C17BEFC7-DF56-4749-8B58-639379C4A408}C:\users\tianhe\appdata\local\temp\i1429097620\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\tianhe\appdata\local\temp\i1429097620\windows\resource\jre\bin\javaw.exe
FirewallRules: [UDP Query User{BCF4583A-7FB4-49EF-B501-A2354137DF64}C:\users\tianhe\appdata\local\temp\i1429097620\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\tianhe\appdata\local\temp\i1429097620\windows\resource\jre\bin\javaw.exe
FirewallRules: [TCP Query User{E280E7CB-0A80-4E10-A7D5-338B956FDB72}C:\users\tianhe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tianhe\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{0F4D6AA3-5854-4BB5-AF50-AE0F719A9057}C:\users\tianhe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tianhe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0A599482-B8AF-4CCB-83E0-0DAE95BFDF40}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{41350F3F-4781-49E3-B1E7-2FF4E4FB59F2}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{0127563B-2B5F-4C4A-B7FF-33455FBB8EF6}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\Terraria\TerrariaServer.exe
FirewallRules: [{EA8F5E92-5073-4E0B-825F-120E752173F1}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\Terraria\TerrariaServer.exe
FirewallRules: [{1A21F7F6-3499-4335-8487-2FD55ECC802D}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\Terraria\TerrariaServer.exe
FirewallRules: [{EA997ECC-886E-4595-947D-BED89ACCEDF7}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\Terraria\TerrariaServer.exe
FirewallRules: [TCP Query User{A9489525-82FA-43A1-8C36-938FEEBBA620}H:\game\windward.update.17.05.2015\windward.update.17.05.2015\windward.exe] => (Allow) H:\game\windward.update.17.05.2015\windward.update.17.05.2015\windward.exe
FirewallRules: [UDP Query User{D55CCCE2-A62D-4DEF-841C-46ED3737D774}H:\game\windward.update.17.05.2015\windward.update.17.05.2015\windward.exe] => (Allow) H:\game\windward.update.17.05.2015\windward.update.17.05.2015\windward.exe
FirewallRules: [{154DDB53-C444-495A-AA8F-233C453671A0}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\Windward\Windward.exe
FirewallRules: [{44387D72-4F4C-4913-8E3E-ACA0D00E39A4}] => (Allow) D:\Programme (x86)\Steam\SteamApps\common\Windward\Windward.exe
FirewallRules: [TCP Query User{E8018BC8-1F9C-40DF-81FA-011AEEBE2874}D:\programme (x86)\steam\steamapps\common\windward\wwserver.exe] => (Allow) D:\programme (x86)\steam\steamapps\common\windward\wwserver.exe
FirewallRules: [UDP Query User{2D9B2E6B-67F8-45F8-A328-E1E46B7C3CEE}D:\programme (x86)\steam\steamapps\common\windward\wwserver.exe] => (Allow) D:\programme (x86)\steam\steamapps\common\windward\wwserver.exe
FirewallRules: [{FCA7D7DE-95F8-4350-8AC0-E50A981C026B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{571F3805-783E-4482-95FE-D20C420B0A80}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{30ADB298-CF7F-420B-B08E-0702B7C8F597}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{768C12D0-F585-4DA4-9EE4-97AF568FE34C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{25ABB6B6-114B-4367-B5D8-C2F8039955C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1E95D996-1B59-4350-8710-78177E6F67A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0B0C57F0-3D0D-4353-B1CB-70855DE26640}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{2754E6BD-A6AA-41A5-B170-BBB3FA07AF20}D:\programme (x86)\tom clancy`s h.a.w.x. 2\tom clancy's h.a.w.x. 2\hawx2_dx11.exe] => (Block) D:\programme (x86)\tom clancy`s h.a.w.x. 2\tom clancy's h.a.w.x. 2\hawx2_dx11.exe
FirewallRules: [UDP Query User{0C2C1AA8-E37A-4227-8D41-CB5E2AB00236}D:\programme (x86)\tom clancy`s h.a.w.x. 2\tom clancy's h.a.w.x. 2\hawx2_dx11.exe] => (Block) D:\programme (x86)\tom clancy`s h.a.w.x. 2\tom clancy's h.a.w.x. 2\hawx2_dx11.exe
StandardProfile\AuthorizedApplications: [C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe] => Enabled:NEXON_EU_Downloader_Engine.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2015 06:59:11 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volumeschattenkopie-Dienstfehler: Volume bzw. Datenträger ist nicht richtig angeschlossen oder wurde nicht gefunden.
Fehlerkontext: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 00000000000001B0,0x00530194,0000000000000000,0,00000049B1860080,4096,[0]).


Vorgang:
  Schattenkopien abfragen

Error: (05/29/2015 00:17:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AkibaUU.exe, Version: 1.0.0.0, Zeitstempel: 0x5552a52e
Name des fehlerhaften Moduls: AkibaUU.exe, Version: 1.0.0.0, Zeitstempel: 0x5552a52e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0015a954
ID des fehlerhaften Prozesses: 0x18f4
Startzeit der fehlerhaften Anwendung: 0xAkibaUU.exe0
Pfad der fehlerhaften Anwendung: AkibaUU.exe1
Pfad des fehlerhaften Moduls: AkibaUU.exe2
Berichtskennung: AkibaUU.exe3
Vollständiger Name des fehlerhaften Pakets: AkibaUU.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AkibaUU.exe5

Error: (05/27/2015 01:55:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AkibaUU.exe, Version: 1.0.0.0, Zeitstempel: 0x5552a52e
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504ade
Ausnahmecode: 0x0000087a
Fehleroffset: 0x00014598
ID des fehlerhaften Prozesses: 0x118
Startzeit der fehlerhaften Anwendung: 0xAkibaUU.exe0
Pfad der fehlerhaften Anwendung: AkibaUU.exe1
Pfad des fehlerhaften Moduls: AkibaUU.exe2
Berichtskennung: AkibaUU.exe3
Vollständiger Name des fehlerhaften Pakets: AkibaUU.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AkibaUU.exe5

Error: (05/27/2015 01:53:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AkibaUU.exe, Version: 1.0.0.0, Zeitstempel: 0x5552a52e
Name des fehlerhaften Moduls: AkibaUU.exe, Version: 1.0.0.0, Zeitstempel: 0x5552a52e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0015a954
ID des fehlerhaften Prozesses: 0x1c98
Startzeit der fehlerhaften Anwendung: 0xAkibaUU.exe0
Pfad der fehlerhaften Anwendung: AkibaUU.exe1
Pfad des fehlerhaften Moduls: AkibaUU.exe2
Berichtskennung: AkibaUU.exe3
Vollständiger Name des fehlerhaften Pakets: AkibaUU.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AkibaUU.exe5

Error: (05/25/2015 03:56:37 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (05/24/2015 10:44:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Pirates!.exe, Version: 1.0.2.0, Zeitstempel: 0x42cbfe3f
Name des fehlerhaften Moduls: Pirates!.exe, Version: 1.0.2.0, Zeitstempel: 0x42cbfe3f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001d0763
ID des fehlerhaften Prozesses: 0xa44
Startzeit der fehlerhaften Anwendung: 0xPirates!.exe0
Pfad der fehlerhaften Anwendung: Pirates!.exe1
Pfad des fehlerhaften Moduls: Pirates!.exe2
Berichtskennung: Pirates!.exe3
Vollständiger Name des fehlerhaften Pakets: Pirates!.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Pirates!.exe5

Error: (05/21/2015 08:09:13 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database

Error: (05/20/2015 05:33:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Windward.exe, Version: 4.5.5.37569, Zeitstempel: 0x5434f29e
Name des fehlerhaften Moduls: Windward.exe, Version: 4.5.5.37569, Zeitstempel: 0x5434f29e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003321e
ID des fehlerhaften Prozesses: 0x1404
Startzeit der fehlerhaften Anwendung: 0xWindward.exe0
Pfad der fehlerhaften Anwendung: Windward.exe1
Pfad des fehlerhaften Moduls: Windward.exe2
Berichtskennung: Windward.exe3
Vollständiger Name des fehlerhaften Pakets: Windward.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Windward.exe5

Error: (05/20/2015 09:19:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Windward.exe, Version: 4.5.5.37569, Zeitstempel: 0x5434f29e
Name des fehlerhaften Moduls: Windward.exe, Version: 4.5.5.37569, Zeitstempel: 0x5434f29e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00033347
ID des fehlerhaften Prozesses: 0x1c4c
Startzeit der fehlerhaften Anwendung: 0xWindward.exe0
Pfad der fehlerhaften Anwendung: Windward.exe1
Pfad des fehlerhaften Moduls: Windward.exe2
Berichtskennung: Windward.exe3
Vollständiger Name des fehlerhaften Pakets: Windward.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Windward.exe5

Error: (05/16/2015 00:29:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 5.9.0.318, Zeitstempel: 0x554d396c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f42c2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000139cb
ID des fehlerhaften Prozesses: 0x1e38
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3
Vollständiger Name des fehlerhaften Pakets: League of Legends.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: League of Legends.exe5


System errors:
=============
Error: (06/01/2015 04:15:17 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT-AUTORITÄT)
Description: G:\Device\HarddiskVolume83

Error: (06/01/2015 04:14:44 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (06/01/2015 04:14:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/01/2015 04:14:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/01/2015 04:14:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/01/2015 04:14:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/01/2015 04:14:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/01/2015 04:14:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/01/2015 04:14:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/01/2015 04:14:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-05-26 15:15:01.316
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-24 09:19:27.617
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-23 04:32:51.443
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-22 00:22:57.337
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-20 11:39:57.364
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-20 11:39:57.283
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-20 11:39:05.327
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-20 11:39:05.240
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-20 11:39:05.062
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-20 11:39:04.980
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 25%
Total physical RAM: 8143.19 MB
Available physical RAM: 6105.43 MB
Total Pagefile: 9423.2 MB
Available Pagefile: 6900.13 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.11 GB) (Free:65.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:398.17 GB) (Free:204.39 GB) NTFS
Drive g: () (Fixed) (Total:472.52 GB) (Free:177.62 GB) NTFS
Drive h: () (Fixed) (Total:458.99 GB) (Free:195.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: B19F8D36)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3D1300D1)
Partition 1: (Not Active) - (Size=472.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=459 GB) - (Type=07 NTFS)

==================== End of log ============================
Gmer (Fehler beim Scann, aber zur Vollständigkeit aufgelistet)
Code:
GMER Logfile:

       
Code:

       
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-01 04:59:22
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000034 ST750LX003-1AC154 rev.SM12 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\Tianhe\AppData\Local\Temp\pxldipog.sys


---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [668:2220]  fffff960009872d0

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                     unknown MBR code

---- EOF - GMER 2.1 ----

--- --- ---

MBAM (Erster Scann)
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 01.06.2015
Suchlauf-Zeit: 03:36:28
Logdatei: Erster Scann.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.31.03
Rootkit Datenbank: v2015.05.31.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Tianhe

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 406218
Verstrichene Zeit: 18 Min, 44 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 4
Trojan.Agent, HKLM\SOFTWARE\CLASSES\thunder, In Quarantäne, [0827009a4c3e112532d9524cab59b14f],
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\thunder, In Quarantäne, [7eb10298addd0036fe0d633b6f953ac6],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne,

[b47ba0fa2466c27423af0829679dc739],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\SOFTWARE\INSTALLCORE, In Quarantäne,

[101f6c2ea8e263d3ade7dc6b52b37b85],

Registrierungswerte: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\SOFTWARE\INSTALLCORE|tb, 0G2Y1R2X0G1M2S1M0G1S1H, In

Quarantäne, [101f6c2ea8e263d3ade7dc6b52b37b85]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 2
PUP.Optional.OpenCandy, C:\Users\Tianhe\AppData\Local\Temp\DTLite4491-0356.exe, In Quarantäne, [d55a1a80048692a4293dd5829472bb45],
Trojan.CoinMiner, C:\Users\Tianhe\AppData\Local\Temp\update.exe, In Quarantäne, [e946f1a95337a393b6eaab70b1513ac6],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
MBAM (Rescann nach Problembehandlung und Neustart)
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 01.06.2015
Suchlauf-Zeit: 04:17:27
Logdatei: Rescann.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.31.03
Rootkit Datenbank: v2015.05.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Tianhe

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 405848
Verstrichene Zeit: 14 Min, 27 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 1
Trojan.BitcoinMiner, C:\Windows\Temp\svchost.exe, In Quarantäne, [ce616e2c56342a0c529e3c51dd28e917],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
AdwCleaner
AdwCleaner Logfile:
Code:
# AdwCleaner v4.206 - Bericht erstellt 01/06/2015 um 05:37:40
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Tianhe - TLIU-PC
# Gestarted von : C:\Users\Tianhe\Desktop\AdwCleaner_4.206.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v43.0.2357.81


*************************

AdwCleaner[R0].txt - [5053 Bytes] - [01/06/2015 04:07:13]
AdwCleaner[R1].txt - [3663 Bytes] - [01/06/2015 04:12:26]
AdwCleaner[R2].txt - [772 Bytes] - [01/06/2015 05:37:40]
AdwCleaner[S0].txt - [3670 Bytes] - [01/06/2015 04:14:07]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [889 Bytes] ##########
Ich habe auch schon die SuchFunktion von Ihrem Forum verwendet und bin auf 2 ähnlichen Fälle gestoßen. Anscheinend hat Origin was damit zu tun, aber ich bin da kein Expert. Ich habe auf jeden Fall auf Origin auf meinem PC.
Danke für ihre Hilfe und Zeit.
MfG

schrauber 01.06.2015 20:27
Hi,

Lade Dir bitte von hier Emsisoft Emergency Kit Download Emsisoft Emergency Kit herunter.
  • Bitte installiere das Programm in den vorgegebenen Pfad.
  • Starte das Programm durch Doppelklick der Desktopverknüpfung.
  • Das EEK ist nach dem Laden der Malwaresignaturen für den Scan bereit.
  • Folge nun bitte der bebilderten Bildanleitung zu Emergency Kit, entferne alle Funde und poste am Ende des Scans bzw. der Bereinigung das Log.



frisches FRST Log bitte.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131