Problem Emännän koneeseen tuli virus

Discussion in 'Virukset ja haittaohjelmat' started by jokuz, Dec 1, 2015.

  1. jokuz

    jokuz Member

    Joined:
    May 29, 2007
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    16
    Hei

    Olin tuossa viettämässä rauhallista iltapäivää ja tekemässä omia juttujani, kun takaa alkaa kuulumaan älämölöä ja koneen kaiuttimista pilinää (avast hälytys). Eli apua tarvittaisiin koneeseen tulleiden virusten kanssa.

    Nettisivulla oli videoita katsonut ja luultavemmin jonkin linkin takaa mainoksen kautta virusta puskenut ja avast/adblock ei saanut torjuttua. Virus asensi ainakin kaksi ohjelmaa koneelle (opera, mediaplayer) ja mitä lie muuta. Avast tutkii tiedostoja läpi niin noin 20%:ssa on 2 tarttunutta tiedostoa ainakin.

    Mistä suosittelette aloittamaan tämän koneen siivoamisen.

    Kiitos avusta jo etukäteen.
     
  2. Nanna_86

    Nanna_86 Active member

    Joined:
    Sep 2, 2014
    Messages:
    561
    Likes Received:
    124
    Trophy Points:
    53
    Lataa AdwCleaner tästä. (v5.023)
    • Sulje kaikki avoimet ohjelmat ja Internet-selain tarkistuksen ajaksi.
    • Tuplaklikkaa AdwCleaner.exe auki ja valitse " Scan ".
    • Kun tarkistus on valmis, Valitse " Clean ".
    • Tietokone käynnistyy automaattisesti ohjelman valmistuttua.
    • Käynnistyessään, Saat näkyviin lokitiedoston. Lähetä se seuraavassa viestissäsi.
    • Loki löytyy myös polusta: C:\AdwCleaner[R1].txt



    [​IMG]


    --------------------------------------------------------------------------------------------------


    Lataa Junkware Removal Tool tästä.

    • Suorita ohjelma ( JRT.exe ) kaksoisnapsauttamalla sitä. ( Jos käytössä on Windows Vista, 7 tai 8; valitse oikealla " Suorita järjestelmänvalvojana ". )
    • Ohjelma avautuu ja aloittaa järjestelmän tarkastuksen
    • Kun tarkistus on valmis, Se tallentaa lokitiedoston ( JRT.txt ) työpöydällesi ja avautuu automaattisesti.
    • Lähetä JRT.txt sisältö seuraavassa viestissäsi.
    [​IMG]


    --------------------------------------------------------------------------------------------------


    1. Lataa ESET virus scanner tietokoneellesi tästä.

    2. Tallenna se työpöydällesi.

    3. Käynnistä ohjelma " esetsmartinstaller_enu.exe ". Saat näkyviin turvavarmenteen paina " Run/ Jatka "

    4. Seuraavassa hyväksyt käyttöehdot ja paina " Start / Next "

    5. Kuvassa tarkistuksen asetukset, Voit muuttaa niitä halutessasi, jatka painamalla " Start "

    [​IMG]

    6. Ohjelma lataa uusimmat virustietokannat ja aloittaa sitten tarkistuksen.

    [​IMG]

    7. ...

    [​IMG]

    8. Kun tarkistus on saatu päätökseen, saat tulokset ruutuusi. Ohjelma kertoo jos haittaohjelmia on löytynyt.

    [​IMG]

    Lopuksi, ESET luo loki-tiedoston polkuun:
    " C:\Program Files\ESET\EsetOnlineScanner\log.txt " 64-bittisessä järjestelmässä polku on
    "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt".

    Lähetä tämän loki-tiedoston sisältö seuraavassa viestissäsi.

    ---------------
    ESET Online scannerin poisto:

    Käynnistä > Ohjauspaneeli >" Ohjelmat ja toiminnot " tai joissakin järjestelmissä " Lisää poista sovellus " > Valitse " ESET Online Scanner " > poista asennus.

    -------------------------------- edit: Linkit päivitetty uusiin --------------------------------
     
  3. jokuz

    jokuz Member

    Joined:
    May 29, 2007
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    16
    Ajoin kaikki kolme ohjelmaa eli tässä kaikkien omat logit.

    # AdwCleaner v5.023 - Logfile created 01/12/2015 at 16:03:04
    # Updated 30/11/2015 by Xplode
    # Database : 2015-11-30.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Senjuska - TIETOKONE
    # Running from : C:\Users\Senjuska\Desktop\adwcleaner_5.023.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****

    [-] Service Deleted : ihpmServer
    [-] Service Deleted : fyjikehe
    [-] Service Deleted : pupivyhi

    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Program Files\SpaceSoundPro
    [-] Folder Deleted : C:\Program Files (x86)\SpaceSondPro
    [-] Folder Deleted : C:\Program Files (x86)\RayDld
    [-] Folder Deleted : C:\Program Files (x86)\410A8500-1448971922-81E1-3535-10BF482C8889
    [-] Folder Deleted : C:\Program Files (x86)\SpaceSondPro_v53.10177
    [-] Folder Deleted : C:\Users\Senjuska\AppData\Roaming\Mozilla\Firefox\Profiles\46zopqy7.default\Extensions\deskCutv2@gmail.com

    ***** [ Files ] *****

    [-] File Deleted : C:\END
    [-] File Deleted : C:\task.vbs
    [-] File Deleted : C:\Users\Senjuska\AppData\Roaming\Mozilla\Firefox\Profiles\46zopqy7.default\searchplugins\mysites123.xml

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****

    [-] Task Deleted : runTask
    [-] Task Deleted : updateTask

    ***** [ Registry ] *****

    [-] Key Deleted : HKCU\Software\Mozilla\Extends
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [IOPROTECT]
    [-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}
    [!] Key Not Deleted : HKCU\Software\Mozilla\Extends
    [-] Key Deleted : HKCU\Software\tstamptoken
    [-] Key Deleted : HKLM\SOFTWARE\SpaceSondPro
    [-] Key Deleted : HKLM\SOFTWARE\RayDld
    [-] Key Deleted : HKLM\SOFTWARE\ihpmserver
    [-] Key Deleted : HKLM\SOFTWARE\mysites123Software
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C42C5197-0EE9-4940-893B-F4EF047DFF0F}

    ***** [ Web browsers ] *****

    [-] [C:\Users\Senjuska\AppData\Roaming\Mozilla\Firefox\Profiles\46zopqy7.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://www.mysites123.com/?type=hp&ts=1448971849&z=9013bb1be49ff74faaadf34g9z5z2bdt9mag5b8z3t&from=amt&uid=wdcxwd7500bpvx-75jc3t0_wxr1e841f51ae841f51a");
    [-] [C:\Users\Senjuska\AppData\Roaming\Mozilla\Firefox\Profiles\46zopqy7.default\prefs.js] [Preference] Deleted : user_pref("browser.newtab.url", "hxxp://www.mysites123.com/newtab/?type=nt&ts=1448971849&z=9013bb1be49ff74faaadf34g9z5z2bdt9mag5b8z3t&from=amt&uid=wdcxwd7500bpvx-75jc3t0_wxr1e841f51ae841f51a");
    [-] [C:\Users\Senjuska\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.mysites123.com/?type=hp&ts=1448971849&z=9013bb1be49ff74faaadf34g9z5z2bdt9mag5b8z3t&from=amt&uid=wdcxwd7500bpvx-75jc3t0_wxr1e841f51ae841f51a
    [-] [C:\Users\Senjuska\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www.mysites123.com/web/?type=ds&ts=1448971849&z=9013bb1be49ff74faaadf34g9z5z2bdt9mag5b8z3t&from=amt&uid=wdcxwd7500bpvx-75jc3t0_wxr1e841f51ae841f51a&q={searchTerms}
    [-] [C:\Users\Senjuska\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.mysites123.com/?type=hp&ts=1448971849&z=9013bb1be49ff74faaadf34g9z5z2bdt9mag5b8z3t&from=amt&uid=wdcxwd7500bpvx-75jc3t0_wxr1e841f51ae841f51a

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3711 bytes] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.1 (11.24.2015)
    Operating System: Windows 7 Home Premium x64
    Ran by Senjuska (Administrator) on ti 01.12.2015 at 16:06:11,74
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 0




    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on ti 01.12.2015 at 16:10:17,40
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ESETSmartInstaller@High as downloader log:
    all ok
    # product=EOS
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # EOSSerial=b2bc29771ece6a4294b6b0d3e9a8e293
    # end=init
    # utc_time=2015-12-01 02:11:09
    # local_time=2015-12-01 04:11:09 (+0200, Suomen normaaliaika)
    # country="Finland"
    # osver=6.1.7601 NT Service Pack 1
    Update Init
    Update Download
    Update Finalize
    Updated modules version: 26990
    # product=EOS
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # EOSSerial=b2bc29771ece6a4294b6b0d3e9a8e293
    # end=updated
    # utc_time=2015-12-01 02:14:06
    # local_time=2015-12-01 04:14:06 (+0200, Suomen normaaliaika)
    # country="Finland"
    # osver=6.1.7601 NT Service Pack 1
    # product=EOS
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.7777
    # api_version=3.1.1
    # EOSSerial=b2bc29771ece6a4294b6b0d3e9a8e293
    # engine=26990
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2015-12-01 03:08:21
    # local_time=2015-12-01 05:08:21 (+0200, Suomen normaaliaika)
    # country="Finland"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode_1='avast! Antivirus'
    # compatibility_mode=783 16777213 71 88 974606 18159399 0 0
    # compatibility_mode_1=''
    # compatibility_mode=5893 16776573 100 94 7481 200612351 0 0
    # scanned=212983
    # found=22
    # cleaned=22
    # scan_time=3255
    sh=6BE0CB83D2A56A3BC4F7F802131F9358DC4EC012 ft=0 fh=0000000000000000 vn="VBS/TrojanDownloader.Agent.NSW trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\task.vbs.vir"
    sh=FDFF8694E88A3E2F5D5E3DC90542A3EBDB7CAA06 ft=1 fh=f2ff11d352a1c862 vn="a variant of Win64/BubbleSound.A potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\SpaceSoundPro\SpaceSoundPro.dll.vir"
    sh=819C1DBC766A477523F928D1E319B81FBFE85222 ft=1 fh=16643e1151624e35 vn="a variant of Win32/Adware.ConvertAd.ABM application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\410A8500-1448971922-81E1-3535-10BF482C8889\jnsq367F.tmp.vir"
    sh=9A41A9491D75A24FD59EDF56ABBB1F16957FE889 ft=1 fh=dc33968083312768 vn="a variant of Win32/Adware.ConvertAd.ACN application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\410A8500-1448971922-81E1-3535-10BF482C8889\knsvBA2.tmpfs.vir"
    sh=9E277924AD60BC23CF71029C7A8F2D293A6CA441 ft=1 fh=260b86e99effe83b vn="a variant of Win32/Adware.ConvertAd.ACS application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\410A8500-1448971922-81E1-3535-10BF482C8889\rnsl251D.exe.vir"
    sh=AEBF4D3CE278DD2B9F16B285F714E4863C09C21A ft=1 fh=e42a19397c5acfb0 vn="a variant of Win32/Adware.ConvertAd.ACN application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\410A8500-1448971922-81E1-3535-10BF482C8889\vnsqFB27.tmp.vir"
    sh=8D330C425C054F806BB3681499BD09C63D82738A ft=1 fh=c9268159056681c5 vn="a variant of Win32/ELEX.FZ potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RayDld\ihpmServer.exe.vir"
    sh=8D330C425C054F806BB3681499BD09C63D82738A ft=1 fh=c9268159056681c5 vn="a variant of Win32/ELEX.FZ potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RayDld\ihpmServer.ini.vir"
    sh=9434D1A5D56479988254608D5289E1E9D488DC54 ft=1 fh=c2a767356ec8b23d vn="a variant of Win64/BubbleSound.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SpaceSondPro\Spacesoundpro.exe.vir"
    sh=D51C5CCB623ADEAEF4F2771D364907C5BBAF1049 ft=1 fh=7adb10c997734288 vn="a variant of Win32/Adware.MaxDriver.A application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SpaceSondPro_v53.10177\ioproduct.exe.vir"
    sh=24E0A0E6FBA19F1B7F8A28052A06FF52FC4A2207 ft=1 fh=b3051f182da3ca82 vn="a variant of Win32/Adware.MaxDriver.A application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SpaceSondPro_v53.10177\SpaceSondPro_Service.exe.vir"
    sh=96FBB416B2E03DE6EF2F4E27966399C2C5195DDB ft=1 fh=28ff814cde88a5aa vn="a variant of Win32/InstallCore.ADV.gen potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Senjuska\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2CIQKG5\ClickMeIn_Downloader_v1.0.5.a0.1_48333_044[1].exe"
    sh=9E277924AD60BC23CF71029C7A8F2D293A6CA441 ft=1 fh=260b86e99effe83b vn="a variant of Win32/Adware.ConvertAd.ACS application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Senjuska\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QAVPQ1FY\runasu[1].exe"
    sh=083B491B3840FAA34D76087306C39790ED1D24D9 ft=1 fh=29dced3795c67ee7 vn="Win32/Amonetize.MB potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Senjuska\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QOMPM462\Bundle_FlowsurfCB[1].exe"
    sh=F7FD7F57BA111EF8367B1985D76F8C0C864C2703 ft=1 fh=40a87303fbf69b7e vn="a variant of Win32/Adware.MaxDriver.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Senjuska\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QOMPM462\SpaceSondPro[1].exe"
    sh=574BDC64C4C790A31E010AABB2D6789E690B8E7D ft=1 fh=be1af8505cbed5bf vn="a variant of Win32/Adware.ConvertAd.XD.gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Senjuska\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYHUVWPB\check[1].exe"
    sh=819C1DBC766A477523F928D1E319B81FBFE85222 ft=1 fh=16643e1151624e35 vn="a variant of Win32/Adware.ConvertAd.ABM application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Senjuska\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYHUVWPB\JOSrv[1].exe"
    sh=FD73CB84E5E35C7EC3F7B6084DBD483CA7F74797 ft=1 fh=80fb7ef73ac3be9a vn="a variant of Win32/Amonetize.MD potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Senjuska\AppData\Local\Temp\MediaPlayerSetup7.3.3__6629_i1765393632_il126.exe"
    sh=96FBB416B2E03DE6EF2F4E27966399C2C5195DDB ft=1 fh=28ff814cde88a5aa vn="a variant of Win32/InstallCore.ADV.gen potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Senjuska\AppData\Local\Temp\nsd964C.tmp"
    sh=574BDC64C4C790A31E010AABB2D6789E690B8E7D ft=1 fh=be1af8505cbed5bf vn="a variant of Win32/Adware.ConvertAd.XD.gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Senjuska\AppData\Local\Temp\nsq60DE.tmp"
    sh=083B491B3840FAA34D76087306C39790ED1D24D9 ft=1 fh=29dced3795c67ee7 vn="Win32/Amonetize.MB potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Senjuska\AppData\Local\Temp\nss5DDF.tmp"
    sh=FD73CB84E5E35C7EC3F7B6084DBD483CA7F74797 ft=1 fh=80fb7ef73ac3be9a vn="a variant of Win32/Amonetize.MD potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Senjuska\Downloads\MediaPlayerSetup7.3.3__6629_i1765393632_il126.exe"

    ESET:ssä poistin kaikki karanteenissa olevat tiedostot.
     
  4. Nanna_86

    Nanna_86 Active member

    Joined:
    Sep 2, 2014
    Messages:
    561
    Likes Received:
    124
    Trophy Points:
    53
    Vielä lopuksi,

    Lataa FarBar Recovery Scan Tool. ( FRST )

    [​IMG]

    32-Bit versio Tästä
    64-Bit versio Tästä

    * Tallenna ohjelma työpöydällesi ja käynnistä se.
    * Aloita tarkistus paina " Scan "
    * Kun tarkistus on valmis, se tekee 2 tekstitiedostoa hakemistoon johon ohjelma on asennettu. ( FRST.txt ja Addition.txt )
    * Lähetä FRST.txt sisältö seuraavassa viestissäsi.
     
    Last edited: Dec 1, 2015
  5. jokuz

    jokuz Member

    Joined:
    May 29, 2007
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    16
    Tässäpä tämä FRST logi

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
    Ran by Senjuska (administrator) on TIETOKONE (01-12-2015 20:28:05)
    Running from C:\Users\Senjuska\Desktop
    Loaded Profiles: Senjuska (Available Profiles: Senjuska)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: suomi (Suomi)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Spotify Ltd) C:\Users\Senjuska\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    (ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
    HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [926880 2011-05-31] (Atheros Communications)
    HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [792736 2011-05-31] (Atheros Commnucations)
    HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
    HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
    HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
    HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
    HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
    HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
    HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
    HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-07] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2818589261-2625086734-2138704643-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5585136 2015-03-31] (Disc Soft Ltd)
    HKU\S-1-5-21-2818589261-2625086734-2138704643-1000\...\Run: [Spotify Web Helper] => C:\Users\Senjuska\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-11-12] (Spotify Ltd)
    HKU\S-1-5-21-2818589261-2625086734-2138704643-1000\...\Run: [Steam] => F:\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
    HKU\S-1-5-21-2818589261-2625086734-2138704643-1000\...\MountPoints2: {b2797a49-f356-11e4-aa31-e0b9a5f63d45} - G:\Autorun.exe
    HKU\S-1-5-21-2818589261-2625086734-2138704643-1000\...\MountPoints2: {b2797a50-f356-11e4-aa31-e0b9a5f63d45} - H:\Autorun.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-05-05] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-20] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 62.145.169.130 213.145.216.231
    Tcpip\..\Interfaces\{361BDD2D-B5D8-4C67-B0DD-DAB475F46DE3}: [DhcpNameServer] 62.145.169.130 213.145.216.231
    Tcpip\..\Interfaces\{5630AD0F-5A5A-4E47-9BDE-F456896796A9}: [DhcpNameServer] 192.168.44.1

    Internet Explorer:
    ==================
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-29] (AVAST Software)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-05-31] (Atheros Commnucations)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-29] (AVAST Software)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Senjuska\AppData\Roaming\Mozilla\Firefox\Profiles\46zopqy7.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
    FF Extension: No Name - C:\Users\Senjuska\AppData\Roaming\Mozilla\Firefox\Profiles\46zopqy7.default\extensions\deskCutv2@gmail.com [not found]
    FF Extension: ADB Helper - C:\Users\Senjuska\AppData\Roaming\Mozilla\Firefox\Profiles\46zopqy7.default\Extensions\adbhelper@mozilla.org [2015-11-14]
    FF Extension: Valence - C:\Users\Senjuska\AppData\Roaming\Mozilla\Firefox\Profiles\46zopqy7.default\Extensions\fxdevtools-adapters@mozilla.org [2015-10-21]
    FF Extension: Adblock Plus - C:\Users\Senjuska\AppData\Roaming\Mozilla\Firefox\Profiles\46zopqy7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-20] [not signed]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\!FE8490FBDEF4CED329FCFB249769E8E6FE84.js [2015-12-01]

    Chrome:
    =======
    CHR Profile: C:\Users\Senjuska\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google-presentaatiot) - C:\Users\Senjuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-06]
    CHR Extension: (Google-dokumentit) - C:\Users\Senjuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-06]
    CHR Extension: (Google Drive) - C:\Users\Senjuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-13]
    CHR Extension: (YouTube) - C:\Users\Senjuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
    CHR Extension: (Google-haku) - C:\Users\Senjuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
    CHR Extension: (Google-taulukot) - C:\Users\Senjuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-06]
    CHR Extension: (Google Docsin offline-tila) - C:\Users\Senjuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-01]
    CHR Extension: (AdBlock) - C:\Users\Senjuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-01]
    CHR Extension: (Avast Online Security) - C:\Users\Senjuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-01]
    CHR Extension: (Chrome Web Storen maksut) - C:\Users\Senjuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-06]
    CHR Extension: (Gmail) - C:\Users\Senjuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-06]
    CHR Extension: (Web Rest) - C:\Users\Senjuska\AppData\Local\Web Rest\Component [2015-12-01]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-05]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-05]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-05-31] (Atheros) [File not signed]
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [97952 2011-05-31] (Atheros Commnucations) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-20] (AVAST Software)
    R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1277680 2015-03-31] (Disc Soft Ltd)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-20] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-20] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-20] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-20] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-07] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-07] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-20] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-20] (AVAST Software)
    S3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [420896 2011-05-31] (Atheros)
    R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-05] (Disc Soft Ltd)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-01 20:28 - 2015-12-01 20:28 - 00015328 _____ C:\Users\Senjuska\Desktop\FRST.txt
    2015-12-01 20:27 - 2015-12-01 20:27 - 02350080 _____ (Farbar) C:\Users\Senjuska\Downloads\FRST64 (1).exe
    2015-12-01 20:26 - 2015-12-01 20:28 - 00000000 ____D C:\FRST
    2015-12-01 20:25 - 2015-12-01 20:26 - 02350080 _____ (Farbar) C:\Users\Senjuska\Desktop\FRST64.exe
    2015-12-01 16:10 - 2015-12-01 16:10 - 00000563 _____ C:\Users\Senjuska\Desktop\JRT.txt
    2015-12-01 16:10 - 2015-12-01 16:10 - 00000000 ____D C:\Program Files (x86)\ESET
    2015-12-01 16:04 - 2015-12-01 16:04 - 00003790 _____ C:\Users\Senjuska\Desktop\AdwCleaner[C1].txt
    2015-12-01 16:01 - 2015-12-01 16:03 - 00000000 ____D C:\AdwCleaner
    2015-12-01 15:59 - 2015-12-01 15:59 - 02870984 _____ (ESET) C:\Users\Senjuska\Desktop\esetsmartinstaller_enu.exe
    2015-12-01 15:59 - 2015-12-01 15:59 - 01599336 _____ (Malwarebytes) C:\Users\Senjuska\Desktop\JRT.exe
    2015-12-01 15:58 - 2015-12-01 15:59 - 01736704 _____ C:\Users\Senjuska\Desktop\adwcleaner_5.023.exe
    2015-12-01 14:43 - 2015-12-01 14:43 - 00003152 _____ C:\Windows\System32\Tasks\Web Rest
    2015-12-01 14:43 - 2015-12-01 14:43 - 00003144 _____ C:\Windows\System32\Tasks\Web Rest2
    2015-12-01 14:43 - 2015-12-01 14:43 - 00000000 ____D C:\Users\Senjuska\AppData\Local\Web Rest
    2015-12-01 14:13 - 2015-12-01 14:13 - 00000000 ____D C:\Users\Senjuska\AppData\Roaming\Opera Software
    2015-12-01 14:13 - 2015-12-01 14:13 - 00000000 ____D C:\Users\Senjuska\AppData\Local\Opera Software
    2015-12-01 14:12 - 2015-12-01 14:14 - 00000000 ____D C:\Program Files (x86)\Opera
    2015-11-28 20:00 - 2015-11-28 20:00 - 00000000 ____D C:\Users\Senjuska\AppData\LocalLow\PlayfulCorp
    2015-11-28 19:14 - 2015-11-28 19:14 - 00000202 _____ C:\Users\Senjuska\Desktop\Creativerse.url
    2015-11-13 18:04 - 2015-11-13 18:04 - 00013397 _____ C:\Users\Senjuska\Desktop\SPSS.lnk
    2015-11-13 17:57 - 2015-11-13 17:57 - 00000000 ____D C:\Users\Senjuska\Documents\SPSSInc
    2015-11-13 17:56 - 2015-11-13 17:56 - 00000000 ____D C:\Users\Senjuska\AppData\Roaming\SPSSInc
    2015-11-13 17:56 - 2015-11-13 17:56 - 00000000 ____D C:\Users\Senjuska\AppData\Local\javasharedresources
    2015-11-13 17:56 - 2015-11-13 17:56 - 00000000 ____D C:\Users\Senjuska\AppData\Local\IBM
    2015-11-13 17:56 - 2015-11-13 17:56 - 00000000 ____D C:\Users\Senjuska\.spss
    2015-11-13 17:52 - 2015-11-13 17:52 - 00000000 ____D C:\ProgramData\SafeNet Sentinel
    2015-11-13 17:51 - 2015-11-13 17:51 - 00000000 ____D C:\ProgramData\SPSS
    2015-11-13 17:51 - 2015-11-13 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
    2015-11-13 17:51 - 2015-11-13 17:51 - 00000000 ____D C:\Program Files\Common Files\IBM
    2015-11-13 17:50 - 2015-11-13 17:50 - 00001025 _____ C:\Windows\SysWOW64\sysprs7.tgz
    2015-11-13 17:50 - 2015-11-13 17:50 - 00001025 _____ C:\Windows\SysWOW64\sysprs7.dll
    2015-11-13 17:50 - 2015-11-13 17:50 - 00000219 _____ C:\Windows\SysWOW64\lsprst7.tgz
    2015-11-13 17:50 - 2015-11-13 17:50 - 00000205 _____ C:\Windows\SysWOW64\lsprst7.dll
    2015-11-13 17:50 - 2015-11-13 17:50 - 00000016 ____H C:\Windows\SysWOW64\servdat.slm
    2015-11-13 17:50 - 2015-11-13 17:50 - 00000000 ____D C:\Users\Senjuska\Desktop\CRACK
    2015-11-13 17:43 - 2014-07-07 18:35 - 00000248 _____ C:\Users\Senjuska\Desktop\CRACK.rar
    2015-11-12 21:52 - 2015-11-03 19:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-11-11 22:21 - 2015-11-03 23:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-11-11 22:21 - 2015-10-31 01:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-11-11 22:21 - 2015-10-31 01:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-11-11 22:21 - 2015-10-31 01:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-11-11 22:21 - 2015-10-31 01:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-11-11 22:21 - 2015-10-31 00:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-11-11 22:21 - 2015-10-31 00:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-11-11 22:21 - 2015-10-31 00:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-11-11 22:21 - 2015-10-31 00:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-11-11 22:21 - 2015-10-31 00:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-11-11 22:21 - 2015-10-31 00:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-11-11 22:21 - 2015-10-31 00:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-11-11 22:21 - 2015-10-31 00:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-11-11 22:21 - 2015-10-31 00:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-11-11 22:21 - 2015-10-31 00:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2015-11-11 22:21 - 2015-10-31 00:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-11-11 22:21 - 2015-10-30 23:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-11-11 22:21 - 2015-10-20 20:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-11-11 22:21 - 2015-10-20 20:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-11-11 22:21 - 2015-10-20 20:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-11-11 22:21 - 2015-10-20 20:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-11-11 22:21 - 2015-10-20 20:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-11-11 22:21 - 2015-10-20 20:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-11-11 22:21 - 2015-10-20 20:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-11-11 22:21 - 2015-10-20 20:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-11-11 22:21 - 2015-10-20 20:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-11-11 22:21 - 2015-10-20 20:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-11-11 22:21 - 2015-10-20 20:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-11-11 22:21 - 2015-10-20 19:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-11-11 22:21 - 2015-10-20 19:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-11-11 22:21 - 2015-10-20 19:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-11-11 22:21 - 2015-10-20 19:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-11-11 22:21 - 2015-10-20 19:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-11-11 22:20 - 2015-11-04 00:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-11-11 22:20 - 2015-10-31 01:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-11-11 22:20 - 2015-10-31 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-11-11 22:20 - 2015-10-31 01:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-11-11 22:20 - 2015-10-31 01:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-11-11 22:20 - 2015-10-31 01:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-11-11 22:20 - 2015-10-31 01:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-11-11 22:20 - 2015-10-31 01:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-11-11 22:20 - 2015-10-31 01:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-11-11 22:20 - 2015-10-31 01:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-11-11 22:20 - 2015-10-31 01:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-11-11 22:20 - 2015-10-31 01:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-11-11 22:20 - 2015-10-31 01:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-11-11 22:20 - 2015-10-31 01:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-11-11 22:20 - 2015-10-31 01:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-11-11 22:20 - 2015-10-31 01:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-11-11 22:20 - 2015-10-31 00:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-11-11 22:20 - 2015-10-31 00:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-11-11 22:20 - 2015-10-31 00:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-11-11 22:20 - 2015-10-31 00:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-11-11 22:20 - 2015-10-31 00:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-11-11 22:20 - 2015-10-31 00:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-11-11 22:20 - 2015-10-31 00:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-11-11 22:20 - 2015-10-31 00:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-11-11 22:20 - 2015-10-31 00:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-11-11 22:20 - 2015-10-31 00:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-11-11 22:20 - 2015-10-31 00:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-11-11 22:20 - 2015-10-31 00:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-11-11 22:20 - 2015-10-31 00:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-11-11 22:20 - 2015-10-31 00:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-11-11 22:20 - 2015-10-31 00:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-11-11 22:20 - 2015-10-31 00:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-11-11 22:20 - 2015-10-31 00:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-11-11 22:20 - 2015-10-31 00:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-11-11 22:20 - 2015-10-31 00:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-11-11 22:20 - 2015-10-31 00:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-11-11 22:20 - 2015-10-31 00:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-11-11 22:20 - 2015-10-31 00:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-11-11 22:20 - 2015-10-31 00:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-11-11 22:20 - 2015-10-31 00:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-11-11 22:20 - 2015-10-31 00:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-11-11 22:20 - 2015-10-31 00:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-11-11 22:20 - 2015-10-31 00:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-11-11 22:20 - 2015-10-31 00:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-11-11 22:20 - 2015-10-30 23:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-11-11 22:20 - 2015-10-30 23:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-11-11 22:20 - 2015-10-30 23:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-11-11 22:19 - 2015-10-29 19:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2015-11-11 22:19 - 2015-10-29 19:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
    2015-11-11 22:19 - 2015-10-29 19:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
    2015-11-11 22:19 - 2015-10-29 19:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
    2015-11-11 22:19 - 2015-10-29 19:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
    2015-11-11 22:19 - 2015-10-29 19:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
    2015-11-11 22:19 - 2015-10-29 19:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
    2015-11-11 22:19 - 2015-10-20 03:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-11-11 22:19 - 2015-10-20 03:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-11-11 22:19 - 2015-10-20 03:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-11-11 22:19 - 2015-10-20 03:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-11-11 22:19 - 2015-10-20 03:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-11-11 22:19 - 2015-10-20 03:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-11-11 22:19 - 2015-10-20 03:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-11-11 22:19 - 2015-10-20 03:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-11-11 22:19 - 2015-10-20 03:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-11-11 22:19 - 2015-10-20 03:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-11-11 22:19 - 2015-10-20 03:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-11-11 22:19 - 2015-10-20 03:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-11-11 22:19 - 2015-10-20 03:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-11-11 22:19 - 2015-10-20 03:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-11-11 22:19 - 2015-10-20 03:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-11-11 22:19 - 2015-10-20 03:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-11-11 22:19 - 2015-10-20 03:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-11-11 22:19 - 2015-10-20 03:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-11-11 22:19 - 2015-10-20 03:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-11-11 22:19 - 2015-10-20 03:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-11-11 22:19 - 2015-10-20 03:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-11-11 22:19 - 2015-10-20 03:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-11-11 22:19 - 2015-10-20 03:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-11-11 22:19 - 2015-10-20 03:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-11-11 22:19 - 2015-10-20 03:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-11-11 22:19 - 2015-10-20 03:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-11-11 22:19 - 2015-10-20 03:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-11-11 22:19 - 2015-10-20 03:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-11-11 22:19 - 2015-10-20 03:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-11-11 22:19 - 2015-10-20 03:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-11-11 22:19 - 2015-10-20 03:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-11-11 22:19 - 2015-10-20 03:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-11-11 22:19 - 2015-10-20 03:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-11-11 22:19 - 2015-10-20 02:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-11-11 22:19 - 2015-10-20 02:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-11-11 22:19 - 2015-10-20 02:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-11-11 22:19 - 2015-10-20 02:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-11-11 22:19 - 2015-10-20 02:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-11-11 22:19 - 2015-10-20 02:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-11-11 22:19 - 2015-10-20 02:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-11-11 22:19 - 2015-10-20 02:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-11-11 22:19 - 2015-10-20 02:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-11-11 22:19 - 2015-10-20 02:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-11-11 22:19 - 2015-10-20 02:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-11-11 22:19 - 2015-10-20 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-11-11 22:19 - 2015-10-20 02:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-11-11 22:19 - 2015-10-20 02:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-11-11 22:19 - 2015-10-20 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-11-11 22:19 - 2015-10-20 02:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-11-11 22:19 - 2015-10-20 02:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-11-11 22:19 - 2015-10-20 02:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-11-11 22:19 - 2015-10-20 02:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-11-11 22:19 - 2015-10-20 02:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-11-11 22:19 - 2015-10-20 02:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-11-11 22:19 - 2015-10-20 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-11-11 22:19 - 2015-10-20 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 01:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-11-11 22:19 - 2015-10-20 01:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-11-11 22:19 - 2015-10-20 01:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-11-11 22:19 - 2015-10-20 01:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-11-11 22:19 - 2015-10-20 01:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-11-11 22:19 - 2015-10-20 01:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 01:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 01:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-20 01:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-11-11 22:19 - 2015-10-13 18:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2015-11-11 22:19 - 2015-10-13 18:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2015-11-11 22:19 - 2015-10-13 06:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2015-11-11 22:19 - 2015-10-01 20:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-11-11 22:19 - 2015-10-01 20:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2015-11-11 22:19 - 2015-10-01 19:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-11-11 22:19 - 2015-09-23 15:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-11-11 22:19 - 2015-09-23 15:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2015-11-11 22:19 - 2015-09-23 15:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2015-11-11 22:02 - 2015-11-11 22:02 - 05286088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2015-11-07 15:33 - 2015-12-01 14:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-11-06 16:53 - 2015-11-06 16:53 - 00000000 ____D C:\Users\Senjuska\AppData\LocalLow\Travian Games GmbH
    2015-11-06 16:50 - 2015-11-06 16:50 - 00000202 _____ C:\Users\Senjuska\Desktop\Pyramid Raid.url
    2015-11-03 18:37 - 2015-11-03 18:37 - 00000000 ____D C:\Users\Senjuska\AppData\Roaming\The Secret of Tremendous Corporation
    2015-11-03 18:36 - 2015-11-03 18:37 - 00000000 ____D C:\ProgramData\Package Cache
    2015-11-03 18:35 - 2015-11-03 18:35 - 00000202 _____ C:\Users\Senjuska\Desktop\The Secret of Tremendous Corporation.url
    2015-11-02 19:09 - 2015-11-02 19:09 - 00000000 ____D C:\Users\Senjuska\AppData\Roaming\com.treefortress.Bardbarian
    2015-11-02 19:00 - 2015-11-02 19:00 - 00000202 _____ C:\Users\Senjuska\Desktop\Bardbarian.url
    2015-11-02 19:00 - 2015-11-02 19:00 - 00000201 _____ C:\Users\Senjuska\Desktop\Puzzle Dimension.url

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-01 20:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows
    2015-12-01 20:26 - 2015-05-05 12:51 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-12-01 20:25 - 2009-07-14 11:01 - 00481486 _____ C:\Windows\system32\perfh00B.dat
    2015-12-01 20:25 - 2009-07-14 11:01 - 00101546 _____ C:\Windows\system32\perfc00B.dat
    2015-12-01 20:25 - 2009-07-14 07:13 - 01353786 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-12-01 20:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
    2015-12-01 20:23 - 2015-05-17 15:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-12-01 20:23 - 2009-07-14 06:45 - 00023232 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-12-01 20:23 - 2009-07-14 06:45 - 00023232 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-12-01 17:24 - 2015-05-05 11:57 - 00000000 ____D C:\Users\Senjuska\Documents\Bluetooth Folder
    2015-12-01 17:23 - 2015-05-05 12:51 - 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-12-01 17:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-12-01 14:33 - 2015-05-06 22:10 - 00000000 ____D C:\Users\Senjuska\AppData\Local\CrashDumps
    2015-12-01 14:15 - 2015-05-05 20:14 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-12-01 14:15 - 2015-05-05 20:14 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-12-01 14:15 - 2015-05-05 12:52 - 00002184 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-12-01 14:15 - 2015-05-05 11:37 - 00001425 _____ C:\Users\Senjuska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-12-01 14:14 - 2015-05-06 00:38 - 00000000 __SHD C:\Users\Senjuska\AppData\Local\EmieUserList
    2015-12-01 14:14 - 2015-05-06 00:38 - 00000000 __SHD C:\Users\Senjuska\AppData\Local\EmieSiteList
    2015-12-01 14:14 - 2015-05-06 00:38 - 00000000 __SHD C:\Users\Senjuska\AppData\Local\EmieBrowserModeList
    2015-12-01 12:50 - 2015-05-14 16:40 - 00000000 ____D C:\Users\Senjuska\Documents\Koulu
    2015-11-28 00:13 - 2015-05-05 12:52 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2015-11-22 14:56 - 2015-05-06 14:30 - 00000000 ____D C:\Users\Senjuska\AppData\Local\Spotify
    2015-11-22 14:53 - 2015-05-06 14:29 - 00000000 ____D C:\Users\Senjuska\AppData\Roaming\Spotify
    2015-11-20 19:59 - 2009-07-14 07:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-11-19 17:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
    2015-11-14 14:50 - 2015-05-05 12:48 - 00085880 _____ C:\Users\Senjuska\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-11-14 14:03 - 2009-07-14 06:45 - 00334320 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-11-13 17:56 - 2015-05-05 11:37 - 00000000 ____D C:\Users\Senjuska
    2015-11-13 17:42 - 2015-05-05 21:18 - 00000000 ____D C:\Users\Senjuska\AppData\Roaming\DAEMON Tools Lite
    2015-11-11 23:04 - 2015-05-05 13:06 - 00000000 ____D C:\Windows\system32\MRT
    2015-11-11 23:00 - 2015-05-05 13:06 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-11-11 22:59 - 2015-05-05 20:25 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-11-11 22:52 - 2015-05-05 16:04 - 01328234 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-11-11 22:49 - 2009-07-14 11:12 - 00000000 ____D C:\Program Files\Windows Journal
    2015-11-11 22:02 - 2015-05-17 15:44 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-11-11 22:02 - 2015-05-17 15:44 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-11-11 22:02 - 2015-05-17 15:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-11-08 13:15 - 2015-05-05 20:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-11-07 14:11 - 2015-05-05 12:51 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2015-11-07 14:11 - 2015-05-05 12:51 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2015-11-01 21:07 - 2015-05-05 12:51 - 00000000 ____D C:\Users\Senjuska\AppData\Local\Google

    ==================== Files in the root of some directories =======

    2015-05-05 12:20 - 2015-05-05 12:20 - 0001699 _____ () C:\Users\Senjuska\AppData\Local\FastClean.20150505.132012.txt

    Some files in TEMP:
    ====================
    C:\Users\Senjuska\AppData\Local\Temp\Opera_NI_stable.exe
    C:\Users\Senjuska\AppData\Local\Temp\sqlite3.dll
    C:\Users\Senjuska\AppData\Local\Temp\Uninstall.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-11-20 14:16

    ==================== End of FRST.txt ============================
     
  6. Nanna_86

    Nanna_86 Active member

    Joined:
    Sep 2, 2014
    Messages:
    561
    Likes Received:
    124
    Trophy Points:
    53
    Siinä jämät mitä löytyi. Muuten loki näyttää hyvältä ;).


    1. Avaa Muistio ja Kopioi alla näkyvä teksti.

    Code:
    HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    C:\Users\Senjuska\AppData\Roaming\Mozilla\Firefox\Profiles\46zopqy7.default\extensions\deskCutv2@gmail.com [not found]
    EmptyTemp:
    

    2. Liitä ne muistioon ja tallenna tiedosto nimellä " fixlist.txt ".
    Huom! On tärkeää FIXLIST.TXT tallennetaan samaan kansioon/kohteeseen johon FRST.EXE on asennettu. Muuten korjaus ei toimi.

    3. Käynnistä FRST.EXE tai vaihtoehtoisesti FRST64.EXE ja paina Fix painiketta.
    Jos ohjelma haluaa uudelleenkäynnistyksen, anna sen tehdä niin.
     
  7. jokuz

    jokuz Member

    Joined:
    May 29, 2007
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    16
    Hieno juttu, että kone alkaa näyttää pöpö vapaalta! Tein fixlistin ja puhdistin. Alla logi vielä siitä.

    Kiitos paljon avusta Nanna ;), jos tuo blondi tyttöystävä jatkossa välttelisi noita huonoja streamlinkkejä enemmän :D

    Fix result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
    Ran by Senjuska (2015-12-01 21:13:08) Run:1
    Running from C:\Users\Senjuska\Desktop
    Loaded Profiles: Senjuska (Available Profiles: Senjuska)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    C:\Users\Senjuska\AppData\Roaming\Mozilla\Firefox\Profiles\46zopqy7.default\extensions\deskCutv2@gmail.com [not found]
    EmptyTemp:
    *****************

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpaceSoundPro => value removed successfully
    "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
    "C:\Users\Senjuska\AppData\Roaming\Mozilla\Firefox\Profiles\46zopqy7.default\extensions\deskCutv2@gmail.com [not found]" => not found.
    EmptyTemp: => 251.1 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 21:13:14 ====
     

Share This Page