Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus in Secure Icons temp


  • This topic is locked This topic is locked
36 replies to this topic

#1 leonardo08

leonardo08

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 11 December 2014 - 12:35 PM

hello there i got this malware and i did the frst things that i heard in  http://www.bleepingcomputer.com/forums/t/550853/malware-cprogramdatamicrosoftsecureiconstemp/  Can anyone check my txt ? 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 01
Ran by SYSTEM on MININT-4MMOVKD on 07-12-2014 15:01:18
Running from I:\
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-10-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Fences] => D:\Program Files (x86)\Stardock\Fences\Fences.exe [4031152 2013-11-26] (Stardock Corporation)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe [1391416 2013-06-21] (ASUSTeK Computer Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM-x32\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI]  <==== ATTENTION!
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-06] ( (Qualcomm®Atheros®))
HKU\Leonardo08\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\Leonardo08\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)
HKU\Leonardo08\...\Run: [Onics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Leonardo08\AppData\Local\AVGworks\Fmimage16.dll
HKU\Leonardo08\...\Run: [ISsoft] => regsvr32.exe C:\Users\Leonardo08\AppData\Local\ISsoft\symMan16.dll <===== ATTENTION
HKU\Leonardo08\...\Run: [uTorrent] => C:\Users\Leonardo08\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-05] (BitTorrent Inc.)
HKU\Leonardo08\...\Run: [{964FE94B-1F30-A557-54E4-535FBE8A93EB}] => C:\ProgramData\Microsoft\Secure\Icons\temp\tmp58B6.exe [143360 2014-12-07] () <===== ATTENTION
HKU\Leonardo08\...\Run: [AVGworks] => C:\Users\Leonardo08\AppData\Local\AVGworks\tmp58B6.exe [143360 2014-12-07] ()
HKU\Leonardo08\...\Policies\system: [EnableLUA] 0
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-21] (Autodesk Inc.)
S2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2014-03-14] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-03-14] (ASUSTeK Computer Inc.)
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe [1656464 2014-03-14] (ASUSTeK Computer Inc.)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-06] (Windows ® Win 7 DDK provider)
S2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2014-10-31] (DTS, Inc)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-06-13] (Echobit LLC)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-11-03] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-10-18] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S4 mi-raysat_3dsmax2015_64; D:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-14] ()
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-10-31] (Electronic Arts)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-11-04] ()
S2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-11-04] ()
S2 RzKLService; D:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-08-27] (Razer Inc.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 VsEtwService120; D:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S4 wampapache; c:\wamp\bin\apache\apache2.4.2\bin\httpd.exe [24576 2012-05-13] (Apache Software Foundation)
S4 wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [9693696 2012-04-19] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-06] (Atheros)
S2 Ati External Event Utility; No ImagePath
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-28] (Google Inc)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-03] ()
S3 ASMTFilter; C:\Windows\SysWow64\drivers\asmtufdriver.sys [21400 2013-01-28] (http://www.asmedia.com.tw)
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-03-14] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2014-03-14] (MCCI Corporation)
S3 AsusSensorSimulator; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
S3 ASUSstpt; C:\Windows\System32\drivers\ASUSstpt.sys [27392 2014-03-14] (MCCI Corporation)
S3 ASUSumsc; C:\Windows\System32\drivers\ASUSumsc.sys [151808 2014-03-14] (MCCI Corporation)
S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-07-14] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-06] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-08-12] (Microsoft Corporation)
S1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-15] (Disc Soft Ltd)
S3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-10-31] (Intel Corporation)
S3 EvolveVirtualAdapter; C:\Windows\system32\DRIVERS\evolve.sys [21656 2014-03-30] (Echobit, LLC)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-07] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
S3 MbswMailbox; C:\Program Files (x86)\ASUS\AI Suite III\690b33e1-0462-4e84-9bea-c7552b45432a.sys [17208 2014-11-22] ()
S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [125952 2014-10-31] (Intel Corporation)
S3 OSFMount; D:\Program Files (x86)\Counter-Strike Global Offensive\image\x64\OSFMount.sys [552888 2013-10-18] (PassMark Software)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
S3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-15] (Tunngle.net)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [969696 2014-08-02] (TENCENT)
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 VCSVADHWSer; C:\Windows\system32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S4 RAMDiskVE; \SystemRoot\System32\Drivers\RAMDiskVE.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-07 14:59 - 2014-12-07 14:59 - 00000000 _____ () C:\Recovery.txt
2014-12-07 04:43 - 2014-12-07 04:55 - 00002469 _____ () C:\Windows\setupact.log
2014-12-07 04:43 - 2014-12-07 04:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-07 04:28 - 2014-12-07 04:28 - 00000000 ____D () C:\FRST
2014-12-07 04:26 - 2014-12-07 04:26 - 02119680 _____ (Farbar) C:\Users\Leonardo08\Downloads\FRST64.exe
2014-12-07 04:23 - 2014-12-07 04:23 - 00295227 _____ () C:\Users\Leonardo08\Downloads\ComboFix.txt
2014-12-05 14:33 - 2014-12-05 14:33 - 00001402 _____ () C:\Users\Leonardo08\Desktop\autoexec.cfg
2014-12-04 10:06 - 2014-12-04 10:07 - 1428872898 _____ () C:\Users\Leonardo08\Desktop\FailRace Play The Crew.MP4
2014-12-03 08:29 - 2014-12-04 10:56 - 00000000 ____D () C:\Users\Leonardo08\AppData\Roaming\Ygloeq
2014-12-03 07:21 - 2014-12-03 07:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\5FA649AA.sys
2014-12-02 10:44 - 2014-12-02 10:44 - 00000761 _____ () C:\Windows\System32\Drivers\etc\hosts.txt
2014-12-01 12:17 - 2014-12-01 12:17 - 00027477 _____ () C:\Users\Leonardo08\Downloads\915070-post.html
2014-12-01 12:17 - 2014-12-01 12:17 - 00027477 _____ () C:\Users\Leonardo08\Downloads\915070-post (2).html
2014-12-01 12:17 - 2014-12-01 12:17 - 00027477 _____ () C:\Users\Leonardo08\Downloads\915070-post (1).html
2014-11-30 15:44 - 2014-11-30 15:44 - 00049488 _____ () C:\Users\Leonardo08\Downloads\555668-Interstellar-2014-1CD-23.976fps-TR-48kB-TurkceAltyazi.org.rar
2014-11-30 15:43 - 2014-11-30 15:43 - 00015911 _____ () C:\Users\Leonardo08\Downloads\Interstellar 2014 720p HDCAM x264 AAC x264 Pimp4003.torrent
2014-11-30 15:33 - 2014-11-30 15:33 - 00004557 _____ () C:\Users\Leonardo08\Downloads\Interstellar_[_2014]__BluRay_1080p_DTS_x264_-_RARBG.11604919.TPB.torrent
2014-11-30 10:33 - 2014-12-07 04:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-11-30 10:33 - 2014-11-30 10:33 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-30 10:33 - 2014-11-30 10:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-30 10:33 - 2014-10-01 01:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-11-30 10:33 - 2014-10-01 01:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-11-30 10:33 - 2014-10-01 01:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-11-30 10:27 - 2014-11-30 10:27 - 00000222 _____ () C:\Users\Leonardo08\Desktop\TrackMania Stadium Demo.url
2014-11-30 10:14 - 2014-12-04 10:29 - 00000000 ____D () C:\Users\Leonardo08\AppData\Local\ISsoft
2014-11-30 10:13 - 2014-12-07 04:05 - 00000000 ____D () C:\Users\Leonardo08\AppData\Local\AVGworks
2014-11-30 08:31 - 2014-11-30 08:31 - 00641557 _____ () C:\Users\Leonardo08\Downloads\hltasmod-2.0.7z
2014-11-30 04:43 - 2014-11-30 04:49 - 00000000 ____D () C:\Users\Leonardo08\Desktop\GpuTest_Windows_x64_0.7.0
2014-11-30 04:43 - 2014-11-30 04:43 - 01997654 _____ () C:\Users\Leonardo08\Downloads\TessMark_0.3.0.zip
2014-11-30 04:42 - 2014-11-30 04:42 - 02103678 _____ () C:\Users\Leonardo08\Downloads\GpuTest_Windows_x64_0.7.0.zip
2014-11-29 14:47 - 2014-11-30 21:47 - 00000000 ____D () C:\Users\Leonardo08\Desktop\Yeni klasör (2)
2014-11-29 14:29 - 2014-11-29 15:33 - 00000000 ____D () C:\Users\Leonardo08\AppData\Roaming\Zaifmein
2014-11-27 10:15 - 2014-11-27 10:16 - 00000000 ____D () C:\Users\Leonardo08\AppData\Local\Overwolf
2014-11-27 10:07 - 2014-11-27 10:07 - 00000000 ____D () C:\Windows\Tasks\TaskDisabled
2014-11-27 09:04 - 2014-03-06 13:53 - 02510528 _____ (Sysinternals - www.sysinternals.com) C:\Users\Leonardo08\Desktop\Procmon.exe
2014-11-27 09:03 - 2014-11-27 09:04 - 01121208 _____ () C:\Users\Leonardo08\Downloads\ProcessMonitor.zip
2014-11-27 07:55 - 2014-11-27 09:47 - 00000000 ____D () C:\Users\Leonardo08\AppData\Roaming\Yfucqun
2014-11-26 13:07 - 2014-11-26 13:08 - 21458300 _____ () C:\Users\Leonardo08\Downloads\Free Template Sony Vegas Pro 11 -End generic.rar
2014-11-25 12:53 - 2014-11-25 12:54 - 02042880 _____ () C:\Users\Leonardo08\Downloads\BİLGİ FELSEFESİ.ppt
2014-11-25 11:50 - 2014-11-25 11:50 - 04443312 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-25 08:10 - 2014-11-25 08:13 - 17276616 _____ (Logitech ) C:\Users\Leonardo08\Downloads\lgs510_x64.exe
2014-11-24 09:54 - 2014-11-24 09:54 - 00000000 __SHD () C:\Users\Leonardo08\AppData\Local\EmieBrowserModeList
2014-11-24 09:51 - 2014-11-24 09:51 - 00015819 _____ () C:\Users\Leonardo08\Downloads\PlayClaw (1).torrent
2014-11-24 09:04 - 2014-11-24 09:04 - 00015819 _____ () C:\Users\Leonardo08\Downloads\PlayClaw.torrent
2014-11-23 13:20 - 2014-11-23 13:24 - 34288786 _____ () C:\Users\Leonardo08\Downloads\torbrowser-install-4.0.1_en-US.exe
2014-11-23 12:30 - 2014-11-24 07:00 - 00000000 ____D () C:\Users\Leonardo08\Documents\ETS2MP
2014-11-23 12:29 - 2014-11-23 12:29 - 00000890 _____ () C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk
2014-11-23 10:42 - 2014-11-23 10:42 - 03041240 _____ () C:\Users\Leonardo08\Downloads\ets2mp_client.zip
2014-11-23 10:41 - 2014-11-23 10:42 - 06334562 _____ () C:\Users\Leonardo08\Downloads\SweetFX_Hexagonsphere_for_ETS2.zip
2014-11-23 07:59 - 2014-11-23 07:59 - 00000222 _____ () C:\Users\Leonardo08\Desktop\Euro Truck Simulator 2.url
2014-11-22 04:55 - 2014-11-22 04:55 - 00000539 _____ () C:\Users\Leonardo08\Downloads\[kickass.so]zip.bomb.insanely.huge.zip.archive.4zb (1).torrent
2014-11-22 04:54 - 2014-11-22 04:54 - 00000642 _____ () C:\Users\Leonardo08\Downloads\[kickass.so]zip.bomb.insanely.huge.zip.archive.4zb.torrent
2014-11-21 12:46 - 2014-11-21 12:46 - 00000000 ____D () C:\ProgramData\Apple
2014-11-21 12:46 - 2014-11-21 12:46 - 00000000 ____D () C:\Program Files\Bonjour
2014-11-21 12:46 - 2014-11-21 12:46 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-11-21 12:37 - 2014-11-21 12:42 - 67350808 _____ (Logitech Inc.) C:\Users\Leonardo08\Downloads\LGS_8.57.145_x64_Logitech.exe
2014-11-21 09:36 - 2014-11-21 09:36 - 00000340 _____ () C:\Users\Leonardo08\Downloads\detekt.log
2014-11-21 09:31 - 2014-11-21 09:35 - 27397235 _____ () C:\Users\Leonardo08\Downloads\detekt.exe
2014-11-21 09:31 - 2014-11-21 09:31 - 00469431 _____ () C:\Users\Leonardo08\Downloads\detekt-1.4.zip
2014-11-21 09:25 - 2014-11-21 09:26 - 05531394 _____ () C:\Users\Leonardo08\Downloads\whatsup_1.0.5_armel.deb
2014-11-21 08:53 - 2014-11-21 08:54 - 00031907 _____ () C:\Users\Leonardo08\Downloads\Anonymous_Archive_v17.7z.torrent
2014-11-20 10:06 - 2014-11-20 10:06 - 00000222 _____ () C:\Users\Leonardo08\Desktop\The Talos Principle Public Test.url
2014-11-20 09:09 - 2014-11-20 09:09 - 00152197 _____ () C:\Users\Leonardo08\Downloads\lagos_tr.qm
2014-11-18 09:28 - 2014-11-18 09:34 - 00000000 ____D () C:\Users\Leonardo08\Desktop\Yeni klasör
2014-11-18 08:32 - 2014-11-18 09:26 - 194229772 _____ () C:\Users\Leonardo08\Downloads\Clash of Clans Hack.rar
2014-11-15 13:12 - 2014-11-15 13:12 - 83693577 _____ () C:\Users\Leonardo08\Desktop\1500kBBC Two - Top Gear Series 21 Burma Special - Part 1 Burma - Naypyiadaw mods and drag race.mp4
2014-11-15 13:05 - 2014-11-15 13:12 - 83973087 _____ () C:\Users\Leonardo08\Desktop\1500kBBC Two - Top Gear Series 21 Burma Special - Part 1 Burma - Naypyiadaw mods and drag race.flv
2014-11-15 12:54 - 2014-11-15 12:54 - 00000722 _____ () C:\Users\Leonardo08\Desktop\GetFLV.lnk
2014-11-15 12:49 - 2014-11-15 12:50 - 00000000 ____D () C:\Users\Leonardo08\Downloads\Yeni klasör (2)
2014-11-15 12:42 - 2014-11-15 12:42 - 32034393 _____ () C:\Users\Leonardo08\Downloads\GetFLV_Pro_9.6.8.8_Multilingual_sof.rar
2014-11-15 11:46 - 2014-12-05 16:43 - 00000000 ____D () C:\Users\Leonardo08\AppData\Roaming\DMCache
2014-11-15 11:46 - 2014-12-05 07:02 - 00000000 ____D () C:\Users\Leonardo08\AppData\Roaming\IDM
2014-11-15 11:46 - 2014-11-21 07:19 - 00000000 ____D () C:\Users\Leonardo08\Downloads\Video
2014-11-15 11:46 - 2014-11-15 11:46 - 00000000 ____D () C:\Users\Leonardo08\Downloads\Compressed
2014-11-15 11:46 - 2014-11-15 11:46 - 00000000 ____D () C:\ProgramData\IDM
2014-11-15 11:45 - 2014-11-15 11:45 - 00001137 _____ () C:\Users\Leonardo08\Desktop\Internet Download Manager.lnk
2014-11-15 11:45 - 2014-11-15 11:45 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-11-15 11:42 - 2014-11-15 11:43 - 08799125 _____ () C:\Users\Leonardo08\Downloads\internet_download_manager_6.21_build_15_final_tr_temal__.zip
2014-11-15 11:34 - 2014-11-15 11:34 - 00005565 _____ () C:\Users\Leonardo08\Downloads\489bdab71215e7c0c0
2014-11-15 11:24 - 2014-11-15 11:24 - 00000000 ____D () C:\Users\Leonardo08\AppData\Roaming\ProgSense
2014-11-15 11:22 - 2014-11-19 12:48 - 00000000 ____D () C:\Users\Leonardo08\AppData\Roaming\Orbit
2014-11-15 11:22 - 2014-11-15 11:22 - 05498816 _____ (www.orbitdownloader.com ) C:\Users\Leonardo08\Downloads\OrbitDownloaderSetup.exe
2014-11-15 09:11 - 2014-11-15 09:15 - 00000000 ____D () C:\Users\Leonardo08\AppData\Roaming\Knights Saves
2014-11-15 03:44 - 2014-10-29 16:55 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-15 03:44 - 2014-10-29 16:55 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-15 03:33 - 2014-10-30 21:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-11-15 03:32 - 2014-10-30 21:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2014-11-15 03:32 - 2014-10-30 21:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2014-11-15 03:32 - 2014-10-30 21:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2014-11-15 03:32 - 2014-10-30 21:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2014-11-15 03:32 - 2014-10-30 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2014-11-15 03:32 - 2014-10-30 21:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-11-15 03:32 - 2014-10-30 21:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-11-15 03:32 - 2014-10-30 21:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-11-15 03:32 - 2014-10-30 21:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-11-15 03:32 - 2014-10-30 21:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-11-15 03:32 - 2014-10-30 21:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2014-11-15 03:32 - 2014-10-30 21:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-11-15 03:32 - 2014-10-30 20:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-11-15 03:32 - 2014-10-30 20:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-11-15 03:32 - 2014-10-30 20:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2014-11-15 03:32 - 2014-10-30 20:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-11-15 03:32 - 2014-10-30 20:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\hlink.dll
2014-11-15 03:32 - 2014-10-30 20:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-11-15 03:32 - 2014-10-30 20:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-11-15 03:32 - 2014-10-30 20:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-11-15 03:32 - 2014-10-30 20:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-11-15 03:32 - 2014-10-30 20:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-11-15 03:32 - 2014-10-30 20:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2014-11-15 03:32 - 2014-10-30 20:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-11-15 03:32 - 2014-10-30 20:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-15 03:32 - 2014-10-30 20:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2014-11-15 03:32 - 2014-10-30 20:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2014-11-15 03:32 - 2014-10-30 20:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2014-11-15 03:32 - 2014-10-30 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-11-15 03:32 - 2014-10-30 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-11-15 03:32 - 2014-10-30 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2014-11-15 03:32 - 2014-10-30 20:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2014-11-15 03:32 - 2014-10-30 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-11-15 03:32 - 2014-10-30 20:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2014-11-15 03:32 - 2014-10-30 20:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2014-11-15 03:32 - 2014-10-30 20:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2014-11-15 03:32 - 2014-10-30 20:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-11-15 03:32 - 2014-10-30 20:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-11-15 03:32 - 2014-10-30 20:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-11-15 03:32 - 2014-10-30 20:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-11-15 03:32 - 2014-10-30 19:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-11-15 03:32 - 2014-10-30 19:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-11-15 03:32 - 2014-10-30 19:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2014-11-15 03:32 - 2014-10-30 19:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-15 03:32 - 2014-10-30 19:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2014-11-15 03:32 - 2014-10-30 19:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-11-15 03:32 - 2014-10-30 19:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-11-15 03:32 - 2014-10-30 19:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-15 03:32 - 2014-10-30 19:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-11-15 03:32 - 2014-10-30 19:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-11-15 03:32 - 2014-10-30 19:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-15 03:32 - 2014-10-30 19:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-15 03:32 - 2014-10-30 19:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-15 03:32 - 2014-10-30 19:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-15 03:32 - 2014-10-30 19:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-11-15 03:32 - 2014-10-30 19:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-15 03:32 - 2014-10-30 19:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-15 03:32 - 2014-10-30 19:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-11-15 03:32 - 2014-10-30 19:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-15 03:32 - 2014-10-30 19:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-15 03:32 - 2014-10-30 19:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-15 03:32 - 2014-10-30 19:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-11-15 03:32 - 2014-10-30 19:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-15 03:32 - 2014-10-30 19:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2014-11-15 03:32 - 2014-10-30 19:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-15 03:32 - 2014-10-30 19:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-15 03:32 - 2014-10-30 19:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-15 03:32 - 2014-10-30 19:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-11-15 03:32 - 2014-10-30 19:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-15 03:32 - 2014-10-30 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-15 03:32 - 2014-10-30 18:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-11-15 03:32 - 2014-10-30 18:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-15 03:32 - 2014-10-30 18:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-11-15 03:32 - 2014-10-30 18:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-15 03:32 - 2014-10-30 18:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-15 03:32 - 2014-10-30 18:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-15 03:32 - 2014-10-30 18:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-11-15 03:32 - 2014-10-30 18:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-15 03:32 - 2014-10-30 18:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-11-15 03:32 - 2014-10-30 18:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-15 03:32 - 2014-10-30 18:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-11-15 03:32 - 2014-10-30 18:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-11-15 03:32 - 2014-10-30 18:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-15 03:32 - 2014-10-30 18:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-15 03:32 - 2014-10-30 18:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-15 03:32 - 2014-10-30 18:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-15 03:32 - 2014-10-30 18:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-15 03:32 - 2014-10-30 18:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-11-15 03:32 - 2014-10-30 18:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-15 03:32 - 2014-10-30 18:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-15 03:32 - 2014-10-30 18:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-15 03:28 - 2014-10-09 17:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-11-15 03:28 - 2014-10-09 17:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2014-11-15 03:28 - 2014-10-09 17:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2014-11-15 03:28 - 2014-10-07 23:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2014-11-15 03:28 - 2014-10-07 23:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2014-11-15 03:28 - 2014-10-07 23:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2014-11-15 03:28 - 2014-10-07 23:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\rfxvmt.dll
2014-11-15 03:28 - 2014-10-07 22:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll
2014-11-15 03:28 - 2014-10-07 22:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-15 03:28 - 2014-10-07 22:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-15 03:28 - 2014-10-07 22:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-11-15 03:28 - 2014-10-07 22:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-11-15 03:28 - 2014-10-07 21:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2014-11-15 03:27 - 2014-10-18 01:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-11-15 03:27 - 2014-10-18 00:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2014-11-15 03:27 - 2014-10-18 00:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2014-11-15 03:27 - 2014-10-17 23:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-15 03:27 - 2014-10-17 22:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\wuaext.dll
2014-11-15 03:27 - 2014-10-17 22:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-11-15 03:27 - 2014-10-17 22:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-11-15 03:27 - 2014-10-17 22:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-11-15 03:27 - 2014-10-17 22:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2014-11-15 03:27 - 2014-10-17 22:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-11-15 03:27 - 2014-10-17 22:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-11-15 03:27 - 2014-10-17 22:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-11-15 03:27 - 2014-10-17 22:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-15 03:27 - 2014-10-17 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-15 03:27 - 2014-10-17 22:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-15 03:27 - 2014-10-17 22:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-15 03:27 - 2014-10-12 18:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2014-11-15 03:27 - 2014-10-10 16:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-11-15 03:27 - 2014-10-10 16:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-15 03:27 - 2014-10-07 23:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2014-11-15 03:27 - 2014-10-07 23:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll
2014-11-15 03:27 - 2014-10-07 22:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-15 03:27 - 2014-10-07 21:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2014-11-15 03:27 - 2014-10-07 21:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-15 03:27 - 2014-10-06 22:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2014-11-15 03:27 - 2014-10-06 22:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2014-11-15 03:27 - 2014-10-06 22:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2014-11-15 03:27 - 2014-10-06 22:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2014-11-15 03:27 - 2014-10-06 22:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2014-11-15 03:27 - 2014-10-06 19:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-15 03:27 - 2014-10-06 19:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-15 03:27 - 2014-10-06 19:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-15 03:27 - 2014-10-06 19:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-11-15 03:27 - 2014-10-06 17:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2014-11-15 03:27 - 2014-10-06 17:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-11-15 03:27 - 2014-09-26 23:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\System32\ncryptsslp.dll
2014-11-15 03:27 - 2014-09-26 21:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-15 03:27 - 2014-09-26 19:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-11-15 03:27 - 2014-09-26 19:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\System32\dpapisrv.dll
2014-11-15 03:27 - 2014-09-26 19:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-15 03:27 - 2014-09-21 20:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll
2014-11-15 03:27 - 2014-09-21 19:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys
2014-11-15 03:27 - 2014-09-21 19:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdNisDrv.sys
2014-11-15 03:27 - 2014-09-21 18:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys
2014-11-15 03:27 - 2014-09-18 16:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-15 03:27 - 2014-09-02 14:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\winshfhc.dll
2014-11-15 03:27 - 2014-09-02 14:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2014-11-15 03:26 - 2014-10-16 23:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2014-11-15 03:26 - 2014-10-16 22:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-15 03:26 - 2014-08-22 21:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-11-15 03:26 - 2014-08-22 21:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-15 03:25 - 2014-11-15 03:34 - 78923406 _____ () C:\Users\Leonardo08\Downloads\GLSLHacker_CodeSamplePack_DEV.zip
2014-11-15 03:25 - 2014-10-22 21:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-11-15 03:25 - 2014-10-22 21:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-14 16:40 - 2014-11-14 16:40 - 00000222 _____ () C:\Users\Leonardo08\Desktop\Knights and Merchants.url
2014-11-14 15:20 - 2014-11-14 15:21 - 02703369 _____ () C:\Users\Leonardo08\Downloads\s launcher prime (galaxy s5 launcher) v2.9 .rar
2014-11-13 07:03 - 2014-12-07 04:08 - 00001050 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-13 07:03 - 2014-12-07 04:04 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 08:53 - 2014-11-12 08:54 - 00000000 ____D () C:\Users\Leonardo08\Downloads\Rogue Trip - Vacation 2012
2014-11-10 14:04 - 2014-11-10 14:53 - 562557855 _____ () C:\Users\Leonardo08\Downloads\Rogue Trip - Vacation 2012.7z
2014-11-08 02:42 - 2014-11-08 02:45 - 00000000 ____D () C:\Users\Leonardo08\Downloads\Yeni klasör
2014-11-08 01:51 - 2014-11-08 02:29 - 1579699493 _____ () C:\Users\Leonardo08\Downloads\BATMAN-ARKHAM-ORIGINS-MOD.rar
2014-11-08 01:39 - 2014-11-08 01:39 - 19803045 _____ () C:\Users\Leonardo08\Downloads\Batman Arkham Origins Mod (Unlimited Money) v1.2.9 - FileChoco.com.apk
2014-11-08 01:24 - 2014-11-15 03:36 - 00000000 ____D () C:\Users\Leonardo08\Desktop\GLSLHacker_DEV_win64
2014-11-08 01:11 - 2014-11-08 01:23 - 324193331 _____ () C:\Users\Leonardo08\Downloads\update (2).zip
2014-11-07 11:30 - 2014-11-07 11:30 - 00000274 _____ () C:\Windows\Tasks\ASC7_SkipUac_Leonardo08.job
2014-11-07 10:38 - 2014-11-07 10:58 - 36629892 _____ () C:\Users\Leonardo08\Downloads\GLSLHacker_DEV_win64.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-07 14:59 - 2014-03-14 11:29 - 00000000 __SHD () C:\Recovery
2014-12-07 04:58 - 2014-03-24 22:30 - 00722746 _____ () C:\Windows\System32\perfh01F.dat
2014-12-07 04:58 - 2014-03-24 22:30 - 00149888 _____ () C:\Windows\System32\perfc01F.dat
2014-12-07 04:58 - 2014-03-14 11:37 - 01728544 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-12-07 04:57 - 2014-03-14 11:35 - 01625860 _____ () C:\Windows\WindowsUpdate.log
2014-12-07 04:57 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-07 04:49 - 2014-03-29 02:25 - 00000814 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-07 04:36 - 2014-05-15 07:58 - 00004984 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Leonardo08-Leonardo08 Leonardo08
2014-12-07 04:23 - 2014-03-14 12:27 - 00000000 _____ () C:\Windows\Path.idx
2014-12-07 04:17 - 2014-03-14 12:22 - 01048576 _____ () C:\Windows\PE_Rom.dll
2014-12-06 02:02 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\sru
2014-12-06 01:50 - 2014-03-14 13:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-05 16:43 - 2014-03-14 12:39 - 00000000 ____D () C:\Users\Leonardo08\AppData\Roaming\TS3Client
2014-12-05 16:00 - 2014-04-05 04:51 - 00000000 ____D () C:\Users\Leonardo08\AppData\Local\Adobe
2014-12-05 14:40 - 2014-03-15 00:03 - 00000000 ____D () C:\Users\Leonardo08\AppData\Roaming\Skype
2014-12-05 14:31 - 2014-05-05 08:47 - 00000659 _____ () C:\Windows\MB.idx
2014-12-04 10:56 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-12-03 13:00 - 2014-03-14 11:35 - 00000000 ____D () C:\users\Leonardo08
2014-12-03 08:09 - 2014-07-12 04:58 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-03 07:42 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-02 11:38 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\NDF
2014-12-01 07:30 - 2014-03-14 11:41 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2800835219-1653208552-1217496347-1001
2014-12-01 07:07 - 2014-03-15 05:05 - 00000000 ____D () C:\Users\Leonardo08\AppData\Roaming\uTorrent
2014-11-30 21:47 - 2014-04-07 06:23 - 00000000 ____D () C:\Users\Leonardo08\Desktop\Yeni klasör08
2014-11-30 21:47 - 2014-03-26 11:41 - 00000000 ____D () C:\Fraps
2014-11-30 09:50 - 2014-06-05 21:51 - 00493568 ___SH () C:\Users\Leonardo08\Downloads\Thumbs.db
2014-11-29 15:33 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\addins
2014-11-27 09:13 - 2014-04-18 23:41 - 00000000 ____D () C:\Users\Leonardo08\AppData\Local\CrashDumps
2014-11-26 12:11 - 2014-03-14 12:30 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 12:57 - 2014-03-14 11:36 - 00000000 ____D () C:\Users\Leonardo08\AppData\Local\Packages
2014-11-25 11:51 - 2014-03-29 02:25 - 00003702 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-25 09:21 - 2014-03-16 04:09 - 00000000 ____D () C:\Users\Leonardo08\Documents\Euro Truck Simulator 2
2014-11-24 09:16 - 2014-04-08 06:53 - 01369600 ___SH () C:\Users\Leonardo08\Desktop\Thumbs.db
2014-11-24 06:58 - 2014-03-18 11:55 - 00000000 ____D () C:\Users\Leonardo08\AppData\Local\Microsoft Help
2014-11-22 16:05 - 2014-03-29 14:31 - 00000000 ____D () C:\Users\Leonardo08\AppData\Roaming\vlc
2014-11-22 07:16 - 2014-08-21 02:46 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-11-21 12:46 - 2014-03-15 02:14 - 00018960 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2014-11-19 07:12 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache
2014-11-16 08:55 - 2014-08-09 06:29 - 05106352 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-11-16 08:53 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-11-16 08:53 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\tr-TR
2014-11-16 08:53 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-16 08:53 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-15 03:34 - 2014-09-22 10:42 - 103374192 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-11-15 03:34 - 2014-09-22 10:42 - 00000000 ____D () C:\Windows\System32\MRT
2014-11-13 11:50 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\BBI
2014-11-13 07:03 - 2014-03-14 12:26 - 00004022 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 07:03 - 2014-03-14 12:26 - 00003786 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-07 11:29 - 2014-10-31 13:08 - 00002174 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2014-11-07 11:28 - 2014-05-18 07:53 - 00000000 ____D () C:\Users\Leonardo08\AppData\Local\Unity
 
Files to move or delete:
====================
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp58B6.exe
C:\ProgramData\DT0001.dat
C:\ProgramData\DT0006.dat
 
 
Some content of TEMP:
====================
C:\Users\Leonardo08\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Leonardo08\AppData\Local\Temp\UpdateFlashPlayer_d50d2f37.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2014-09-22 10:15] - [2014-08-22 23:48] - 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA
 
C:\Windows\SysWOW64\explorer.exe
[2014-09-22 10:15] - [2014-08-22 23:13] - 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2014-11-15 03:27] - [2014-09-21 20:38] - 1519488 ____A (Microsoft Corporation) F0A117D19873FCDF801F082F33BFBB6C
 
C:\Windows\SysWOW64\User32.dll
[2014-11-15 03:27] - [2014-09-18 16:16] - 1346048 ____A (Microsoft Corporation) 5F333FDBF392850373C89BDA31EBEC1B
 
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-09-24 21:43] - [2014-06-18 18:13] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB
 
 
==================== Restore Points  =========================
 
Restore point made on: 2014-11-21 12:45:14
Restore point made on: 2014-11-29 14:36:25
Restore point made on: 2014-11-29 14:37:51
 
==================== Memory info =========================== 
 
Percentage of memory in use: 19%
Total physical RAM: 3773.44 MB
Available physical RAM: 3042.32 MB
Total Pagefile: 3773.44 MB
Available Pagefile: 3057.28 MB
Total Virtual: 131072 MB
Available Virtual: 131071.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:150.26 GB) (Free:5.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:781.25 GB) (Free:57.27 GB) NTFS
Drive i: () (Removable) (Total:2.88 GB) (Free:2.82 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A3DA208E)
Partition 1: (Not Active) - (Size=781.3 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=150.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 2.9 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
 
LastRegBack: 2014-12-03 08:42
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 leonardo08

leonardo08
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 11 December 2014 - 02:30 PM

guys malware bytes going crazy blockin' websites please be quick :D



#3 leonardo08

leonardo08
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 13 December 2014 - 12:34 PM

bump



#4 leonardo08

leonardo08
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 13 December 2014 - 01:24 PM

malwarebytes says its an Trojan.Agent.FSAVXGen i dunno if it helps 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:08 AM

Posted 16 December 2014 - 10:26 AM

removed.

Edited by nasdaq, 16 December 2014 - 10:37 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:08 AM

Posted 16 December 2014 - 10:26 AM



Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM-x32\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI]  <==== ATTENTION!
HKU\Leonardo08\...\Run: [ISsoft] => regsvr32.exe C:\Users\Leonardo08\AppData\Local\ISsoft\symMan16.dll <===== ATTENTION
HKU\Leonardo08\...\Run: [{964FE94B-1F30-A557-54E4-535FBE8A93EB}] => C:\ProgramData\Microsoft\Secure\Icons\temp\tmp58B6.exe [143360 2014-12-07] () <===== ATTENTION
HKU\Leonardo08\...\Run: [AVGworks] => C:\Users\Leonardo08\AppData\Local\AVGworks\tmp58B6.exe [143360 2014-12-07] ()
S2 Ati External Event Utility; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S4 RAMDiskVE; \SystemRoot\System32\Drivers\RAMDiskVE.sys [X]
C:\Users\Leonardo08\AppData\Local\AVGworks\tmp58B6.exe
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp58B6.exe
C:\Users\Leonardo08\AppData\Local\ISsoft\symMan16.dll 

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===


Please run the Farbar tool normally one more time and post a fresh FRST log for my review.

How is the computer running now?

Edited by nasdaq, 16 December 2014 - 10:38 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:08 AM

Posted 16 December 2014 - 10:37 AM

This topic has been re-opened at the request of the person who originally posted.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:08 AM

Posted 22 December 2014 - 11:02 AM

Are you still with me?

#9 leonardo08

leonardo08
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 22 December 2014 - 03:26 PM

im here im checking



#10 leonardo08

leonardo08
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 22 December 2014 - 04:38 PM

i did everything but i forgot to save adwcleaners log if the trojen pops up again i will contact you thank you for your help.

Attached Files



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:08 AM

Posted 23 December 2014 - 09:18 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#12 leonardo08

leonardo08
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 23 December 2014 - 02:03 PM

nope it popped up again today. Any ideas?



#13 leonardo08

leonardo08
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 23 December 2014 - 02:14 PM

when i delete the files of trojen it reinstalls itself and pops up again in new name but in same form it looks something like this flash.jpg but not same when it pops up again i will take a SS and put here 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:08 AM

Posted 23 December 2014 - 02:30 PM

Reset the browsers that have been compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

Keep me posted.

#15 leonardo08

leonardo08
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 25 December 2014 - 12:49 PM

sorry im in my exam week so i cant answer quickly... i did what you said and waiting it now it popped up about 15 min ago avg deleted the virus and wanted me to restart my computer if it pops up again i will send a reply Merry christmas






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users