Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello, filename+mgr.exe virus


  • This topic is locked This topic is locked
11 replies to this topic

#1 AeonWuLF

AeonWuLF

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 06 March 2017 - 11:25 AM

I have tried to clean up my pc with checking old topics. but it didn't help. I used roguekiller and adwcleaner. Still having the issue. It is infecting my exe files too and putting an exe into start up folder called jikueone.exe. And also now it is popping up 4 empty internet explorer windows when i start an infected client. 

 

Here is the FRST report

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by LucaS (administrator) on LUCAS-P (06-03-2017 19:08:44)
Running from C:\Users\LucaS\Desktop\frst
Loaded Profiles: LucaS (Available Profiles: LucaS & Güney)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Türkçe (Türkiye)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software) C:\Program Files (x86)\Opera\launcher.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera_autoupdate.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-29] (Logitech Inc.)
HKU\S-1-5-21-358870892-898043370-4192596704-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 11 C:\Windows\SysWOW64\PrxerNsp.dll [92328 2016-11-22] ()
Winsock: Catalog5-x64 11 C:\Windows\system32\PrxerNsp.dll [105128 2016-11-22] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{044D42AE-5FAC-4F96-9488-7DA4D8214A47}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{696EE57E-3A28-4E22-8EA8-35913BC87934}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{696EE57E-3A28-4E22-8EA8-35913BC87934}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{D761DA1C-968E-4145-9469-BA146886973A}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-358870892-898043370-4192596704-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-358870892-898043370-4192596704-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-358870892-898043370-4192596704-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-17] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-17] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: No Name -> {875ED4CE-4226-4198-EECF-362272FFA463} -> No File
BHO-x32: No Name -> {899cb168-2437-12ed-b754-176f4530e1c2} -> No File
BHO-x32: Microsoft hesabı Oturum Açma Yardım Aracı -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\Güney\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll [2012-11-01] (Trend Media Group)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\LucaS\AppData\Roaming\Mozilla\Firefox\Profiles\jsr6cokm.default-1466878970857 [2017-03-06]
FF Extension: (uBlock Origin) - C:\Users\LucaS\AppData\Roaming\Mozilla\Firefox\Profiles\jsr6cokm.default-1466878970857\Extensions\uBlock0@raymondhill.net.xpi [2016-12-20]
FF Extension: (z) - C:\Program Files (x86)\Mozilla Firefox\extensions\{dacd4f1b-6d16-cee5-c1fd-655e29b26360} [2016-12-20] [not signed]
FF HKU\S-1-5-21-358870892-898043370-4192596704-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\LucaS\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\LucaS\AppData\Roaming\IDM\idmmzcc5 [2017-03-06] [not signed]
FF HKU\S-1-5-21-358870892-898043370-4192596704-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\LucaS\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-12] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-03-24] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\LucaS\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-358870892-898043370-4192596704-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\LucaS\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll [2013-12-18] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-358870892-898043370-4192596704-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\LucaS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-05] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-358870892-898043370-4192596704-1000: @www.flatcast.com/FlatViewer 5.2 -> C:\Users\LucaS\AppData\Roaming\Mozilla\Plugins\NpFv530.dll [2011-09-23] (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NpFv522.dll [2009-09-21] (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll [2011-09-23] (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\LucaS\AppData\Roaming\mozilla\plugins\NpFv530.dll [2011-09-23] (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Users\LucaS\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2014-05-18] (Octoshape ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\LucaS\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.186\pepflashplayer.dll => No File
CHR Profile: C:\Users\LucaS\AppData\Local\Google\Chrome\User Data\Default [2017-03-06]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\LucaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-03-06]
CHR Extension: (Adblock Plus) - C:\Users\LucaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-05]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\LucaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2017-03-06]
CHR Extension: (Video Blocker) - C:\Users\LucaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jknkjnpcbbgcbdbaampbjlhkcghmgfhk [2017-03-05]
CHR Extension: (Chrome Web Mağazası Ödemeleri) - C:\Users\LucaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Hover Zoom) - C:\Users\LucaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2017-03-06]
CHR Extension: (Chrome Media Router) - C:\Users\LucaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-05]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-06-17]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-06-17]
CHR HKLM-x32\...\Chrome\Extension: [ojmcefcpojnkmmblchnllkaphlpdobgd] - C:\Joygame\JoyTemp\ChromeEklenti\homepage_extension_1_5.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ADUServiceNSRT; C:\Program Files (x86)\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe [94888 2016-08-12] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
S4 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-04-12] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-04-12] (BlueStack Systems, Inc.)
S4 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [433688 2016-04-12] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [921112 2016-04-12] (BlueStack Systems, Inc.)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [190419 2015-04-27] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S4 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
S4 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2015-04-27] (Portrait Displays, Inc.) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [180667 2015-04-27] (Macrovision Corporation) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-29] (Logitech Inc.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
S4 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [63488 2010-08-10] (Nalpeiron Ltd.) [File not signed]
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [89136 2015-04-27] (Microsoft Corporation) [File not signed]
S4 PdiService; C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [117552 2015-04-27] (Portrait Displays, Inc.) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-29] ()
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 YandexBrowserService; "C:\Program Files (x86)\Yandex\YandexBrowser\17.3.0.1785\service_update.exe" --run-as-service [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-04-12] (BlueStack Systems)
R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-04-06] (Bluestack System Inc. )
R3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-14] (DT Soft Ltd)
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.)
R4 KProcessHacker3; C:\Program Files\Process Hacker 2\kprocesshacker.sys [45208 2016-03-29] (wj32)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [85160 2016-04-19] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20784 2012-04-16] (Portrait Displays, Inc.)
S3 rkion; C:\Windows\system32\rakon64.sys [86352 2015-11-22] ()
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2013-05-29] (Spotflux, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-03-06] ()
S3 uisp; C:\Windows\System32\Drivers\mtdfu.sys [17936 2013-08-26] (Logitech, Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
S3 AcmePro_x64; \??\E:\Games\oldko\AcmePro_x64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 OSFMount; \??\C:\Program Files (x86)\BlueStacks\broot\bin\OSFMount.sys [X]
S3 PBDOWNFORCE_TEST_SERVICE; \??\C:\Users\LucaS\Desktop\Test.sys [X]
S2 PfModNT; \??\C:\Windows\system32\PfModNT.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va063; \??\C:\Windows\SysWOW64\Drivers\X6va063 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-06 18:48 - 2017-03-06 18:48 - 00062123 _____ C:\ComboFix.txt
2017-03-06 18:27 - 2017-03-06 19:02 - 00258576 _____ C:\Windows\ntbtlog.txt
2017-03-06 13:55 - 2017-03-06 13:55 - 00000000 ____D C:\Users\LucaS\AppData\Local\MultiPlayerManager
2017-03-06 13:35 - 2017-03-06 13:35 - 00003198 _____ C:\Windows\System32\Tasks\{977A8058-C2A8-4310-84C5-F3D0BBF66060}
2017-03-06 13:25 - 2017-03-06 13:25 - 00000000 ____D C:\Users\Güney\AppData\Roaming\Process Hacker 2
2017-03-06 13:22 - 2017-03-06 13:22 - 00000000 ____D C:\Users\Güney\AppData\LocalLow\uTorrent
2017-03-06 13:06 - 2017-03-06 13:06 - 00000000 ____D C:\ProgramData\dbg
2017-03-06 03:12 - 2017-03-06 19:02 - 00002243 _____ C:\Windows\epplauncher.mif
2017-03-06 03:10 - 2017-03-06 03:11 - 15065792 _____ (Microsoft Corporation) C:\Users\LucaS\Downloads\mseinstall.exe
2017-03-06 02:57 - 2015-10-12 18:05 - 00018779 _____ C:\Users\LucaS\Desktop\AdwCleaner[C1].txt
2017-03-06 02:42 - 2017-03-06 19:08 - 00000000 ____D C:\FRST
2017-03-06 02:41 - 2017-03-06 02:41 - 00012161 _____ C:\Users\LucaS\Desktop\AdwCleaner[C2].txt
2017-03-06 02:34 - 2017-03-06 02:09 - 00011423 _____ C:\Users\LucaS\Desktop\AdwCleaner[S2].txt
2017-03-06 02:34 - 2015-10-12 17:59 - 00017425 _____ C:\Users\LucaS\Desktop\AdwCleaner[S1].txt
2017-03-06 02:31 - 2017-03-06 02:32 - 00216085 _____ C:\Users\LucaS\Desktop\roguekiller.txt
2017-03-06 02:02 - 2017-03-06 19:08 - 00000000 ____D C:\Users\LucaS\Desktop\frst
2017-03-06 02:01 - 2017-03-06 02:01 - 02423808 _____ (Farbar) C:\Users\LucaS\Downloads\FRST64.exe
2017-03-06 01:59 - 2017-03-06 01:59 - 04031440 _____ C:\Users\LucaS\Downloads\adwcleaner_6.044.exe
2017-03-06 01:59 - 2017-03-06 01:59 - 04031440 _____ C:\Users\LucaS\Desktop\adwcleaner_6.044.exe
2017-03-06 01:35 - 2017-03-06 02:44 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-06 01:34 - 2017-03-06 01:35 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-06 01:34 - 2017-03-06 01:34 - 13183048 _____ C:\Users\LucaS\Downloads\RogueKillerX64_old.exe
2017-03-06 01:34 - 2017-03-06 01:34 - 13183048 _____ C:\Users\LucaS\Desktop\RogueKillerX64_old.exe
2017-03-06 00:25 - 2017-03-06 00:30 - 146893584 _____ (Microsoft Corporation) C:\Users\LucaS\Downloads\msert (4).exe
2017-03-05 18:49 - 2017-03-05 18:49 - 01129376 _____ (Google Inc.) C:\Users\LucaS\Downloads\ChromeSetup.exe
2017-03-05 16:12 - 2017-03-05 16:14 - 12590133 _____ C:\Users\LucaS\Downloads\Summoners War 3.2.6 Dumb + 2800dmg by G-Bo.apk
2017-03-05 15:24 - 2017-03-05 15:26 - 12590125 _____ C:\Users\LucaS\Downloads\Summoners War 3.2.6 AlwaysTurn + 2800dmg by G-Bo.apk
2017-03-05 01:34 - 2017-03-05 01:37 - 30925021 _____ C:\Users\LucaS\Downloads\manuel.rar
2017-03-04 10:55 - 2017-03-04 10:55 - 00000000 ____D C:\Users\Güney\Downloads\pesmod v4 peslife.net
2017-03-04 10:53 - 2017-03-04 10:53 - 00022942 _____ C:\Users\Güney\Downloads\pesmod v4 peslife.net.torrent
2017-03-03 21:05 - 2017-03-03 21:05 - 00061363 _____ C:\Users\LucaS\Downloads\libvorbisfile.zip
2017-03-03 21:05 - 2016-10-12 12:53 - 00120248 _____ (Xiph.org Foundation) C:\Windows\SysWOW64\libvorbisfile.dll
2017-03-02 18:09 - 2017-03-02 18:09 - 00000000 ____D C:\ProgramData\Yandex
2017-03-02 01:36 - 2017-03-02 01:21 - 05660168 ____R (Swearware) C:\Users\LucaS\Desktop\ComboFix.exe
2017-03-02 01:21 - 2017-03-02 01:21 - 05660168 _____ (Swearware) C:\Users\LucaS\Downloads\ComboFix (1).exe
2017-03-02 01:20 - 2017-03-02 01:20 - 00007605 _____ C:\Users\LucaS\AppData\Local\Resmon.ResmonCfg
2017-02-22 14:34 - 2017-02-22 14:34 - 13177820 _____ C:\Users\LucaS\Downloads\1301.zip
2017-02-22 14:34 - 2017-02-22 14:34 - 04343737 _____ C:\Users\LucaS\Downloads\1305.zip
2017-02-22 14:34 - 2017-02-22 14:34 - 00282059 _____ C:\Users\LucaS\Downloads\1299.zip
2017-02-22 14:34 - 2017-02-22 14:34 - 00257395 _____ C:\Users\LucaS\Downloads\1306.zip
2017-02-22 00:48 - 2017-02-22 00:48 - 00486400 _____ C:\Users\LucaS\Downloads\sharpkeys35.msi
2017-02-22 00:48 - 2017-02-22 00:48 - 00000000 ____D C:\Users\LucaS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RandyRants.com
2017-02-22 00:48 - 2017-02-22 00:48 - 00000000 ____D C:\Program Files (x86)\RandyRants.com
2017-02-22 00:39 - 2017-02-22 00:42 - 00000000 ____D C:\ProgramData\KeyExtender
2017-02-22 00:38 - 2017-02-22 00:38 - 00611086 _____ C:\Users\LucaS\Downloads\KeyExtender.zip
2017-02-20 14:05 - 2017-02-20 14:05 - 71738499 _____ C:\Users\Güney\Desktop\kartvizit.psd
2017-02-20 12:13 - 2017-02-20 12:13 - 00000000 ____D C:\Users\Güney\AppData\Roaming\Wondershare
2017-02-20 12:12 - 2017-03-06 00:59 - 00000000 ____D C:\Program Files (x86)\AndreaMosaic
2017-02-20 12:12 - 2017-02-20 12:12 - 00737280 _____ (Indigo Rose Corporation) C:\Windows\iun6002.exe
2017-02-20 12:12 - 2017-02-20 12:12 - 00001989 _____ C:\Users\Güney\Desktop\AndreaMosaic.lnk
2017-02-20 12:12 - 2017-02-20 12:12 - 00000000 ____D C:\Users\Güney\AppData\Roaming\AndreaMosaic
2017-02-20 12:12 - 2017-02-20 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AndreaMosaic
2017-02-18 00:37 - 2017-02-18 00:37 - 00032768 _____ C:\Users\LucaS\Downloads\minor (1).exe
2017-02-15 13:04 - 2017-02-15 13:04 - 00079999 _____ C:\Users\LucaS\Downloads\12714893KUZEY KORAYYILDIRIM (1).pdf
2017-02-15 13:03 - 2017-02-15 13:03 - 00079999 _____ C:\Users\LucaS\Downloads\12714893KUZEY KORAYYILDIRIM.pdf
2017-02-14 15:14 - 2017-02-14 15:14 - 00224778 _____ C:\Users\LucaS\Downloads\mss32.zip
2017-02-12 18:34 - 2017-02-12 18:34 - 00000000 __SHD C:\Users\Güney\AppData\Local\EmieUserList
2017-02-12 18:34 - 2017-02-12 18:34 - 00000000 __SHD C:\Users\Güney\AppData\Local\EmieSiteList
2017-02-12 18:34 - 2017-02-12 18:34 - 00000000 __SHD C:\Users\Güney\AppData\Local\EmieBrowserModeList
2017-02-12 16:19 - 2017-02-12 16:19 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-02-12 16:19 - 2017-02-12 16:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-02-12 16:19 - 2017-02-12 16:19 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-02-12 16:19 - 2017-02-12 16:19 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-02-12 16:19 - 2017-02-12 16:19 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-02-12 16:19 - 2017-02-12 16:19 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-02-12 16:19 - 2017-02-12 16:19 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2017-02-12 16:19 - 2017-02-12 16:19 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2017-02-12 16:19 - 2017-02-12 16:19 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-02-12 16:19 - 2017-02-12 16:19 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-02-12 16:19 - 2017-02-12 16:19 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2017-02-12 16:19 - 2017-02-12 16:19 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2017-02-12 16:19 - 2017-02-12 16:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-02-12 16:19 - 2017-02-12 16:19 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2017-02-12 16:19 - 2017-02-12 16:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2017-02-12 16:19 - 2017-02-12 16:19 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-02-12 16:19 - 2017-02-12 16:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-02-12 16:19 - 2017-02-12 16:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2017-02-12 16:19 - 2017-02-12 16:19 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2017-02-12 16:19 - 2017-02-12 16:19 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-02-12 16:19 - 2017-02-12 16:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2017-02-12 16:19 - 2017-02-12 16:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2017-02-12 16:19 - 2017-02-12 16:19 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-02-12 16:19 - 2017-02-12 16:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2017-02-12 16:19 - 2017-02-12 16:19 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2017-02-12 16:19 - 2017-02-12 16:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2017-02-12 16:19 - 2017-02-12 16:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2017-02-12 16:19 - 2017-02-12 16:19 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2017-02-12 16:19 - 2017-02-12 16:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2017-02-12 16:18 - 2017-02-12 16:18 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2017-02-12 15:59 - 2017-02-12 16:01 - 60783504 _____ (Microsoft Corporation) C:\Users\LucaS\Downloads\EIE11_TR-TR_WOL_WIN764.EXE
2017-02-11 15:17 - 2017-02-11 15:18 - 00027915 _____ C:\Users\LucaS\Downloads\DevilCrafty-Larkozs ErkenKutuAcma.rar
2017-02-08 19:02 - 2017-02-08 19:02 - 02004664 _____ C:\Users\LucaS\Downloads\rsth_x.rar
2017-02-08 18:44 - 2017-02-08 18:44 - 00109548 _____ C:\Users\LucaS\Downloads\HLaimwall.rar
2017-02-04 20:35 - 2017-02-04 20:35 - 00121336 _____ C:\Users\LucaS\Downloads\www.GuitarMe.ru_-_SHOW_MUST_GO_ON_-_Queen.zip
2017-02-04 17:33 - 2017-02-04 17:33 - 00688491 _____ C:\Users\LucaS\Downloads\Alan_Walker_-_Faded_fingerstyle_cover_by_Peter_Gergely.pdf
2017-02-04 02:35 - 2017-02-04 02:35 - 00711681 _____ C:\Users\LucaS\Downloads\Fuse-O-Mat v1.2.zip
2017-02-04 02:32 - 2017-02-04 02:32 - 00709379 _____ C:\Users\LucaS\Downloads\Fuse-O-Mat - Release.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-06 19:03 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-06 18:57 - 2013-10-03 23:38 - 00000000 ____D C:\Users\LucaS\AppData\Roaming\TS3Client
2017-03-06 18:57 - 2013-10-03 23:33 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2017-03-06 18:56 - 2015-10-12 17:59 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-06 18:48 - 2016-03-31 20:56 - 00000000 ____D C:\Program Files\Process Hacker 2
2017-03-06 18:48 - 2014-05-22 21:46 - 00000000 ____D C:\Qoobox
2017-03-06 18:46 - 2009-07-14 05:34 - 00000252 _____ C:\Windows\system.ini
2017-03-06 18:45 - 2013-04-14 15:05 - 00000000 ____D C:\Users\LucaS
2017-03-06 18:33 - 2013-12-11 22:29 - 00045568 ___SH C:\Users\LucaS\Thumbs.db
2017-03-06 18:27 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\tracing
2017-03-06 18:27 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\schemas
2017-03-06 18:21 - 2016-04-25 23:06 - 00000000 ____D C:\Users\LucaS\AppData\Local\Nox
2017-03-06 18:08 - 2016-06-07 23:23 - 00000000 ____D C:\Users\LucaS\AppData\Roaming\Skype
2017-03-06 17:06 - 2016-08-16 19:59 - 00000468 _____ C:\Windows\Tasks\Yandex Browser'ın sistem güncellemesi.job
2017-03-06 16:03 - 2016-04-30 18:13 - 00000000 ____D C:\Program Files (x86)\Pro Evolution Soccer 2016
2017-03-06 14:42 - 2016-09-12 12:01 - 00000000 ____D C:\Users\LucaS\AppData\Roaming\Nox
2017-03-06 14:37 - 2015-12-09 20:20 - 00000000 ____D C:\Users\LucaS\.android
2017-03-06 14:36 - 2016-09-12 12:02 - 00000000 ____D C:\Users\LucaS\vmlogs
2017-03-06 14:36 - 2016-04-25 23:09 - 00000000 ____D C:\Users\LucaS\.BigNox
2017-03-06 13:26 - 2017-01-07 22:56 - 00000000 ____D C:\Users\Güney\AppData\Local\Nox
2017-03-06 13:26 - 2016-08-16 19:59 - 00003560 _____ C:\Windows\System32\Tasks\Yandex Browser'ın sistem güncellemesi
2017-03-06 13:23 - 2017-01-07 22:56 - 00000000 ____D C:\Users\Güney\vmlogs
2017-03-06 13:23 - 2017-01-07 22:56 - 00000000 ____D C:\Users\Güney\.BigNox
2017-03-06 13:23 - 2016-04-27 21:06 - 00000000 ____D C:\Users\Güney\.android
2017-03-06 13:22 - 2017-01-07 23:05 - 00000000 ____D C:\Users\G�ney\AppData\Local\Nox
2017-03-06 13:22 - 2014-12-06 15:33 - 00000000 ____D C:\Users\Güney\AppData\Roaming\uTorrent
2017-03-06 13:22 - 2009-07-14 07:45 - 00033936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-06 13:22 - 2009-07-14 07:45 - 00033936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-06 12:45 - 2016-04-24 11:51 - 00000000 ____D C:\Program Files\Droid4Xext
2017-03-06 12:25 - 2013-04-14 16:41 - 00000000 ____D C:\Program Files (x86)\TmUnitedForever
2017-03-06 04:07 - 2013-04-14 15:14 - 00000000 ____D C:\Users\LucaS\AppData\Roaming\DMCache
2017-03-06 04:04 - 2013-11-16 21:58 - 00000000 ____D C:\Program Files (x86)\HD Tune
2017-03-06 03:12 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2017-03-06 02:36 - 2015-10-12 17:58 - 00000000 ____D C:\AdwCleaner
2017-03-06 02:03 - 2014-07-29 02:00 - 00000000 ____D C:\Users\LucaS\AppData\Local\Adobe
2017-03-06 00:59 - 2016-04-07 19:15 - 00000000 ____D C:\Program Files (x86)\Age of Empires II HD The African Kingdoms
2017-03-06 00:59 - 2014-07-15 22:37 - 00000000 ____D C:\Program Files (x86)\AutoHotkey
2017-03-06 00:59 - 2013-09-29 12:44 - 00000000 ____D C:\Program Files (x86)\AC Tool
2017-03-06 00:59 - 2013-05-18 21:38 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2017-03-06 00:59 - 2013-05-04 16:50 - 00000000 ____D C:\Program Files (x86)\Adobe Media Player
2017-03-06 00:58 - 2016-04-21 00:32 - 00000000 ____D C:\Program Files (x86)\Window Title Changer
2017-03-06 00:58 - 2015-06-17 19:58 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-03-06 00:58 - 2014-11-01 00:34 - 00000000 ____D C:\Program Files (x86)\Notepad++
2017-03-06 00:58 - 2013-08-21 23:17 - 00000000 ____D C:\Program Files (x86)\SopCast
2017-03-06 00:58 - 2013-05-17 19:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2017-03-06 00:58 - 2013-05-12 16:35 - 00000000 ____D C:\Program Files (x86)\Winamp Detect
2017-03-06 00:58 - 2013-04-23 13:37 - 00000000 ____D C:\Program Files (x86)\WinRAR
2017-03-05 18:50 - 2016-12-14 16:32 - 00002263 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-05 18:50 - 2016-12-14 16:32 - 00002251 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-05 13:30 - 2014-05-19 19:25 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-05 11:45 - 2014-12-21 11:56 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-05 10:48 - 2016-04-04 22:32 - 00000000 ____D C:\Users\Güney\Desktop\Untitled Export
2017-03-05 10:07 - 2013-05-06 19:42 - 00000000 ____D C:\Users\Güney\AppData\Roaming\DAEMON Tools Lite
2017-03-05 10:02 - 2017-01-20 21:29 - 00003420 _____ C:\Windows\System32\Tasks\Yandex Browser güncellemesi
2017-03-05 10:02 - 2013-04-15 22:42 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-05 02:22 - 2017-01-25 22:53 - 00000876 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-03-04 16:18 - 2013-05-19 10:54 - 00000000 ____D C:\Users\Güney\AppData\Roaming\DMCache
2017-03-04 16:17 - 2013-05-19 10:54 - 00000000 ____D C:\Users\Güney\AppData\Roaming\Skype
2017-03-03 21:05 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2017-03-02 18:09 - 2014-07-26 18:17 - 00002445 _____ C:\Users\Güney\Desktop\Yandex.lnk
2017-03-02 18:02 - 2016-11-11 21:10 - 00003842 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1478887807
2017-03-01 02:00 - 2013-05-04 16:45 - 00000000 ____D C:\Users\Güney\AppData\Local\Adobe
2017-02-27 12:36 - 2013-05-12 17:01 - 00000000 ____D C:\Users\LucaS\AppData\Roaming\IDM
2017-02-23 23:24 - 2013-04-14 15:14 - 00000000 ____D C:\Users\LucaS\Downloads\Compressed
2017-02-23 20:22 - 2013-04-28 19:35 - 00000000 ____D C:\Users\LucaS\AppData\Roaming\uTorrent
2017-02-23 20:22 - 2013-04-15 01:59 - 00000000 ____D C:\Windows\Panther
2017-02-23 18:52 - 2013-04-14 15:16 - 00000000 ____D C:\Users\LucaS\Desktop\Oyun
2017-02-23 02:17 - 2016-10-01 20:34 - 00000000 ____D C:\Users\LucaS\Documents\ShareX
2017-02-20 14:09 - 2013-04-14 16:36 - 00662210 _____ C:\Windows\system32\perfh01F.dat
2017-02-20 14:09 - 2013-04-14 16:36 - 00142438 _____ C:\Windows\system32\perfc01F.dat
2017-02-20 14:09 - 2009-07-14 08:13 - 01587410 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-20 02:18 - 2013-05-05 20:56 - 00000000 ____D C:\Users\LucaS\AppData\Local\ElevatedDiagnostics
2017-02-16 23:16 - 2013-05-12 16:43 - 00000000 ____D C:\Users\LucaS\AppData\Roaming\vlc
2017-02-12 18:34 - 2013-04-15 23:24 - 00001397 _____ C:\Users\Güney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-12 16:47 - 2015-01-02 23:10 - 00000000 __SHD C:\Users\LucaS\AppData\Local\EmieUserList
2017-02-12 16:47 - 2015-01-02 23:10 - 00000000 __SHD C:\Users\LucaS\AppData\Local\EmieSiteList
2017-02-12 16:47 - 2015-01-02 23:10 - 00000000 __SHD C:\Users\LucaS\AppData\Local\EmieBrowserModeList
2017-02-12 16:38 - 2014-02-27 18:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-12 16:38 - 2013-04-14 15:38 - 00000000 ____D C:\ProgramData\Skype
2017-02-12 16:33 - 2013-04-14 15:06 - 00001397 _____ C:\Users\LucaS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-12 16:23 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-02-08 14:01 - 2016-11-29 15:05 - 00000080 _____ C:\Users\LucaS\AppData\Roaming\mBot.ini
2017-02-07 19:04 - 2015-07-16 13:14 - 00000336 _____ C:\Windows\SysWOW64\secustat.dat
2017-02-07 19:04 - 2014-05-24 06:48 - 00000000 ____D C:\Users\Güney\AppData\Roaming\BITS
2017-02-04 02:29 - 2016-12-22 01:30 - 00000000 ____D C:\Users\LucaS\AppData\Local\Sarkolata
 
==================== Files in the root of some directories =======
 
2016-11-29 15:05 - 2017-02-08 14:01 - 0000080 _____ () C:\Users\LucaS\AppData\Roaming\mBot.ini
2017-03-02 01:20 - 2017-03-02 01:20 - 0007605 _____ () C:\Users\LucaS\AppData\Local\Resmon.ResmonCfg
2014-05-17 21:25 - 2014-05-17 21:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-13 00:58 - 2016-12-13 00:58 - 0000016 _____ () C:\ProgramData\mntemp
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-26 22:55
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:31 PM

Posted 06 March 2017 - 05:49 PM

Hi AeonWuLF,

 

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

Thank you for your patience,

 

packetanalyzer



#3 AeonWuLF

AeonWuLF
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 06 March 2017 - 06:08 PM

Thank you packetanalyzer, take your time



#4 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:31 PM

Posted 08 March 2017 - 09:23 AM

Hi AeonWuLF,

 

Welcome to Bleeping Computer and thank you for posting your FRST log. You can call me packetanalyzer and I will be helping you with your removing malware from your computer. Please take a moment to review the following.

Please read my instructions completely and follow them closely.

Please do not run any tools unless and until I ask you to do so.

Please only run the tools I ask you to run.

If you have any questions at any point, please stop and ask me before you try to complete the step.

Please refrain from using your computer for any purpose other than us working together to clean malware from it until I have notified you your computer is clean.

Please be patient as most of us at Bleeping Computer are volunteers and your logs take
the time to closely analyze. If you do not hear back from me within 48 hours, please feel free to send me a PM.

If I do not hear from you within 3 days after any post, this thread will be closed.

 

++++ Step 1 FRST Fix ++++

  • Move C:\Users\LucaS\Desktop\frst\FRST64.exe to C:\Users\LucaS\Desktop\.
  • Press the windows key + r on your keyboard at the same time (this will open Run)
  • Type notepad.exe
  • Press Enter
  • Copy and paste the code below into the open notepad window
  • Save the file as fixlist.txt in the same folder where the Farbar tool is running from (FRST should be on your desktop).
  • Right click FRST64.exe
  • Click Run as administrator
  • Click the Fix button
  • When FRST finishes running, your computer will restart itself
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\InternetExplorer: Restriction <======= ATTENTION
HKU\S-1-5-21-358870892-898043370-4192596704-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Users\LucaS\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.186\pepflashplayer.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [ojmcefcpojnkmmblchnllkaphlpdobgd] - C:\Joygame\JoyTemp\ChromeEklenti\homepage_extension_1_5.crx <not found>    
S2YandexBrowserService; "C:\Program Files (x86)\Yandex\YandexBrowser\17.3.0.1785\service_update.exe" --run-as-service [X]
S3 AcmePro_x64; \??\E:\Games\oldko\AcmePro_x64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 OSFMount; \??\C:\Program Files (x86)\BlueStacks\broot\bin\OSFMount.sys [X]
S3 PBDOWNFORCE_TEST_SERVICE; \??\C:\Users\LucaS\Desktop\Test.sys [X]
S2 PfModNT; \??\C:\Windows\system32\PfModNT.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va063; \??\C:\Windows\SysWOW64\Drivers\X6va063 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2017-03-05 10:02 - 2017-01-20 21:29 - 00003420 _____ C:\Windows\System32\Tasks\Yandex Browser güncellemesi
File: C:\Windows\SysWOW64\PrxerNsp.dll
File: C:\Users\LucaS\AppData\Roaming\mBot.ini
CMD: type C:\Users\Lucas\AppData\Roaming\mBot.ini
File: C:\ProgramData\mntemp

++++ Step 2 Upload Executable to VirusTotal ++++

  1. Browse to https://www.virustotal.com/
  2. Click File
  3. Click Choose File
  4. Select the file that keeps being created in your startup folder. It is possible the name of the file will change.
  5. Click Open
  6. Click Scan it!
  7. If the file has been analyzed before select Reanalyze
  8. Please provide the URL of the VirusTotal results page in your next post

Thank you,

 

packetanalyzer



#5 AeonWuLF

AeonWuLF
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 08 March 2017 - 05:44 PM

Hey packetanalyzer

 

Here is the fix result, It couldn't fix an entry "HKLM\SOFTWARE\Policies\Microsoft\InternetExplorer: Restriction <======= ATTENTION => Error: No automatic fix found for this entry."
i checked it on regedit, it doesn't even have a value.

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by LucaS (09-03-2017 01:13:27) Run:1
Running from C:\Users\LucaS\Desktop
Loaded Profiles: LucaS (Available Profiles: LucaS & Güney)
Boot Mode: Normal
==============================================

fixlist content:
*****************
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\InternetExplorer: Restriction <======= ATTENTION
HKU\S-1-5-21-358870892-898043370-4192596704-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Users\LucaS\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.186\pepflashplayer.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [ojmcefcpojnkmmblchnllkaphlpdobgd] - C:\Joygame\JoyTemp\ChromeEklenti\homepage_extension_1_5.crx <not found>    
S2YandexBrowserService; "C:\Program Files (x86)\Yandex\YandexBrowser\17.3.0.1785\service_update.exe" --run-as-service [X]
S3 AcmePro_x64; \??\E:\Games\oldko\AcmePro_x64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 OSFMount; \??\C:\Program Files (x86)\BlueStacks\broot\bin\OSFMount.sys [X]
S3 PBDOWNFORCE_TEST_SERVICE; \??\C:\Users\LucaS\Desktop\Test.sys [X]
S2 PfModNT; \??\C:\Windows\system32\PfModNT.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va063; \??\C:\Windows\SysWOW64\Drivers\X6va063 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2017-03-05 10:02 - 2017-01-20 21:29 - 00003420 _____ C:\Windows\System32\Tasks\Yandex Browser güncellemesi
File: C:\Windows\SysWOW64\PrxerNsp.dll
File: C:\Users\LucaS\AppData\Roaming\mBot.ini
CMD: type C:\Users\Lucas\AppData\Roaming\mBot.ini
File: C:\ProgramData\mntemp
*****************

C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\InternetExplorer: Restriction <======= ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-21-358870892-898043370-4192596704-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
C:\Users\LucaS\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.186\pepflashplayer.dll => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojmcefcpojnkmmblchnllkaphlpdobgd => key removed successfully
S2YandexBrowserService; "C:\Program Files (x86)\Yandex\YandexBrowser\17.3.0.1785\service_update.exe" --run-as-service [X] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\AcmePro_x64 => key removed successfully
AcmePro_x64 => service removed successfully
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
HKLM\System\CurrentControlSet\Services\EagleX64 => key removed successfully
EagleX64 => service removed successfully
HKLM\System\CurrentControlSet\Services\nvlddmkm => key removed successfully
nvlddmkm => service removed successfully
HKLM\System\CurrentControlSet\Services\nvvad_WaveExtensible => key removed successfully
nvvad_WaveExtensible => service removed successfully
HKLM\System\CurrentControlSet\Services\OSFMount => key removed successfully
OSFMount => service removed successfully
HKLM\System\CurrentControlSet\Services\PBDOWNFORCE_TEST_SERVICE => key removed successfully
PBDOWNFORCE_TEST_SERVICE => service removed successfully
HKLM\System\CurrentControlSet\Services\PfModNT => key removed successfully
PfModNT => service removed successfully
HKLM\System\CurrentControlSet\Services\X6va012 => key removed successfully
X6va012 => service removed successfully
HKLM\System\CurrentControlSet\Services\X6va013 => key removed successfully
X6va013 => service removed successfully
HKLM\System\CurrentControlSet\Services\X6va015 => key removed successfully
X6va015 => service removed successfully
HKLM\System\CurrentControlSet\Services\X6va016 => key removed successfully
X6va016 => service removed successfully
HKLM\System\CurrentControlSet\Services\X6va063 => key removed successfully
X6va063 => service removed successfully
HKLM\System\CurrentControlSet\Services\xhunter1 => key removed successfully
xhunter1 => service removed successfully
C:\Windows\System32\Tasks\Yandex Browser güncellemesi => moved successfully

========================= File: C:\Windows\SysWOW64\PrxerNsp.dll ========================

File is digitally signed
MD5: 94AE4C524D73D3273F5050BC28F4D6B2
Creation and modification date: 2017-01-22 18:49 - 2016-11-22 21:38
Size: 0092328
Attributes: ----A
Company Name: 
Internal Name: Proxifier NSP
Original Name: PrxerNsp.dll
Product: Proxifier Standard Edition
Description: Proxifier Namespace Service Provider 
File Version: 3.31.0.1
Product Version: 3.31.0.1
Copyright: Copyright © 2003-2016 Initex. All rights reserved.

====== End of File: ======


========================= File: C:\Users\LucaS\AppData\Roaming\mBot.ini ========================

File not signed
MD5: 3B9202D5904A3A2DD162A5A1E9C278A7
Creation and modification date: 2016-11-29 15:05 - 2017-02-08 14:01
Size: 0000080
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 

====== End of File: ======


========= type C:\Users\Lucas\AppData\Roaming\mBot.ini =========

[default]
language=126
notaskgroup=0

========= End of CMD: =========


========================= File: C:\ProgramData\mntemp ========================

File not signed
MD5: 156E526932A338F73F1D04B78EE4D34D
Creation and modification date: 2016-12-13 00:58 - 2016-12-13 00:58
Size: 0000016
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 

====== End of File: ======



The system needed a reboot.

==== End of Fixlog 01:13:28 ====

Step 2

 

Analyse result is showing a different name when i scan, i took a screen shot  for you to show how the file is looking. But i must notice somehow it is not appearing anymore in the directory after i start the topic. I made a scan with microsoft security essentials before, it was disinfecting files but dunno if it really cleaned the main infection files. i still have some clients and  it is not infecting others anymore as i see. so maybe i need a full system scan with mse

 

I was removing this exe from start up folder. But it was coming back when i run any infected exe's. (But not appearing anymore)

https://www.virustotal.com/tr/file/e458abdf73c87d6e84d3f9ed39483f0662b62d3f722c8db4a011586aa14a18bf/analysis/

https://puu.sh/uAhjH/79c93ddf67.png

 

 

and this is an infected client for example. When i run the main exe then the *mgr.exe is appearing. And it is popping up two internet explorer windows but they are empty (iexplore.exe was not visible before when the jikueone.exe was in the start up folder). And virustotal resulsts are the same with other file. 
https://puu.sh/uAiHb/f33c79ddbf.png

 

So i am not sure what to do right now,  will follow your orders sir :) thank you



#6 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:31 PM

Posted 10 March 2017 - 11:28 AM

Hi AeonWuLF,
 
Thank you for your logs. I'm afraid I have very bad news.

Win32/Ramnit (and related variants) is a dangerous file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A or VBS/Generic. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.

With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of damage can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection. However, a variant called the Ramnit worm targets Facebook users....can bypass two-factor authentication and transaction signing systems, gain remote access to financial institutions and compromise online banking.

In my opinion, computers infected with Ramnit are not effectively disinfected, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Security vendors that claim to be able to remove file infectors cannot guarantee that all traces of it will be removed as they may not find all the remnants. If something goes awry during the malware removal process there is always a risk the computer may become unstable or unbootable and you could loose access to all your data.

Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Please let me know if you have any other questions.

Thank you,

packetanalyzer



#7 AeonWuLF

AeonWuLF
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 10 March 2017 - 06:14 PM

Hey packetanalyzer, thank you so much for your help and spending your time for me.

 

i can not vipe all my drives completely at the moment, i am following which exes are running and infected with the virus (via process explorer) . i replaced some exe files with clean ones and they seem ok from 2 days. and most of files are looking alright atm. i will try to manually replace and clean all exes which is infected. atm i am sure that infected files are not damaging others since when the first "jikueone.exe" is not appearing anymore.

 

but im still willing to reformat my C: driver as soon as possible, have a nice day



#8 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:31 PM

Posted 13 March 2017 - 02:32 PM

Hi AeonWuLF,
 
If this is alright with you I would like you to do an ESET scan just so we have an idea of how bad the infection is.
 
++++ Step 3 Run an ESET Scan ++++

 

Note 1: These instructions are for Internet Explorer only! If you're using another browser, please stop here and let me know!
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.


  • Click this link to open ESET OnlineScan.
  • Place a checkmark next to "Yes, I accept the Terms of Use", then click the greenstart.png button.
  • When prompted allow the Add-On/Active X to install.
  • In the new window that opens, tick the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Confirm the Remove found threats option is unchecked. Removing an infected system file may result in significant damage and your computer not being able to boot up.
  • Then click the shieldstart.png button and ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop with the name ESETScan13-March.txt.
  • Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!

 

++++ Step 4 Share Your Logs++++

 

  • Please post the contents of the ESETScan13-March.txt file that was created when you ran the ESET scan in your next reply


#9 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:31 PM

Posted 16 March 2017 - 08:10 AM

Hi AeonWuLF,

 

Do you still need help? If so, please reply to the last post. If not, we will close this thread so we can assist other people.

 

Thank you,

 

packetanalyzer



#10 AeonWuLF

AeonWuLF
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 18 March 2017 - 11:51 AM

Microsoft Security Essentinals is helping for this issue. It's detecting and disinfecting *mgr.exe files without removing it. Thank you for your help packetanalyzer, you can close this topic. have nice day



#11 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:31 PM

Posted 20 March 2017 - 11:38 AM

Hi AeonWuLF,

 

I understand you are going to let Microsoft Security Essentials clean the files. In that case, we will close this thread.

 

Please refer to our recommendation provided before. Also, please give consideration to the following remarks.

 

By doing basic things you can reduce the level of risk to your computer. No one solution or combination of solutions will give you 100% protection from all threats, but by doing the following you greatly decrease the risk to the security of your computer and reduce the attack surface you present to attackers.

 

  • Keep your Operating System Up to Date
  • Keep your Applications Up to Date
  • Use Different Passwords on Every Website
  • Install, Keep Up to Date, and Run Regular Scans of a Reliable Anti-Virus Product
  • Enable, Properly Configure, and Maintain a Firewall
  • Backup Your Data
  • Periodically Test Your Backups
  • Do Not Open Attachments from People You Do Not Know
  • Watch Out for Online and Phone Support Scams

You can find more information on tips to keep your computer safe online here and examples of security best practices here.



#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,203 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:31 AM

Posted 20 March 2017 - 04:06 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users