Scribd
Upload
170 views11 pages

Combo Fix

This document summarizes the results of a ComboFix scan on a Windows 8 system belonging to a user named Pepe. It lists currently installed security programs and their statuses, files and folders deleted by ComboFix, files created between certain dates, registry entries loaded at startup, and other details such as Find3M search results. Overall it provides a technical overview of the state of the system and changes made by the security scan.

Uploaded by

peter_makai1516
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
170 views11 pages

Combo Fix

This document summarizes the results of a ComboFix scan on a Windows 8 system belonging to a user named Pepe. It lists currently installed security programs and their statuses, files and folders deleted by ComboFix, files created between certain dates, registry entries loaded at startup, and other details such as Find3M search results. Overall it provides a technical overview of the state of the system and changes made by the security scan.

Uploaded by

peter_makai1516
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 11

ComboFix 15-12-16.01 - Pepe 015.12.17. 2:55.1.

8 - x64
Microsoft Windows 8 Pro 6.2.9200.0.1250.36.1038.18.8077.5707 [GMT 1:00]
Running from: c:\pepe\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-
8DC619EFD8BF}
AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-
C1CA5F20A4B0}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-
B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other
Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\empty.ico
c:\users\Pepe\ia_remove.sh0446.tmp
c:\users\Pepe\ia_remove.sh1106.tmp
c:\users\Pepe\ia_remove.sh2622.tmp
c:\users\Pepe\ia_remove.sh2894.tmp
c:\users\Pepe\ia_remove.sh6663.tmp
c:\users\Pepe\ia_remove.sh6838.tmp
c:\users\Pepe\ia_remove.sh9205.tmp
c:\users\Pepe\ia_remove.sh9935.tmp
c:\windows\msdownld.tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2015-11-17 to 2015-12-
17 )))))))))))))))))))))))))))))))
.
.
2015-12-17 02:04 . 2015-12-17 02:04 -------- d-----w-
c:\users\UpdatusUser\AppData\Local\temp
2015-12-17 02:04 . 2015-12-17 02:04 -------- d-----w-
c:\users\Pepe\AppData\Local\temp
2015-12-17 02:04 . 2015-12-17 02:04 -------- d-----w-
c:\users\Default\AppData\Local\temp
2015-12-17 00:41 . 2015-12-17 00:49 -------- d-----w- C:\AdwCleaner
2015-12-16 23:56 . 2015-12-16 23:56 -------- d-----w-
c:\users\Pepe\AppData\Roaming\SUPERAntiSpyware.com
2015-12-16 23:56 . 2015-12-16 23:56 -------- d-----w- c:\program
files\SUPERAntiSpyware
2015-12-16 23:56 . 2015-12-16 23:56 -------- d-----w-
c:\programdata\SUPERAntiSpyware.com
2015-12-14 16:43 . 2015-12-14 16:43 -------- d-----w- c:\users\Pepe\Tracing
2015-12-14 16:38 . 2015-12-14 16:38 -------- d-----w- c:\program files
(x86)\Common Files\Skype
2015-12-14 16:38 . 2015-12-14 16:38 -------- d-----r- c:\program files
(x86)\Skype
2015-12-13 17:52 . 2015-12-13 17:52 -------- d-----w- c:\program files\Common
Files\AV
2015-12-13 17:51 . 2013-09-20 09:49 21040 ----a-w-
c:\windows\system32\sdnclean64.exe
2015-12-13 17:51 . 2015-12-17 01:03 -------- d-----w- c:\programdata\Spybot -
Search & Destroy
2015-12-13 17:50 . 2015-12-13 17:53 -------- d-----w- c:\program files
(x86)\Spybot - Search & Destroy 2
2015-12-13 16:53 . 2015-12-17 02:11 -------- d-----w- c:\windows\SysWow64\NV
2015-12-13 16:53 . 2015-12-17 02:11 -------- d-----w- c:\windows\system32\NV
2015-12-13 15:42 . 2015-12-16 01:24 192216 ----a-w-
c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-13 15:42 . 2015-12-13 15:42 -------- d-----w- c:\program files
(x86)\Malwarebytes Anti-Malware
2015-12-13 15:42 . 2015-10-05 08:50 64216 ----a-w-
c:\windows\system32\drivers\mwac.sys
2015-12-13 15:42 . 2015-10-05 08:50 109272 ----a-w-
c:\windows\system32\drivers\mbamchameleon.sys
2015-12-13 15:42 . 2015-10-05 08:50 25816 ----a-w-
c:\windows\system32\drivers\mbam.sys
2015-12-12 05:25 . 2015-12-12 05:38 -------- d-----w- c:\program files
(x86)\The Sims 4
2015-12-02 14:07 . 2015-12-13 16:05 -------- d-----w-
c:\programdata\SecTaskMan
2015-12-02 14:07 . 2015-12-02 14:07 -------- d-----w- c:\program files
(x86)\Security Task Manager
2015-12-02 13:35 . 2015-12-02 13:40 -------- d-----w- C:\FRST
2015-12-02 13:01 . 2015-12-02 13:01 17536 ----a-w-
c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2015-11-27 09:41 . 2015-11-27 09:41 -------- d-----w-
c:\users\Pepe\AppData\Roaming\Steam
2015-11-23 23:53 . 2015-11-23 23:53 283200 ----a-w-
c:\windows\system32\drivers\dtsoftbus01.sys
2015-11-23 23:46 . 2015-11-23 23:53 -------- d-----w- c:\program files
(x86)\DAEMON Tools Lite
2015-11-23 23:33 . 2015-11-23 23:46 560184 ----a-w-
c:\windows\system32\drivers\sptd.sys
2015-11-21 22:39 . 2015-11-21 22:39 -------- d-----w- c:\program
files\SqliteBrowser3
2015-11-19 17:11 . 2015-11-19 19:43 -------- d-----w-
c:\users\Pepe\AppData\Roaming\CDisplayEx
2015-11-19 17:10 . 2015-11-19 17:10 -------- d-----w- c:\program
files\CDisplayEx
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M
Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-17 02:13 . 2015-12-17 02:13 401 ----a-w-
c:\users\Pepe\AppData\Roaming\sp_data.sys
2015-11-24 23:10 . 2014-11-24 17:57 3159248 ----a-w-
c:\windows\SysWow64\nvapi.dll
2015-11-24 23:10 . 2014-03-13 22:27 467912 ----a-w-
c:\windows\system32\nvumdshimx.dll
2015-11-24 23:10 . 2014-03-13 22:27 12770752 ----a-w-
c:\windows\SysWow64\nvd3dum.dll
2015-11-24 23:10 . 2013-07-19 16:04 388024 ----a-w-
c:\windows\SysWow64\nvumdshim.dll
2015-11-24 23:10 . 2013-03-30 16:20 177600 ----a-w-
c:\windows\system32\nvinitx.dll
2015-11-24 23:10 . 2013-03-30 16:20 155792 ----a-w-
c:\windows\SysWow64\nvinit.dll
2015-11-24 23:10 . 2013-03-30 16:20 3579696 ----a-w-
c:\windows\system32\nvapi64.dll
2015-11-24 18:40 . 2013-03-30 16:22 2983032 ----a-w-
c:\windows\system32\nvsvc64.dll
2015-11-24 18:40 . 2013-03-30 16:22 6358648 ----a-w-
c:\windows\system32\nvcpl.dll
2015-11-24 18:40 . 2013-03-30 16:22 75056 ----a-w-
c:\windows\system32\nv3dappshextr.dll
2015-11-24 18:40 . 2013-03-30 16:22 62584 ----a-w-
c:\windows\system32\nvshext.dll
2015-11-24 18:40 . 2013-03-30 16:22 523384 ----a-w-
c:\windows\system32\nv3dappshext.dll
2015-11-24 18:40 . 2013-03-30 16:22 938616 ----a-w-
c:\windows\system32\nvvsvc.exe
2015-11-24 18:40 . 2013-03-30 16:22 385144 ----a-w-
c:\windows\system32\nvmctray.dll
2015-11-24 18:40 . 2013-03-30 16:22 2554488 ----a-w-
c:\windows\system32\nvsvcr.dll
2015-11-23 10:38 . 2013-03-30 16:22 6049858 ----a-w-
c:\windows\system32\nvcoproc.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading
Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\
shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 18:38 1720976 ----a-w-
c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\
shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 18:38 1720976 ----a-w-
c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\
shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 18:38 1720976 ----a-w-
c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\
shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w-
c:\users\Pepe\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\
shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w-
c:\users\Pepe\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\
shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w-
c:\users\Pepe\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\
shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-10-20 16:47 627712 ----a-w- c:\program files\Classic
Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Total CMA Pack"="c:\program files (x86)\Total CMA Pack\Total CMA Pack.exe" [2011-
09-30 63290]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro
8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet
Services\iCloudServices.exe" [2014-11-21 43816]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet
Services\ApplePhotoStreams.exe" [2014-11-21 43816]
"iCloudDrive"="c:\program files (x86)\Common Files\Apple\Internet
Services\iCloudDrive.exe" [2014-11-21 43816]
"Dropbox Update"="c:\users\Pepe\AppData\Local\Dropbox\Update\DropboxUpdate.exe"
[2015-06-23 134512]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-
17 3671872]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot -
Search and Destroy\Test.exe" [2015-07-28 1011200]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-12-14 50377336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat
9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat
9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-
09-04 935288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application
Support\APSDaemon.exe" [2014-10-11 60712]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-
24 4101576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
"EnableFirstLogonAnimation"= 0 (0x0)
"SynchronousUserGroupPolicy"= 1 (0x1)
"DisplayLastLogonInfo"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoPreviewPane"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows
nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-
1-5-21-2634125801-2594866448-2900652508-1001\Scripts\Logoff\0\0]
"Script"=c:\program files\Bitdefender\Bitdefender\support.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security
center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-
Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-
Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files
(x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe
[x]
R3 ASUSProcObsrv;ASUS Process Creation/Termination
Observer;d:\i386\AsPrOb64.sys;d:\i386\AsPrOb64.sys [x]
R3 ATP;ASUS PS/2 Port Input
Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.s
ys [x]
R3
cpuz135;cpuz135;c:\users\Pepe\AppData\Local\Temp\cpuz135\cpuz135_x64.sys;c:\users\P
epe\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP
Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_
hwusbdev.sys [x]
R3
huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\
SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3
huawei_enumerator;huawei_enumerator;c:\windows\System32\drivers\ew_jubusenum.sys;c:
\windows\SYSNATIVE\drivers\ew_jubusenum.sys [x]
R3
huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\System32\drivers\ew_juextctrl.sys;c:\win
dows\SYSNATIVE\drivers\ew_juextctrl.sys [x]
R3
huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windo
ws\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3
MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\w
indows\SYSNATIVE\drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet
Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\neta
apl64.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files
(x86)\Origin\OriginClientService.exe;c:\program files
(x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft
Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source
Engine\OSE.EXE [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot -
Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy
2\SDFSSvc.exe [x]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot -
Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy
2\SDUpdSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot
- Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy
2\SDWSCSvc.exe [x]
R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint
Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys;c:\program files
(x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys
[x]
R3 USBAAPL64;Apple Mobile USB
Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaa
pl64.sys [x]
R3
WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\D
RIVERS\WUDFRd.sys [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-
Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-
Malware\mbamscheduler.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible)
(WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64
v.sys [x]
R4 SymELAM;Symantec ELAM
Driver;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SymELAM.sys;c:\windows
\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SymELAM.sys [x]
S0
iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\driver
s\iaStorA.sys [x]
S0
nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRI
VERS\nvpciflt.sys [x]
S0
sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\S
ystem32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data
Store;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS;c:\windows\
SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File
Attributes;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS;c:\wi
ndows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK
WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK
WMIACPI\atkwmiacpi64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint
Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20151215.011\BHDrvx64.sys;c
:\programdata\Symantec\Symantec Endpoint
Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20151215.011\BHDrvx64.sys
[x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus
Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dts
oftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint
Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20151215.011\IDSvia64.sys;c:
\programdata\Symantec\Symantec Endpoint
Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20151215.011\IDSvia64.sys
[x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program
files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program
files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 SymIRON;Symantec Iron
Driver;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS;c:\windows
\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [x]
S1 SYMNETS;Symantec Network Security WFP
Driver;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS;c:\windows
\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program
files\SUPERAntiSpyware\SASCORE64.EXE;c:\program
files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK
Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK
Package\ATKGFNEX\ASMMAP64.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing
Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program
files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R)
Management Engine Components\FWService\IntelMeFWService.exe;c:\program files
(x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
[x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface
Service;c:\program files (x86)\Intel\Intel(R) Management Engine
Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management
Engine Components\DAL\jhi_service.exe [x]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files
(x86)\Symantec\Symantec Endpoint
Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe;c:\program files
(x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [x]
S2
SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\S
SPORT.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification
Service;c:\program files (x86)\Intel\Intel(R) Management Engine
Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine
Components\UNS\UNS.exe [x]
S3 AiCharger;ASUS Charger
Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCha
rger.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common
Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common
Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HIDSwitch;ASUS Wireless Radio
Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\
AsHIDSwitch64.sys [x]
S3 IntcDAud;Intel(R) megjelent
hang;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud
.sys [x]
S3
MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATI
VE\drivers\mbam.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver -
BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor
.sys [x]
S3 RTL8168;Realtek 8168 NT
Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x
64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-30
13:41]
.
2015-12-12 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2634125801-2594866448-
2900652508-1001Core.job
- c:\users\Pepe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23 14:44]
.
2015-12-17 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2634125801-2594866448-
2900652508-1001UA.job
- c:\users\Pepe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23 14:44]
.
2015-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2634125801-2594866448-
2900652508-1001Core.job
- c:\users\Pepe\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-31 19:02]
.
2015-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2634125801-2594866448-
2900652508-1001Core1cf6b1135503a5f.job
- c:\users\Pepe\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-31 19:02]
.
2015-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2634125801-2594866448-
2900652508-1001UA.job
- c:\users\Pepe\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-31 19:02]
.
2015-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2634125801-2594866448-
2900652508-1001UA1cf6b11380681a9.job
- c:\users\Pepe\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-31 19:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 236352 ----a-w-
c:\users\Pepe\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 236352 ----a-w-
c:\users\Pepe\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 236352 ----a-w-
c:\users\Pepe\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 236352 ----a-w-
c:\users\Pepe\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-10-20 16:47 774144 ----a-w- c:\program files\Classic
Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-02 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-02 399392]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-20 13192848]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-08-24 107192]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
[2015-10-12 2655520]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common
Files\Acronis\Schedule2\schedhlp.exe" [2011-02-12 462400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files
(x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath -
c:\users\Pepe\AppData\Roaming\Mozilla\Firefox\Profiles\ugm5pbrj.default\
FF - prefs.js: keyword.URL -
FF - ExtSQL: !HIDDEN! 2013-10-16 17:36; {845257EF-A892-484e-8EB0-47F563D75939};
c:\program files (x86)\iSkysoft\Video Converter Ultimate\SVRFirefoxExt
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-Run-Bitdefender Wallet Agent - c:\program
files\Bitdefender\Bitdefender\pmbxag.exe
Wow6432Node-HKU-Default-Run-Bitdefender Wallet - c:\program
files\Bitdefender\Bitdefender\pwdmanui.exe
Wow6432Node-HKU-Default-Run-Bitdefender Wallet Application Agent - c:\program
files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-40175601.sys
HKLM-Run-InstallerLauncher - c:\program files\Common
Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-
CFD0C7EA4FBF}\setuplauncher.exe
AddRemove-Cook, Serve, Delicious - Battle Kitchen Edition1.1 - c:\program files
(x86)\Foxy Games\Cook
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint
Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint
Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint
Protection\12.1.2015.2015.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint
Protection\12.1.2015.2015.105\Bin64\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2634125801-2594866448-2900652508-1001CsiTool-CreateHive-
{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]
"datasecu"=hex:68,e8,67,28,11,74,27,54,b8,e3,42,7e,7e,29,5c,20,0c,98,49,0f,50,
5a,c4,69,08,1a,9f,26,23,bf,74,87,12,d6,9f,8f,97,61,50,4a,77,ca,7c,06,e6,2c,\
"rkeysecu"=hex:11,c1,ac,2a,63,4d,bd,13,96,2c,f8,18,9c,17,80,e7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\
{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft
Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint
Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\windows\slsvc.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-12-17 03:18:44 - machine was rebooted
ComboFix-quarantined-files.txt 2015-12-17 02:18
.
Pre-Run: 166029316096 bytes free
Post-Run: 165997305856 bytes free
.
- - End Of File - - FAB9A1F3F695EFCB2B6104F67752F3C7

You might also like