API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 14th, 2017
322
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 19.03 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 17-08-04.01 - -bora 08/14/2017 22:49:49.1.2 - x86 NETWORK
  2. Microsoft Windows 7 Professional 6.1.7601.1.1255.972.1037.18.1782.1228 [GMT 3:00]
  3. Running from: c:\users\-bora\Downloads\ComboFix.exe
  4. SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  5. * Created a new restore point
  6. .
  7. .
  8. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  9. .
  10. .
  11. c:\users\-bora\AppData\Roaming\Zer53CA.tmp
  12. c:\users\-bora\AppData\Roaming\Zer6ED9.tmp
  13. .
  14. .
  15. ((((((((((((((((((((((((( Files Created from 2017-07-14 to 2017-08-14 )))))))))))))))))))))))))))))))
  16. .
  17. .
  18. 2017-08-14 13:33 . 2017-05-23 06:22 30128 ----a-w- c:\windows\system32\sdnclean.exe
  19. 2017-08-14 13:33 . 2017-08-14 18:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
  20. 2017-08-14 13:33 . 2017-08-14 13:35 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
  21. 2017-08-14 12:29 . 2017-08-14 12:29 -------- d-----w- c:\programdata\ProductData
  22. 2017-08-14 04:45 . 2017-08-14 04:45 -------- d-----w- c:\users\-bora\AppData\Local\ElevatedDiagnostics
  23. 2017-08-13 22:01 . 2017-08-13 22:01 -------- d-----w- c:\users\-bora\AppData\Roaming\SUPERAntiSpyware.com
  24. 2017-08-13 21:59 . 2017-08-13 23:05 -------- d-----w- c:\program files\SUPERAntiSpyware
  25. 2017-08-13 21:59 . 2017-08-13 21:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
  26. 2017-08-13 16:33 . 2017-08-13 16:33 -------- d-----w- c:\program files\Common Files\Skype
  27. 2017-08-13 16:33 . 2017-08-13 16:33 -------- d-----r- c:\program files\Skype
  28. 2017-08-13 16:25 . 2017-08-13 16:25 -------- d-----w- C:\$AV_ASW
  29. 2017-08-13 16:22 . 2017-08-13 16:22 -------- d-----w- c:\users\-bora\AppData\Local\CEF
  30. 2017-08-13 16:21 . 2017-08-13 16:21 921280 ----a-w- c:\windows\ucrtbase.dll
  31. 2017-08-13 16:18 . 2017-08-13 17:26 -------- d-----w- c:\programdata\AVAST Software
  32. 2017-08-13 16:10 . 2017-08-13 16:10 -------- d-----w- c:\programdata\CheckPoint
  33. 2017-08-13 15:58 . 2017-08-13 17:26 -------- d-----w- c:\users\-bora\AppData\Local\FSDART
  34. 2017-08-13 15:58 . 2017-08-13 15:58 -------- d-----w- c:\programdata\F-Secure
  35. 2017-08-09 11:53 . 2017-08-09 11:57 -------- d-----w- c:\users\-bora\AppData\Roaming\audacity
  36. 2017-08-09 11:53 . 2017-08-09 11:53 -------- d-----w- c:\users\-bora\AppData\Local\Audacity
  37. 2017-08-05 12:36 . 2017-08-05 12:36 -------- d-----w- c:\users\-bora\AppData\Roaming\MiKTeX
  38. 2017-08-05 11:53 . 2017-08-05 11:53 -------- d-----w- c:\programdata\MiKTeX
  39. 2017-08-05 11:53 . 2017-08-05 11:53 -------- d-----w- c:\users\-bora\AppData\Local\MiKTeX
  40. 2017-08-05 11:51 . 2017-08-05 11:52 -------- d-----w- c:\program files\MiKTeX 2.9
  41. 2017-08-05 11:49 . 2017-08-05 22:28 -------- d-----w- c:\users\-bora\AppData\Roaming\TeXstudio
  42. 2017-08-05 11:49 . 2017-08-05 11:49 -------- d-----w- c:\program files\TeXstudio
  43. 2017-08-02 18:33 . 2017-08-02 18:33 -------- d-----w- c:\users\-bora\AppData\Roaming\Corona Labs
  44. 2017-08-02 18:33 . 2017-08-02 18:33 -------- d-----w- c:\users\-bora\AppData\Local\Corona Labs
  45. 2017-08-02 18:29 . 2017-08-02 18:29 -------- d-----w- c:\program files\Corona Labs
  46. 2017-08-02 12:23 . 2017-08-02 12:23 -------- d-----w- c:\windows\system32\sda
  47. 2017-08-02 12:22 . 2017-08-02 12:22 9890816 ----a-w- c:\windows\system32\RsCRIcon.dll
  48. 2017-08-02 12:22 . 2017-08-02 12:22 74752 ----a-w- c:\windows\system32\RtCRX.dll
  49. 2017-08-02 12:22 . 2017-08-02 12:22 3570176 ----a-w- c:\windows\RtCRU32.exe
  50. 2017-08-02 12:22 . 2017-08-02 12:22 308192 ----a-w- c:\windows\system32\drivers\RtsUer.sys
  51. 2017-08-02 12:17 . 2017-08-02 12:17 110280 ----a-w- c:\windows\system32\drivers\L1C62x86.sys
  52. 2017-08-02 12:00 . 2017-08-02 12:00 132480 ----a-w- c:\windows\system32\drivers\Impcd.sys
  53. 2017-08-02 11:00 . 2017-08-12 12:30 -------- d-----w- c:\program files\Uni-Android Tool
  54. 2017-07-31 13:21 . 2017-05-26 03:47 90096 ----a-w- c:\windows\system32\cpwmon2k_v32.dll
  55. 2017-07-31 13:19 . 2017-07-31 13:19 -------- d-----w- c:\program files\tamasoftware
  56. 2017-07-27 15:36 . 2017-07-27 15:36 -------- d-----w- c:\programdata\Steam
  57. 2017-07-27 14:46 . 2017-07-27 14:46 -------- d-----w- c:\program files\Klei Entertainment
  58. 2017-07-21 11:21 . 2017-07-17 21:00 10848512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{91358E61-768A-44F9-AB6A-8A5129C48D40}\mpengine.dll
  59. 2017-07-17 22:11 . 2017-07-17 22:11 451264 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
  60. 2017-07-17 22:11 . 2017-07-17 22:11 28352 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
  61. 2017-07-17 22:00 . 2017-07-17 22:00 213704 ----a-w- c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
  62. .
  63. .
  64. .
  65. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  66. .
  67. 2017-08-14 18:39 . 2017-06-27 17:54 221600 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
  68. 2017-08-02 12:16 . 2012-01-10 19:15 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
  69. 2017-08-02 12:16 . 2012-01-10 19:14 9030656 ----a-w- c:\windows\system32\igfxress.dll
  70. 2017-08-02 12:16 . 2012-01-10 20:18 6324224 ----a-w- c:\windows\system32\igdumd32.dll
  71. 2017-08-02 12:16 . 2012-01-10 20:12 581120 ----a-w- c:\windows\system32\igdumdx32.dll
  72. 2017-08-02 12:16 . 2012-01-10 19:55 7988224 ----a-w- c:\windows\system32\igd10umd32.dll
  73. 2017-08-02 12:16 . 2012-01-10 19:15 306688 ----a-w- c:\windows\system32\igfxpph.dll
  74. 2017-08-02 12:16 . 2012-01-10 19:14 96256 ----a-w- c:\windows\system32\hccutils.dll
  75. 2017-07-18 10:41 . 2017-01-30 10:34 3316928 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
  76. 2017-07-12 08:49 . 2017-06-27 17:54 65824 ----a-w- c:\windows\system32\drivers\mwac.sys
  77. 2017-07-11 11:03 . 2017-06-27 17:54 85400 ----a-w- c:\windows\system32\drivers\farflt.sys
  78. 2017-07-11 11:03 . 2017-06-27 17:54 40352 ----a-w- c:\windows\system32\drivers\mbam.sys
  79. 2017-07-05 17:34 . 2017-07-05 17:34 43119 --sh--w- c:\users\-bora\windowsdata.vbs
  80. 2017-07-01 15:38 . 2017-06-27 17:55 162240 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
  81. 2017-07-01 11:33 . 2017-06-27 17:53 59936 ----a-w- c:\windows\system32\drivers\mbae.sys
  82. 2017-06-26 19:19 . 2017-06-26 19:19 43119 --sh--w- c:\users\-bora\tmp72B.tmp.vbs
  83. 2017-06-15 20:18 . 2017-07-12 09:02 514048 ----a-w- c:\windows\system32\drivers\http.sys
  84. 2017-06-12 22:29 . 2017-07-12 09:02 444928 ----a-w- c:\windows\system32\wvc.dll
  85. 2017-06-12 22:29 . 2017-07-12 09:02 1227264 ----a-w- c:\windows\system32\wdc.dll
  86. 2017-06-12 22:29 . 2017-07-12 09:02 390144 ----a-w- c:\windows\system32\sysmon.ocx
  87. 2017-06-12 22:28 . 2017-07-12 09:02 47104 ----a-w- c:\windows\system32\pdhui.dll
  88. 2017-06-12 22:06 . 2017-07-12 09:02 157184 ----a-w- c:\windows\system32\perfmon.exe
  89. 2017-06-12 22:06 . 2017-07-12 09:02 303616 ----a-w- c:\windows\system32\msinfo32.exe
  90. 2017-06-12 22:06 . 2017-07-12 09:02 103424 ----a-w- c:\windows\system32\resmon.exe
  91. 2017-06-10 15:39 . 2017-07-12 09:02 271360 ----a-w- c:\windows\system32\Wldap32.dll
  92. 2017-06-09 15:17 . 2017-07-12 09:02 1213672 ----a-w- c:\windows\system32\drivers\ntfs.sys
  93. 2017-06-06 15:12 . 2017-07-12 09:02 1499648 ----a-w- c:\windows\system32\ExplorerFrame.dll
  94. 2017-06-02 07:57 . 2017-06-26 18:22 497152 ----a-w- c:\windows\HelpPane.exe
  95. 2017-05-30 04:39 . 2017-07-12 09:02 1309928 ----a-w- c:\windows\system32\drivers\tcpip.sys
  96. 2017-05-30 04:39 . 2017-07-12 09:02 240872 ----a-w- c:\windows\system32\drivers\netio.sys
  97. 2017-05-30 04:39 . 2017-07-12 09:02 187624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
  98. 2017-05-21 04:06 . 2017-07-12 09:02 2048 ----a-w- c:\windows\system32\tzres.dll
  99. .
  100. .
  101. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  102. .
  103. .
  104. *Note* empty entries & legit default entries are not shown
  105. REGEDIT4
  106. .
  107. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
  108. @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
  109. [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
  110. 2017-01-30 10:42 329376 ----a-w- c:\users\-bora\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
  111. .
  112. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
  113. @="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
  114. [HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
  115. 2017-01-30 10:42 329376 ----a-w- c:\users\-bora\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
  116. .
  117. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
  118. @="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
  119. [HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
  120. 2017-01-30 10:42 329376 ----a-w- c:\users\-bora\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
  121. .
  122. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
  123. @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
  124. [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
  125. 2017-01-30 10:42 329376 ----a-w- c:\users\-bora\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
  126. .
  127. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
  128. @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
  129. [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
  130. 2017-01-30 10:42 329376 ----a-w- c:\users\-bora\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
  131. .
  132. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
  133. @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
  134. [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
  135. 2017-07-18 10:41 2106048 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
  136. .
  137. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
  138. @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
  139. [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
  140. 2017-07-18 10:41 2106048 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
  141. .
  142. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
  143. @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
  144. [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
  145. 2017-07-18 10:41 2106048 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
  146. .
  147. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  148. "WINDOW~1"="wscript.exe" [2013-10-12 141824]
  149. "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2017-06-12 6843808]
  150. .
  151. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  152. "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-09-22 587288]
  153. "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2016-12-02 15009280]
  154. "LangOver"="c:\program files\LangOver\LangOver.exe" [2017-02-08 2613248]
  155. "Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704]
  156. "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
  157. "IgfxTray"="c:\windows\system32\igfxtray.exe" [2017-08-02 143856]
  158. "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2017-08-02 178672]
  159. "Persistence"="c:\windows\system32\igfxpers.exe" [2017-08-02 179184]
  160. "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2017-05-23 4174464]
  161. .
  162. c:\users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
  163. WINDOW~1.VBS [2017-7-5 43119]
  164. .
  165. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  166. "ConsentPromptBehaviorAdmin"= 5 (0x5)
  167. "ConsentPromptBehaviorUser"= 3 (0x3)
  168. "EnableUIADesktopToggle"= 0 (0x0)
  169. .
  170. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
  171. BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
  172. .
  173. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
  174. @=""
  175. .
  176. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
  177. @="Service"
  178. .
  179. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
  180. @="Service"
  181. .
  182. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService]
  183. @="Service"
  184. .
  185. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
  186. @="Service"
  187. .
  188. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
  189. @="Service"
  190. .
  191. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS]
  192. @="Service"
  193. .
  194. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
  195. @="[6cFgE][?????, ????? ??? ???? ¢?????????? !!! !!! !]"
  196. .
  197. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
  198. @="Portable Media Devices"
  199. .
  200. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
  201. 2017-07-28 14:52 27815896 ----a-r- c:\program files\Skype\Phone\Skype.exe
  202. .
  203. R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2017-01-06 23840]
  204. R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
  205. R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
  206. R2 ClickToRunSvc;שירות 'לחץ והפעל' של Microsoft Office;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2017-07-17 2835648]
  207. R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
  208. R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2017-05-23 1776864]
  209. R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2017-05-23 2131760]
  210. R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2017-05-23 233936]
  211. R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2017-06-01 317400]
  212. R2 wampstackApache;wampstackApache;c:\bitnami\WAMPST~1.30-\apache2\bin\httpd.exe [2016-07-07 23040]
  213. R2 wampstackMySQL;wampstackMySQL;c:\bitnami\wampstack-5.6.30-0\mysql\bin\mysqld.exe [2016-11-28 11088384]
  214. R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
  215. R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2017-07-14 104960]
  216. R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2017-08-02 132480]
  217. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
  218. R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
  219. R3 VSStandardCollectorService140;Visual Studio Standard Collector Service;c:\program files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [2016-09-06 86760]
  220. R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
  221. R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
  222. R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
  223. S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2016-12-21 239168]
  224. S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2017-01-30 143776]
  225. S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-05-09 3398608]
  226. S3 ETDSMBus;ETDSMBus;c:\windows\system32\DRIVERS\ETDSMBus.sys [2017-08-02 28744]
  227. S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2017-08-02 110280]
  228. S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2017-08-14 221600]
  229. S3 RTSUER;Realtek USB Card Reader - UER;c:\windows\system32\Drivers\RtsUer.sys [2017-08-02 308192]
  230. .
  231. .
  232. --- Other Services/Drivers In Memory ---
  233. .
  234. *NewlyCreated* - MBAMSWISSARMY
  235. .
  236. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  237. LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
  238. utcsvc REG_MULTI_SZ DiagTrack
  239. .
  240. [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
  241. 2017-08-08 08:36 1429848 ----a-w- c:\program files\Google\Chrome\Application\60.0.3112.90\Installer\chrmstp.exe
  242. .
  243. Contents of the 'Scheduled Tasks' folder
  244. .
  245. 2017-08-14 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
  246. - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2017-08-14 06:26]
  247. .
  248. 2017-08-14 c:\windows\Tasks\Driver Booster Scheduler.job
  249. - c:\program files\IObit\Driver Booster\4.1.0\Scheduler.exe [2017-01-06 08:18]
  250. .
  251. 2017-08-14 c:\windows\Tasks\Driver Booster SkipUAC (-bora).job
  252. - c:\program files\IObit\Driver Booster\4.1.0\DriverBooster.exe [2017-01-06 13:18]
  253. .
  254. 2017-08-14 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
  255. - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2017-08-14 06:21]
  256. .
  257. 2017-08-14 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
  258. - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2017-08-14 06:24]
  259. .
  260. .
  261. ------- Supplementary Scan -------
  262. .
  263. IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
  264. IE: Se&nd to OneNote - c:\program files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
  265. TCP: DhcpNameServer = 10.100.102.1
  266. Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files\Microsoft Office\root\Office16\MSOSB.DLL
  267. Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\Office16\MSOSB.DLL
  268. Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\Office16\MSOSB.DLL
  269. Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files\Microsoft Office\root\Office16\MSOSB.DLL
  270. FF - ProfilePath - c:\users\-bora\AppData\Roaming\Mozilla\Firefox\Profiles\m2mhjriz.default\
  271. .
  272. - - - - ORPHANS REMOVED - - - -
  273. .
  274. Notify-SDWinLogon - SDWinLogon.dll
  275. SafeBoot-drmkaud
  276. SafeBoot-MBAMSwissArmy
  277. AddRemove-Torch - c:\users\-bora\AppData\Local\Torch\uninstall.exe
  278. .
  279. .
  280. .
  281. --------------------- LOCKED REGISTRY KEYS ---------------------
  282. .
  283. [HKEY_USERS\S-1-5-21-124123957-3465755313-2965481238-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  284. "??"=hex:5e,09,99,8f,d0,d3,65,2f,3a,12,8b,33,e1,e4,61,38,c0,6f,91,52,36,ce,36,
  285. 5a,9c,6b,11,d1,9a,ba,82,4b,0f,e6,ca,d1,cc,5b,89,90,89,d1,3d,ef,cc,bd,7c,36,\
  286. "??"=hex:5f,90,6f,2a,e0,37,3c,c2,5e,35,19,df,2b,a4,8f,77
  287. .
  288. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  289. @Denied: (Full) (Everyone)
  290. .
  291. Completion time: 2017-08-14 23:01:53
  292. ComboFix-quarantined-files.txt 2017-08-14 20:01
  293. .
  294. Pre-Run: 32,090,980,352 bytes free
  295. Post-Run: 31,730,438,144 bytes free
  296. .
  297. - - End Of File - - 6BCB140CCF76DF0B0CCD7CE9894D6785
  298. A36C5E4F47E84449FF07ED3517B43A31
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!