Scribd
Upload
161 views

Combo Fix

- ComboFix is a program that scans and removes malware from Windows systems. It generated a log after running on a Windows 7 system. - The log shows that ComboFix deleted some unwanted files and registry entries. It also lists recently installed programs, files, and active services and drivers on the system. - No severe issues were found, but some minor malware or adware components were removed to further clean and secure the system.

Uploaded by

Ana Matei
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
161 views

Combo Fix

- ComboFix is a program that scans and removes malware from Windows systems. It generated a log after running on a Windows 7 system. - The log shows that ComboFix deleted some unwanted files and registry entries. It also lists recently installed programs, files, and active services and drivers on the system. - No severe issues were found, but some minor malware or adware components were removed to further clean and secure the system.

Uploaded by

Ana Matei
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

ComboFix 17-10-04.01 - PC CANCELARIE 13.10.2017 12:51:53.1.

1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.40.1033.18.2552.1219 [GMT 3:00]
Running from: c:\users\PC CANCELARIE\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other
Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PC CANCELARIE\AppData\Roaming\Microsoft\taskhostw.exe
.
.
((((((((((((((((((((((((( Files Created from 2017-09-13 to 2017-10-
13 )))))))))))))))))))))))))))))))
.
.
2017-10-13 10:00 . 2017-10-13 10:00 -------- d-----w-
c:\users\Default\AppData\Local\temp
2017-10-11 04:47 . 2017-09-18 20:11 13890840 ----a-w-
c:\programdata\Microsoft\Windows Defender\Definition Updates\{089310B6-A1BA-
43FE-95B2-BCD27FD4E76D}\mpengine.dll
2017-09-29 11:52 . 2017-09-29 11:52 0 ---ha-w- c:\users\PC
CANCELARIE\AppData\Local\BIT2CBB.tmp
2017-09-15 06:08 . 2017-09-15 06:08 -------- d-----w- c:\users\PC
CANCELARIE\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M
Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-08-11 06:19 . 2017-09-15 10:21 44032 ----a-w-
c:\windows\apppatch\acwow64.dll
2017-07-29 14:56 . 2017-09-08 06:53 117248 ----a-w-
c:\windows\system32\drivers\tdx.sys
2017-07-21 14:26 . 2017-09-08 06:53 282624 ----a-w-
c:\windows\SysWow64\mstext40.dll
2017-07-21 14:26 . 2017-09-08 06:53 518144 ----a-w-
c:\windows\SysWow64\msjetoledb40.dll
2017-07-21 14:26 . 2017-09-08 06:53 290816 ----a-w-
c:\windows\SysWow64\msjtes40.dll
2017-07-21 14:26 . 2017-09-08 06:53 409600 ----a-w-
c:\windows\SysWow64\msexch40.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading
Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java
Update\jusched.exe" [2016-12-12 587288]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2013-01-23
139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-12-27
4509184]
"BrStsInd00"="c:\program files (x86)\BrownyInd\Brother\BrIndicator.exe" [2012-12-18
1885184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN
v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\wind
ows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BrSerIb;Brother Serial Interface
Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\Br
SerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB
Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\B
rUsbSIb.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector
Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.
exe [x]
R3
TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\dri
vers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB
Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD
.sys [x]
R3 WatAdminSvc;Windows Activation Technologies
Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSv
c.exe [x]
S2 DiagTrack;Diagnostics Tracking
Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 FoxitReaderService;Foxit Reader Service;c:\program files (x86)\Foxit
Software\Foxit Reader\FoxitConnectedPDFService.exe;c:\program files (x86)\Foxit
Software\Foxit Reader\FoxitConnectedPDFService.exe [x]
S2
SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\S
SPORT.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files
(x86)\Browny02\BrYNSvc.exe [x]
S3 RTL8167;Realtek 8167 NT
Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64wi
n7.sys [x]
S4 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56
bit);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys
[x]
S4 klbackupdisk;Kaspersky Lab
klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIV
ERS\klbackupdisk.sys [x]
S4 klbackupflt;Kaspersky Lab
klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVER
S\klbackupflt.sys [x]
S4
kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\k
ldisk.sys [x]
S4 klflt;Kaspersky Lab Kernel
DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys
[x]
S4 klhk;Kaspersky Lab service
driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys
[x]
S4 klpd;Kaspersky Lab format recognizer
driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys
[x]
S4
kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltd
i.sys [x]
S4
kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\knep
s.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - KLIM6
*Deregistered* - Klwtp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows
nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr
QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Export la Microsoft &Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.100.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-32813845-850121101-1528969137-1000\Software\00000000
*00000g0#u#bU00_00000 *00000000]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-10-13 13:03:51
ComboFix-quarantined-files.txt 2017-10-13 10:03
.
Pre-Run: 3.482.132.480 bytes free
Post-Run: 5.094.678.528 bytes free
.
- - End Of File - - FE7B1D87A1CB448F177A4AF66C0C2BB3
A36C5E4F47E84449FF07ED3517B43A31

You might also like