Scribd
Upload
116 views

Nota

This document is a log file from ComboFix, a program used to detect and remove malware, that was run on Fredi's computer on November 15, 2012. It lists files and folders that were deleted by ComboFix, including a TeamViewer file. It also lists files created between October 16 and November 16, 2012 that include folders for Trojan Remover and Simply Super Software, as well as Windows update files. The document concludes by listing the most frequently occurring files on the system.

Uploaded by

Anonymous nUBxWQx
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
116 views

Nota

This document is a log file from ComboFix, a program used to detect and remove malware, that was run on Fredi's computer on November 15, 2012. It lists files and folders that were deleted by ComboFix, including a TeamViewer file. It also lists files created between October 16 and November 16, 2012 that include folders for Trojan Remover and Simply Super Software, as well as Windows update files. The document concludes by listing the most frequently occurring files on the system.

Uploaded by

Anonymous nUBxWQx
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 6

ComboFix 12-11-15.01 - Fredi 15/11/2012 22:15:58.1.

4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.51.3082.18.4004.2800 [GMT -5:00]
Running from: d:\desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA4
7CD1}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723
366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
c:\users\Fredi\AppData\Local\Temp\TeamViewer\Version7\tv_x64.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))
))))))))))))))))))))))))
.
.
2012-11-16 03:19 . 2012-11-16 03:19
-------d-----wc:\users
\Default\AppData\Local\temp
2012-11-16 03:10 . 2012-11-16 03:10
-------d-----wc:\users
\Fredi\AppData\Roaming\Simply Super Software
2012-11-16 03:10 . 2012-11-16 03:10
-------d-----wc:\progr
am files (x86)\Trojan Remover
2012-11-16 03:10 . 2012-11-16 03:10
-------d-----wc:\progr
amdata\Simply Super Software
2012-11-15 18:14 . 2012-07-26 05:05
2560
----a-wc:\windows\syste
m32\drivers\es-ES\wdf01000.sys.mui
2012-11-15 18:13 . 2012-07-26 04:55
785512 ----a-wc:\windows\syste
m32\drivers\Wdf01000.sys
2012-11-15 18:13 . 2012-07-26 04:55
54376 ----a-wc:\windows\syste
m32\drivers\WdfLdr.sys
2012-11-15 18:13 . 2012-07-26 02:36
9728
----a-wc:\windows\syste
m32\Wdfres.dll
2012-11-15 18:02 . 2012-10-08 11:26
887296 ----a-wc:\program files
\Internet Explorer\iedvtool.dll
2012-11-15 18:02 . 2012-10-08 11:25
499200 ----a-wc:\program files
\Internet Explorer\jsdbgui.dll
2012-11-15 18:02 . 2012-10-08 07:50
678912 ----a-wc:\program files
(x86)\Internet Explorer\iedvtool.dll
2012-11-15 18:02 . 2012-10-08 07:49
387584 ----a-wc:\program files
(x86)\Internet Explorer\jsdbgui.dll
2012-11-15 18:02 . 2012-10-08 12:19
17811968
----a-wc:\windo
ws\system32\mshtml.dll
2012-11-15 18:02 . 2012-10-08 11:42
10925568
----a-wc:\windo
ws\system32\ieframe.dll
2012-11-15 02:45 . 2012-09-25 22:47
78336 ----a-wc:\windows\SysWo
w64\synceng.dll
2012-11-15 02:45 . 2012-09-25 22:46
95744 ----a-wc:\windows\syste
m32\synceng.dll
2012-11-15 02:19 . 2012-10-17 07:31
9291768 ----a-wc:\programdata\M
icrosoft\Windows Defender\Definition Updates\{51443773-C187-4EC6-8776-9D015AC6A5
8C}\mpengine.dll
2012-11-06 23:04 . 2012-11-06 23:04
-------d-----wc:\windo
ws\SysWow64\wbem\en-US

2012-11-06 23:04 . 2012-11-06 23:04


ws\system32\wbem\en-US
2012-11-06 15:58 . 2011-03-11 06:33
m32\esent.dll
2012-11-06 15:58 . 2011-03-11 05:33
w64\esent.dll
2012-11-06 15:58 . 2011-03-11 05:31
w64\fsutil.exe
2012-11-06 15:58 . 2011-03-11 06:41
m32\drivers\storport.sys
2012-11-06 15:58 . 2011-03-11 06:41
m32\drivers\nvstor.sys
2012-11-06 15:58 . 2011-03-11 06:41
m32\drivers\nvraid.sys
2012-11-06 15:58 . 2011-03-11 06:41
m32\drivers\iaStorV.sys
2012-11-06 15:58 . 2011-03-11 06:41
m32\drivers\amdxata.sys
2012-11-06 15:58 . 2011-03-11 06:41
m32\drivers\amdsata.sys
2012-11-06 15:58 . 2011-03-11 06:30
m32\fsutil.exe
2012-11-06 15:58 . 2011-03-11 04:37
m32\drivers\USBSTOR.SYS
2012-11-06 15:39 . 2012-07-06 20:07
m32\drivers\bthport.sys
2012-11-06 15:39 . 2011-04-28 03:54
m32\drivers\BTHUSB.SYS
2012-11-06 15:38 . 2011-03-25 03:29
m32\drivers\usbhub.sys
2012-11-06 15:38 . 2011-03-25 03:29
m32\drivers\usbccgp.sys
2012-11-06 15:38 . 2011-03-25 03:29
m32\drivers\usbport.sys
2012-11-06 15:38 . 2011-03-25 03:29
m32\drivers\usbehci.sys
2012-11-06 15:38 . 2011-03-25 03:29
m32\drivers\usbohci.sys
2012-11-06 15:38 . 2011-03-25 03:29
m32\drivers\usbuhci.sys
2012-11-06 15:38 . 2011-03-25 03:28
m32\drivers\usbd.sys
2012-11-05 17:09 . 2012-11-05 17:09
ws\SysWow64\Wat
2012-11-05 17:09 . 2012-11-05 17:09
ws\system32\Wat
2012-11-05 16:43 . 2012-11-05 16:43
\Default\AppData\Local\Microsoft Help
2012-11-05 16:41 . 2012-03-01 06:46
m32\drivers\fs_rec.sys
2012-11-05 16:41 . 2012-03-01 06:33
m32\imagehlp.dll
2012-11-05 16:41 . 2012-03-01 05:33
w64\imagehlp.dll
2012-11-05 16:41 . 2012-03-01 06:28
m32\wmi.dll
2012-11-05 16:41 . 2012-03-01 05:29
w64\wmi.dll
2012-11-05 06:57 . 2012-08-31 18:19
m32\drivers\ntfs.sys

--------

d-----w-

c:\windo

2565632 ----a-w-

c:\windows\syste

1699328 ----a-w-

c:\windows\SysWo

74240

----a-w-

c:\windows\SysWo

189824 ----a-w-

c:\windows\syste

166272 ----a-w-

c:\windows\syste

148352 ----a-w-

c:\windows\syste

410496 ----a-w-

c:\windows\syste

27008

----a-w-

c:\windows\syste

107904 ----a-w-

c:\windows\syste

96768

----a-w-

c:\windows\syste

91648

----a-w-

c:\windows\syste

552960 ----a-w-

c:\windows\syste

80384

----a-w-

c:\windows\syste

343040 ----a-w-

c:\windows\syste

98816

----a-w-

c:\windows\syste

325120 ----a-w-

c:\windows\syste

52736

----a-w-

c:\windows\syste

25600

----a-w-

c:\windows\syste

30720

----a-w-

c:\windows\syste

7936

----a-w-

c:\windows\syste

--------

d-----w-

c:\windo

--------

d-----w-

c:\windo

--------

d-----w-

c:\users

23408

----a-w-

c:\windows\syste

81408

----a-w-

c:\windows\syste

159232 ----a-w-

c:\windows\SysWo

5120

----a-w-

c:\windows\syste

5120

----a-w-

c:\windows\SysWo

1659760 ----a-w-

c:\windows\syste

2012-11-05 06:55 . 2011-12-30 06:26


515584 ----a-wc:\windows\syste
m32\timedate.cpl
2012-11-05 06:54 . 2012-06-02 05:45
340992 ----a-wc:\windows\syste
m32\schannel.dll
2012-11-05 06:53 . 2012-09-14 19:19
2048
----a-wc:\windows\syste
m32\tzres.dll
2012-11-05 06:53 . 2012-09-14 18:28
2048
----a-wc:\windows\SysWo
w64\tzres.dll
2012-11-05 06:53 . 2012-08-21 21:01
245760 ----a-wc:\windows\syste
m32\OxpsConverter.exe
2012-11-05 06:49 . 2011-05-24 11:42
404480 ----a-wc:\windows\syste
m32\umpnpmgr.dll
2012-11-05 06:48 . 2012-05-14 05:26
956928 ----a-wc:\windows\syste
m32\localspl.dll
2012-11-05 06:06 . 2012-02-17 06:38
1031680 ----a-wc:\windows\syste
m32\rdpcore.dll
2012-11-05 06:06 . 2012-02-17 05:34
826880 ----a-wc:\windows\SysWo
w64\rdpcore.dll
2012-11-05 06:06 . 2012-02-17 04:57
23552 ----a-wc:\windows\syste
m32\drivers\tdtcp.sys
2012-11-05 05:59 . 2012-06-02 22:19
2428952 ----a-wc:\windows\syste
m32\wuaueng.dll
2012-11-05 05:59 . 2012-06-02 22:19
57880 ----a-wc:\windows\syste
m32\wuauclt.exe
2012-11-05 05:59 . 2012-06-02 22:19
44056 ----a-wc:\windows\syste
m32\wups2.dll
2012-11-05 05:59 . 2012-06-02 22:15
2622464 ----a-wc:\windows\syste
m32\wucltux.dll
2012-11-05 05:58 . 2012-06-02 22:19
38424 ----a-wc:\windows\syste
m32\wups.dll
2012-11-05 05:58 . 2012-06-02 22:15
99840 ----a-wc:\windows\syste
m32\wudriver.dll
2012-11-05 05:58 . 2012-06-02 22:19
701976 ----a-wc:\windows\syste
m32\wuapi.dll
2012-11-05 05:58 . 2012-06-02 20:19
186752 ----a-wc:\windows\syste
m32\wuwebv.dll
2012-11-05 05:58 . 2012-06-02 20:15
36864 ----a-wc:\windows\syste
m32\wuapp.exe
2012-11-05 00:32 . 2012-11-16 02:16
-------d-----wc:\users
\Fredi\Tracing
2012-11-05 00:23 . 2012-11-05 00:28
-------d-----wc:\progr
am files (x86)\Windows Live
2012-11-05 00:22 . 2012-11-05 17:10
-------d-----wc:\progr
am files (x86)\Microsoft Silverlight
2012-11-05 00:20 . 2012-11-15 18:35
-------d-----wc:\users
\Fredi\AppData\Local\Windows Live
2012-11-05 00:20 . 2012-11-05 00:20
-------d-----wc:\progr
am files (x86)\Common Files\Windows Live
2012-10-29 17:19 . 2012-10-29 17:25
-------d-----wc:\progr
amdata\Package Cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2012-11-05 00:23 . 2011-03-28 23:36
19720 ----a-wc:\programdata\M
icrosoft\IdentityCRL\production\ppcrlconfig600.dll
2012-10-02 19:41 . 2012-10-02 19:41
8192
----a-wc:\windows\SysWo
w64\srvany.exe

2012-10-02 19:39 . 2012-10-02 19:39


108008 ----a-wc:\windows\syste
m32\WindowsAccessBridge-64.dll
2012-10-02 19:39 . 2012-10-02 19:39
916456 ----a-wc:\windows\syste
m32\deployJava1.dll
2012-10-02 19:39 . 2012-10-02 19:39
289768 ----a-wc:\windows\syste
m32\javaws.exe
2012-10-02 19:39 . 2012-10-02 19:39
1034216 ----a-wc:\windows\syste
m32\npDeployJava1.dll
2012-10-02 19:39 . 2012-10-02 19:39
189416 ----a-wc:\windows\syste
m32\javaw.exe
2012-10-02 19:39 . 2012-10-02 19:39
188904 ----a-wc:\windows\syste
m32\java.exe
2012-08-20 17:38 . 2012-11-05 06:55
44032 ----a-wc:\windows\apppa
tch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-09-14
1247504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\dri
vers32]
"midi2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c
:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C S
ervice\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2
012-07-13 160944]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcd
nsux64.sys [2011-08-17 171008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\dri
vers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21
88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\te
rminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD
.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248
]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servicio de tecnologas de activacin de Windows;c:\windows\system32\
Wat\WatAdminSvc.exe [2012-11-05 1255736]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]


S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [
2009-03-03 89600]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe
[2010-04-01 34392]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [20
12-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144
]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing
Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-06-20
634632]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:
\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [20
12-07-19 365376]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_f
lt.sys [2010-03-31 39464]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp
.sys [2010-03-31 294952]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [20
10-03-31 32296]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcr
p.sys [2010-03-31 202792]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sy
s [2010-03-31 53800]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2
010-03-31 154792]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-03-31 264232
]
S3 IntcDAud;Sonido Intel(R) para pantallas;c:\windows\system32\DRIVERS\IntcDAud.
sys [2010-10-15 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011
-05-17 533096]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03 05:16]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03 05:16]
.
.
--------- X64 Entries ----------.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-0401 558168]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-04-01 3
49272]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008
]
.

------- Supplementary Scan ------.


uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 200.98.69.78 8.8.8.8
.
.
--------------------- LOCKED REGISTRY KEYS --------------------.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actio
ns\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0
]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\Actio
nsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-15 22:21:31
ComboFix-quarantined-files.txt 2012-11-16 03:21
.
Pre-Run: 125,247,750,144 bytes libres
Post-Run: 125,188,493,312 bytes libres
.
- - End Of File - - 91D64E7201F4ADEEFA6DF554D8B296A7

You might also like