Scribd
Upload
187 views6 pages

ComboFix Malware Removal Log

This log file from ComboFix shows the removal of many suspicious files and folders from the user's system. A scan was performed and detected issues related to a program called DRPSu, which appears to be adware or potentially unwanted software. The log also lists programs and drivers loaded on system startup.

Uploaded by

Руслан Мамедов
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
187 views6 pages

ComboFix Malware Removal Log

This log file from ComboFix shows the removal of many suspicious files and folders from the user's system. A scan was performed and detected issues related to a program called DRPSu, which appears to be adware or potentially unwanted software. The log also lists programs and drivers loaded on system startup.

Uploaded by

Руслан Мамедов
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 6

ComboFix 19-11-04.01 - ��� 11.04.2020 16:15:36.2.

4 - x64 NETWORK
Microsoft Windows 7 ����������� 6.1.7601.1.1251.7.1049.18.6142.4793 [GMT 3:00]
Running from: c:\users\��\Downloads\combofix-19-11-4-1.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other
Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\���\AppData\Local\Bron.tok-12-1
c:\users\���\AppData\Local\Bron.tok-12-10
c:\users\���\AppData\Local\Bron.tok-12-11
c:\users\���\AppData\Local\Bron.tok-12-12
c:\users\���\AppData\Local\Bron.tok-12-13
c:\users\���\AppData\Local\Bron.tok-12-14
c:\users\���\AppData\Local\Bron.tok-12-15
c:\users\���\AppData\Local\Bron.tok-12-16
c:\users\���\AppData\Local\Bron.tok-12-17
c:\users\���\AppData\Local\Bron.tok-12-18
c:\users\���\AppData\Local\Bron.tok-12-19
c:\users\���\AppData\Local\Bron.tok-12-2
c:\users\���\AppData\Local\Bron.tok-12-20
c:\users\���\AppData\Local\Bron.tok-12-21
c:\users\���\AppData\Local\Bron.tok-12-22
c:\users\���\AppData\Local\Bron.tok-12-23
c:\users\���\AppData\Local\Bron.tok-12-24
c:\users\���\AppData\Local\Bron.tok-12-25
c:\users\���\AppData\Local\Bron.tok-12-26
c:\users\���\AppData\Local\Bron.tok-12-27
c:\users\���\AppData\Local\Bron.tok-12-28
c:\users\���\AppData\Local\Bron.tok-12-29
c:\users\���\AppData\Local\Bron.tok-12-3
c:\users\���\AppData\Local\Bron.tok-12-30
c:\users\���\AppData\Local\Bron.tok-12-31
c:\users\���\AppData\Local\Bron.tok-12-4
c:\users\���\AppData\Local\Bron.tok-12-5
c:\users\���\AppData\Local\Bron.tok-12-6
c:\users\���\AppData\Local\Bron.tok-12-7
c:\users\���\AppData\Local\Bron.tok-12-8
c:\users\���\AppData\Local\Bron.tok-12-9
c:\users\���\AppData\Local\csrss.exe
c:\users\���\AppData\Local\inetinfo.exe
c:\users\���\AppData\Local\Kosong.Bron.Tok.txt
c:\users\���\AppData\Local\lsass.exe
c:\users\���\AppData\Local\services.exe
c:\users\���\AppData\Local\smss.exe
c:\users\���\AppData\Local\winlogon.exe
c:\users\���\AppData\Roaming\D3D5D3C0-0F3D-40c1-9973-CEB7C072AE32.ini
c:\users\���\AppData\Roaming\DRPSu
c:\users\���\AppData\Roaming\DRPSu\diagnostics\drivers.json
c:\users\���\AppData\Roaming\DRPSu\diagnostics\hardware.json
c:\users\���\AppData\Roaming\DRPSu\diagnostics\localdiagnostics.json
c:\users\���\AppData\Roaming\DRPSu\diagnostics\newsoft.json
c:\users\���\AppData\Roaming\DRPSu\diagnostics\soft.json
c:\users\���\AppData\Roaming\DRPSu\diagnostics\softchanges.json
c:\users\���\AppData\Roaming\DRPSu\DRIVERS\AMD-FORCED-Legacy-7x64-13.9-drp.zip
c:\users\���\AppData\Roaming\DRPSu\DRIVERS\AMD-FORCED-Legacy-7x64-13.9-
drp.zip.torrent
c:\users\���\AppData\Roaming\DRPSu\DRIVERS\Realtek-matchver-FORCED-7x64-
PCIe_7.122.1023.2018-drp.zip
c:\users\���\AppData\Roaming\DRPSu\DRIVERS\Realtek-matchver-FORCED-7x64-
PCIe_7.122.1023.2018-drp.zip.torrent
c:\users\���\AppData\Roaming\DRPSu\dumpchk\dbgeng.dll
c:\users\���\AppData\Roaming\DRPSu\dumpchk\dbghelp.dll
c:\users\���\AppData\Roaming\DRPSu\dumpchk\dumpchk.exe
c:\users\���\AppData\Roaming\DRPSu\dumpchk\dumpchk.zip
c:\users\���\AppData\Roaming\DRPSu\dumpchk\triage\pooltag.txt
c:\users\���\AppData\Roaming\DRPSu\dumpchk\triage\triage.ini
c:\users\���\AppData\Roaming\DRPSu\dumpchk\winext\ext.dll
c:\users\���\AppData\Roaming\DRPSu\Internet\WifiInterface.txt
c:\users\���\AppData\Roaming\DRPSu\Logs\log___2019-01-25-17-26-26.html
c:\users\���\AppData\Roaming\DRPSu\Logs\log___2019-01-27-17-08-51.html
c:\users\���\AppData\Roaming\DRPSu\PROGRAMS\DriverPack-Cloud-New.exe
c:\users\���\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20190125_172659.zi
p
c:\users\���\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20190127_170909.zi
p
c:\users\���\AppData\Roaming\DRPSu\temp\devcon_19896.txt
c:\users\���\AppData\Roaming\DRPSu\temp\devcon_89570.txt
c:\users\���\AppData\Roaming\DRPSu\temp\DRPNPS.xml
c:\users\���\AppData\Roaming\DRPSu\temp\installing_68960.txt
c:\users\���\AppData\Roaming\DRPSu\temp\log_zip_file_19896.txt
c:\users\���\AppData\Roaming\DRPSu\temp\log_zip_file_89570.txt
c:\users\���\AppData\Roaming\DRPSu\temp\ps.jrc539u2.89hah.cmd.txt
c:\users\���\AppData\Roaming\DRPSu\temp\ps.jrc539u2.89hah.stderr.log
c:\users\���\AppData\Roaming\DRPSu\temp\ps.jrc539u2.89hah.stdout.log
c:\users\���\AppData\Roaming\DRPSu\temp\ps.jrc539w1.iqstr.ps1
c:\users\���\AppData\Roaming\DRPSu\temp\ps.jrezcdes.oesq0.cmd.txt
c:\users\���\AppData\Roaming\DRPSu\temp\ps.jrezcdes.oesq0.stderr.log
c:\users\���\AppData\Roaming\DRPSu\temp\ps.jrezcdes.oesq0.stdout.log
c:\users\���\AppData\Roaming\DRPSu\temp\ps.jrezcdh9.lmc0d.ps1
c:\users\���\AppData\Roaming\DRPSu\temp\run_command_13190.txt
c:\users\���\AppData\Roaming\DRPSu\temp\run_command_32148.txt
c:\users\���\AppData\Roaming\DRPSu\temp\run_command_3718.txt
c:\users\���\AppData\Roaming\DRPSu\temp\run_command_48697.txt
c:\users\���\AppData\Roaming\DRPSu\temp\run_command_51237.txt
c:\users\���\AppData\Roaming\DRPSu\temp\run_command_52841.txt
c:\users\���\AppData\Roaming\DRPSu\temp\run_command_63774.txt
c:\users\���\AppData\Roaming\DRPSu\temp\run_command_81652.txt
c:\users\���\AppData\Roaming\DRPSu\temp\run_command_88680.txt
c:\users\���\AppData\Roaming\DRPSu\temp\run_command_93477.txt
c:\users\���\AppData\Roaming\DRPSu\temp\unzipping_19896.txt
c:\users\���\AppData\Roaming\DRPSu\temp\unzipping_89570.txt
c:\users\���\AppData\Roaming\DRPSu\temp\unzipping_undefined.txt
c:\users\���\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\Empty.pif
c:\users\���\AppData\Roaming\Microsoft\Windows\Templates\Brengkolang.com
c:\users\���\Documents\Documents.exe
c:\users\1\Documents\Documents.exe
c:\windows\eksplorasi.exe
c:\windows\msdownld.tmp
c:\windows\shellnew\sempalong.exe
.
.
((((((((((((((((((((((((( Files Created from 2020-03-11 to 2020-04-
11 )))))))))))))))))))))))))))))))
.
.
2020-04-11 13:23 . 2020-04-11 13:23 -------- d-----w-
c:\users\Default\AppData\Local\temp
2020-04-02 20:48 . 2020-04-02 20:48 -------- d-----w-
c:\users\���\AppData\Local\Discord
2020-04-02 08:11 . 2020-04-02 08:11 -------- d-----w-
c:\users\���\AppData\Local\D2JS
2020-04-02 08:06 . 2020-04-02 08:06 2302112 ----a-w- c:\program files
(x86)\setup (1).exe
2020-04-01 20:25 . 2020-04-11 13:01 -------- d-----w- c:\program files
(x86)\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M
Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading
Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2020-04-04 3371296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe \"c:\windows\eksplorasi.exe\""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows
nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows
nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
R2
aow_drv;aow_drv;e:\txgameassistant\UI\aow_drv_x64.sys;e:\txgameassistant\UI\aow_drv
_x64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN
v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\wind
ows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio
Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\Atihd
W76.sys [x]
R3
dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvs
c.sys [x]
R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files
(x86)\Google\Chrome\Application\80.0.3987.163\elevation_service.exe;c:\program
files (x86)\Google\Chrome\Application\80.0.3987.163\elevation_service.exe [x]
R3 mracdrv;MRAC
Driver;c:\windows\System32\drivers\mracdrv.sys;c:\windows\SYSNATIVE\drivers\mracdrv
.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport
Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\driver
s\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport
Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synt
h3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input
Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\termin
pt.sys [x]
R3
TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\dri
vers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic
%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys
[x]
R3 tsusbhub;Remote Deskotop USB
Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.
sys [x]
R3 USBAAPL64;Apple Mobile USB
Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaa
pl64.sys [x]
R3
VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvg
kmd.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver
Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahd
uaa.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 AMD External Events Utility;AMD External Events
Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 BEService;BattlEye Service;c:\program files (x86)\Common
Files\BattlEye\BEService.exe;c:\program files (x86)\Common
Files\BattlEye\BEService.exe [x]
R4 EasyAntiCheat;EasyAntiCheat;c:\program files
(x86)\EasyAntiCheat\EasyAntiCheat.exe;c:\program files
(x86)\EasyAntiCheat\EasyAntiCheat.exe [x]
R4 GalaxyClientService;GalaxyClientService;c:\program files (x86)\GOG
Galaxy\GalaxyClientService.exe;c:\program files (x86)\GOG
Galaxy\GalaxyClientService.exe [x]
R4
GalaxyCommunication;GalaxyCommunication;c:\programdata\GOG.com\Galaxy\redists\Galax
yCommunication.exe;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe
[x]
R4 mracsvc;MRAC
Service;c:\windows\System32\mracsvc.exe;c:\windows\SYSNATIVE\mracsvc.exe [x]
R4
QMEmulatorService;QMEmulatorService;e:\txgameassistant\AppMarket\QMEmulatorService.
exe;e:\txgameassistant\AppMarket\QMEmulatorService.exe [x]
R4 SoundBoosterService;Letasoft Sound Booster Service;c:\program files
(x86)\Letasoft Sound Booster\SoundBoosterService.exe;c:\program files
(x86)\Letasoft Sound Booster\SoundBoosterService.exe [x]
R4 uncheater_bgl;Uncheater for BattleGroundsLite_SE;c:\program files\Common
Files\Uncheater\uncheater_bgl.exe;c:\program files\Common
Files\Uncheater\uncheater_bgl.exe [x]
R4 VIAKaraokeService;VIA Karaoke digital mixer
Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.ex
e [x]
R4 YandexBrowserService;Yandex.Browser Update Service;c:\program files
(x86)\Yandex\YandexBrowser\18.3.1.1232\service_update.exe;c:\program files
(x86)\Yandex\YandexBrowser\18.3.1.1232\service_update.exe [x]
S0
amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRI
VERS\amd_sata.sys [x]
S0
amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRI
VERS\amd_xata.sys [x]
S3 RTL8167;Realtek 8167 NT
Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64wi
n7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2020-04-11 c:\windows\Tasks\��������� ���������� �������� ������.job
- c:\program files (x86)\Yandex\YandexBrowser\18.3.1.1232\service_update.exe [2018-
12-30 09:02]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGKBLoO-
BhLymRVyoiO2t6mfQOt8TKsjoR8UVcuB23ceFSgb0d5clZc9JYT9QoameMibaB3dBrcUK_k7aw9E4SkKSG_
Shfl4qsu_6EfIF8TE8XGzpvf7DgAZ0plRyo82KESCn80AXrFoVPVRNGT46gkclBgLSdY3tsrE4U0O631_SJ
97lz0LMWLqCWD-NVlwtdA,,
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Wargaming.net Game Center -
e:\wargaming.net\GameCenter\wgc.exe
AddRemove-Wargaming.net Game Center - e:\wargaming.net\GameCenter\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2020-04-11 16:24:45
ComboFix-quarantined-files.txt 2020-04-11 13:24
ComboFix2.txt 2019-01-09 15:49
.
Pre-Run: 13�048�795�136 ���� ��������
Post-Run: 13�403�865�088 ���� ��������
.
- - End Of File - - 3FB61C8BF5C8C858884EEA0225A95C57
A36C5E4F47E84449FF07ED3517B43A31

You might also like