Jump to content

Nurlan85

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

 Content Type 

Everything posted by Nurlan85

  1. Nurlan85
    Hi!!! Here the log file: ComboFix 13-09-16.01 - User 17.09.2013 9:40:07.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1012.529 [GMT 6:00]Running from: C:\Documents and Settings\User\Рабочий стол\ComboFix.exeCommand switches used :: C:\Documents and Settings\User\Рабочий стол\CFScript.txtAV: Антивирус Касперского *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: Антивирус Касперского *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) ---- Previous Run ------- C:\Documents and Settings\User\Мои документы\~WRL0001.tmpC:\WINDOWS\d4s.hstC:\WINDOWS\msmqinst.logC:\WINDOWS\ST6UNST.000C:\WINDOWS\system32\lowsec\local.dsC:\WINDOWS\system32\lowsec\user.dsC:\WINDOWS\system32\SET9B8.tmpC:\WINDOWS\system32\winlogon.bakC:\WINDOWS\unin0407.exe ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))). -------\Legacy_PPDRV-------\Service_AVPsys-------\Service_PPDrv-------\Legacy_PPDRV ((((((((((((((((((((((((( Files Created from 2013-08-17 to 2013-09-17 ))))))))))))))))))))))))))))))) 2013-09-16 05:06:34 . 2013-09-16 05:06:34 -------- d-sh--w- C:\Documents and Settings\User\IECompatCache2013-09-13 06:24:48 . 2013-09-13 06:24:51 4751752 ----a-w- C:\WINDOWS\system32\FlashPlayerInstaller.exe2013-09-11 04:07:31 . 2013-09-13 12:30:23 -------- d-----w- C:\AdwCleaner2013-09-11 04:01:50 . 2013-09-11 04:01:50 -------- d-----w- C:\WINDOWS\ERUNT2013-09-05 03:48:30 . 2013-04-04 08:50:32 22856 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys2013-09-05 03:48:29 . 2013-09-05 03:48:47 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware2013-08-29 13:09:24 . 2013-08-02 17:29:58 217176 ----a-w- C:\WINDOWS\system32\unrar.dll2013-08-29 13:07:27 . 2013-08-29 13:08:57 -------- d-----w- C:\Program Files\K-Lite Codec Pack2013-08-29 12:34:40 . 2008-04-14 15:40:48 26624 ----a-w- C:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll2013-08-29 12:28:28 . 2013-08-29 12:28:34 -------- d-----w- C:\Program Files\Windows Media Connect 22013-08-28 02:33:06 . 2012-06-02 09:18:58 275696 ----a-w- C:\WINDOWS\system32\mucltui.dll2013-08-28 02:33:06 . 2012-06-02 09:18:58 214256 ----a-w- C:\WINDOWS\system32\muweb.dll2013-08-26 04:31:40 . 2013-08-26 04:31:40 -------- d--h--w- C:\WINDOWS\system32\GroupPolicy2013-08-26 03:55:44 . 2013-08-26 03:54:34 94632 ----a-w- C:\WINDOWS\system32\WindowsAccessBridge.dll2013-08-26 03:36:37 . 2013-08-26 03:37:04 -------- d-----w- C:\SecurityCheck. (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-09-13 06:27:36 . 2013-02-25 12:48:52 692616 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe2013-09-13 06:27:34 . 2011-08-22 03:12:26 71048 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl2013-08-26 03:54:25 . 2012-08-06 03:01:49 144896 ----a-w- C:\WINDOWS\system32\javacpl.cpl2013-08-26 03:54:24 . 2012-08-06 03:06:41 867240 ----a-w- C:\WINDOWS\system32\npdeployJava1.dll2013-08-26 03:54:24 . 2010-07-29 11:57:57 789416 ----a-w- C:\WINDOWS\system32\deployJava1.dll2013-08-09 01:56:34 . 2006-03-02 12:00:00 387584 ----a-w- C:\WINDOWS\system32\themeui.dll2013-08-08 06:09:49 . 2006-03-02 12:00:00 1877888 ----a-w- C:\WINDOWS\system32\win32k.sys2013-08-08 06:05:46 . 2006-03-02 12:00:00 920064 ----a-w- C:\WINDOWS\system32\wininet.dll2013-08-08 06:05:46 . 2006-03-02 12:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll2013-08-08 06:05:45 . 2006-03-02 12:00:00 18944 ----a-w- C:\WINDOWS\system32\corpol.dll2013-08-08 06:05:45 . 2006-03-02 12:00:00 1469440 ----a-w- C:\WINDOWS\system32\inetcpl.cpl2013-08-08 00:04:27 . 2006-03-02 12:00:00 385024 ----a-w- C:\WINDOWS\system32\html.iec2013-08-07 12:58:59 . 2013-08-07 12:58:59 31048 ----a-w- C:\WINDOWS\_SETUPD_.EXE2013-08-05 13:30:17 . 2006-03-02 12:00:00 1289216 ----a-w- C:\WINDOWS\system32\ole32.dll2013-08-02 19:48:38 . 2006-10-18 15:47:22 1543680 ------w- C:\WINDOWS\system32\wmvdecod.dll2013-07-10 10:37:48 . 2006-03-02 12:00:00 406016 ----a-w- C:\WINDOWS\system32\usp10.dll2013-07-04 07:34:00 . 2006-03-02 12:00:00 2151936 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe2013-07-04 07:33:59 . 2004-08-17 15:58:00 2030592 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 12:36:46 30040]"RTHDCPL"="RTHDCPL.EXE" [2010-12-30 08:17:18 19972712]"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-01-16 01:12:44 137752]"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 09:40:44 155648]"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 01:32:50 253816]"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15:40:54 15360]"AlterGeoUpdater"="C:\Documents and Settings\All Users\Application Data\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe" [2013-01-28 12:39:56 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=C:\WINDOWS\system32\tumint430.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE]2008-04-14 15:40:58 1034240 ----a-w- C:\WINDOWS\explorer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"MP10_EnsureFileVer"=C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions"eTCertManger"=C:\WINDOWS\system32\eTCrtMng.exe"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\WINDOWS\\system32\\rserver30\\rserver3.exe"="C:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5900:TCP"= 5900:TCP:vnc5900"5800:TCP"= 5800:TCP:vnc5800"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 LcSvrAdm;ELSA Administration Service;C:\ElsaWin\bin\LcSvrAdm.exe [04.04.2012 13:25:47 240640]R2 LcSvrDba;ELSA DBA Server;C:\ElsaWin\bin\LcSvrDba.exe [04.04.2012 13:26:02 392704]R2 LcSvrHis;ELSA Historie Server;C:\ElsaWin\bin\LcSvrHis.exe [04.04.2012 13:26:04 335360]R2 LcSvrPAS;ELSA PASS Server;C:\ElsaWin\bin\LcSvrPas.exe [04.04.2012 13:26:09 477696]R2 LcSvrSaz;ELSA APOSpro Server;C:\ElsaWin\bin\LcSvrSaz.exe [04.04.2012 13:42:56 373248]R2 TumarCSP Service;TumarCSP Service;C:\Program Files\GammaTech\TumarCSP\bin\tumsrv204.exe [01.09.2011 14:51:11 453632]R2 VSGate;ELSA Vaudis Service;C:\ElsaWin\bin\VSGate.exe [04.04.2012 13:25:57 81920]R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\drivers\klim5.sys [30.05.2007 17:49:06 24344]R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;C:\ElsaWin\bin\LcSvrAuf.exe [04.04.2012 13:26:03 1321472]S2 gupdate1ca050c48518e32;Служба Google Update (gupdate1ca050c48518e32);C:\Program Files\Google\Update\GoogleUpdate.exe [15.07.2009 11:20:35 133104]S2 MBAMScheduler;MBAMScheduler;C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [05.09.2013 9:48:32 418376]S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [05.09.2013 9:48:32 701512]S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [20.01.2011 11:42:21 1691480]S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\drivers\ggflt.sys [30.01.2013 18:09:54 12400]S3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [05.09.2013 9:48:30 22856]S3 PPEMSCAN;Protector Plus Email Scan Driver;\??\C:\Protector Plus\PPEMSCAN.sys --> C:\Protector Plus\PPEMSCAN.sys [?]S3 RServer3;Radmin Server V3;C:\WINDOWS\system32\rserver30\rserver3.exe [09.10.2009 14:00:44 1242504]S3 Sony PC Companion;Sony PC Companion;C:\Program Files\Sony\Sony PC Companion\PCCService.exe [22.01.2013 18:52:15 155824]S4 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [14.12.2011 17:35:26 721904] Contents of the 'Scheduled Tasks' folder 2013-09-17 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 12:48:54 . 2013-09-13 06:28:23] 2013-09-17 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-15 05:20:35 . 2009-07-15 05:20:03] 2013-09-17 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-15 05:20:35 . 2009-07-15 05:20:03] 2013-09-17 C:\WINDOWS\Tasks\User_Feed_Synchronization-{1A3A7B1B-4904-4AF6-9913-7783DA85B13D}.job- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 12:36:40 . 2009-03-07 22:31:54] ------- Supplementary Scan ------- uInternet Settings,ProxyServer = 192.168.55.2:8080uInternet Settings,ProxyOverride = <local>IE: &Экспорт в Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000Trusted Zone: pki.kz\indTCP: Interfaces\{57569E7E-A49E-4E25-8496-6A3F4E6D340C}: NameServer = 192.168.1.41TCP: Interfaces\{7C2D2AC0-5089-4D6D-BC4F-E7F85D66FEEB}: NameServer = 212.154.163.162 - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file)WebBrowser-{6AA40521-14E7-4B1D-B1B4-98528C1388C9} - (no file)
  2. Nurlan85
    Hi!!! This is LOG Combofix.txt: ComboFix 13-09-14.01 - User 16.09.2013 12:02:40.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1012.710 [GMT 6:00]Running from: c:\documents and settings\User\¦рсюўшщ ёЄюы\ComboFix.exeAV: Антивирус Касперского *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: Антивирус Касперского *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\User\Мои документы\~WRL0001.tmpc:\documents and settings\User\WINDOWSc:\windows\d4s.hstc:\windows\msmqinst.logc:\windows\ST6UNST.000c:\windows\system32\lowsecc:\windows\system32\lowsec\local.dsc:\windows\system32\lowsec\user.dsc:\windows\system32\SET9B8.tmpc:\windows\system32\winlogon.bakc:\windows\unin0407.exe..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_PPDRV-------\Service_AVPsys-------\Service_PPDrv..((((((((((((((((((((((((( Files Created from 2013-08-16 to 2013-09-16 )))))))))))))))))))))))))))))))..2013-09-16 05:06 . 2013-09-16 05:06 -------- d-sh--w- c:\documents and settings\User\IECompatCache2013-09-13 12:44 . 2013-09-13 14:25 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-09-13 06:24 . 2013-09-13 06:24 4751752 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe2013-09-11 04:07 . 2013-09-13 12:30 -------- d-----w- C:\AdwCleaner2013-09-11 04:01 . 2013-09-11 04:01 -------- d-----w- c:\windows\ERUNT2013-09-05 03:48 . 2013-04-04 08:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-09-05 03:48 . 2013-09-05 03:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-08-29 13:09 . 2013-08-02 17:29 217176 ----a-w- c:\windows\system32\unrar.dll2013-08-29 13:07 . 2013-08-29 13:08 -------- d-----w- c:\program files\K-Lite Codec Pack2013-08-29 12:34 . 2008-04-14 15:40 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll2013-08-29 12:28 . 2013-08-29 12:28 -------- d-----w- c:\program files\Windows Media Connect 22013-08-28 02:33 . 2012-06-02 09:18 275696 ----a-w- c:\windows\system32\mucltui.dll2013-08-28 02:33 . 2012-06-02 09:18 214256 ----a-w- c:\windows\system32\muweb.dll2013-08-26 04:31 . 2013-08-26 04:31 -------- d--h--w- c:\windows\system32\GroupPolicy2013-08-26 03:55 . 2013-08-26 03:54 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-08-26 03:36 . 2013-08-26 03:37 -------- d-----w- C:\SecurityCheck...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-13 06:27 . 2013-02-25 12:48 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-09-13 06:27 . 2011-08-22 03:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-08-26 03:54 . 2012-08-06 03:01 144896 ----a-w- c:\windows\system32\javacpl.cpl2013-08-26 03:54 . 2012-08-06 03:06 867240 ----a-w- c:\windows\system32\npdeployJava1.dll2013-08-26 03:54 . 2010-07-29 11:57 789416 ----a-w- c:\windows\system32\deployJava1.dll2013-08-09 01:56 . 2006-03-02 12:00 387584 ----a-w- c:\windows\system32\themeui.dll2013-08-08 06:09 . 2006-03-02 12:00 1877888 ----a-w- c:\windows\system32\win32k.sys2013-08-08 06:05 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll2013-08-08 06:05 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll2013-08-08 06:05 . 2006-03-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll2013-08-08 06:05 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl2013-08-08 00:04 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec2013-08-07 12:58 . 2013-08-07 12:58 31048 ----a-w- c:\windows\_SETUPD_.EXE2013-08-05 13:30 . 2006-03-02 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll2013-08-02 19:48 . 2006-10-18 15:47 1543680 ------w- c:\windows\system32\wmvdecod.dll2013-07-10 10:37 . 2006-03-02 12:00 406016 ----a-w- c:\windows\system32\usp10.dll2013-07-04 07:34 . 2006-03-02 12:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe2013-07-04 07:33 . 2004-08-17 15:58 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]"RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-16 137752]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]"AlterGeoUpdater"="c:\documents and settings\All Users\Application Data\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe" [2013-01-28 29696].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\windows\system32\tumint430.dll.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE]2008-04-14 15:40 1034240 ----a-w- c:\windows\explorer.exe.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"MP10_EnsureFileVer"=c:\windows\inf\unregmp2.exe /EnsureFileVersions"eTCertManger"=c:\windows\system32\eTCrtMng.exe"IgfxTray"=c:\windows\system32\igfxtray.exe"HotKeysCmds"=c:\windows\system32\hkcmd.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\WINDOWS\\system32\\rserver30\\rserver3.exe"="c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"2525:TCP"= 2525:TCP:hnhhszxx"5900:TCP"= 5900:TCP:vnc5900"5800:TCP"= 5800:TCP:vnc5800"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009.R2 gupdate1ca050c48518e32;Служба Google Update (gupdate1ca050c48518e32);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 133104]R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-18 1691480]R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2013-01-30 12400]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-09-13 40776]R3 PPEMSCAN;Protector Plus Email Scan Driver;c:\protector plus\PPEMSCAN.sys [x]R3 RServer3;Radmin Server V3;c:\windows\system32\rserver30\RServer3.exe [2009-10-09 1242504]R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-12-14 721904]S2 LcSvrAdm;ELSA Administration Service;c:\elsawin\bin\LcSvrAdm.exe [2011-01-26 240640]S2 LcSvrDba;ELSA DBA Server;c:\elsawin\bin\LcSvrDba.exe [2011-01-26 392704]S2 LcSvrHis;ELSA Historie Server;c:\elsawin\bin\LcSvrHis.exe [2011-01-26 335360]S2 LcSvrPAS;ELSA PASS Server;c:\elsawin\bin\LcSvrPas.exe [2011-01-26 477696]S2 LcSvrSaz;ELSA APOSpro Server;c:\elsawin\bin\LcSvrSaz.exe [2011-01-26 373248]S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]S2 TumarCSP Service;TumarCSP Service;c:\program files\GammaTech\TumarCSP\bin\tumsrv204.exe [2010-01-05 453632]S2 VSGate;ELSA Vaudis Service;c:\elsawin\bin\VSgate.exe [2011-01-26 81920]S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-05-30 24344]S3 LcSvrAuf;ELSA Auftragsverwaltungs Service;c:\elsawin\bin\LcSvrAuf.exe [2011-01-26 1321472]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsknblk.Contents of the 'Scheduled Tasks' folder.2013-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 06:28].2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 05:20].2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 05:20].2013-09-16 c:\windows\Tasks\User_Feed_Synchronization-{1A3A7B1B-4904-4AF6-9913-7783DA85B13D}.job- c:\windows\system32\msfeedssync.exe [2007-08-13 22:31]..------- Supplementary Scan -------.uInternet Settings,ProxyServer = 192.168.55.2:8080uInternet Settings,ProxyOverride = <local>IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: Добавить в Анти-Баннер - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htmTrusted Zone: pki.kz\indTCP: Interfaces\{57569E7E-A49E-4E25-8496-6A3F4E6D340C}: NameServer = 192.168.1.41TCP: Interfaces\{7C2D2AC0-5089-4D6D-BC4F-E7F85D66FEEB}: NameServer = 212.154.163.162..------- File Associations -------..- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)WebBrowser-{6AA40521-14E7-4B1D-B1B4-98528C1388C9} - (no file)SafeBoot-Wdf01000.sysAddRemove-MailRuUpdater - c:\documents and settings\User\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exeAddRemove-MRA - c:\documents and settings\User\Application Data\Mail.Ru\Agent\magentsetup.exeAddRemove-Winamp Detect - c:\program files\Winamp Detect\UninstWaDetect.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-09-16 16:16Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(688)c:\windows\system32\klogon.dll.- - - - - - - > 'explorer.exe'(3520)c:\windows\system32\WININET.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\System32\SCardSvr.exec:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exec:\windows\system32\eTSrv.exec:\program files\Java\jre7\bin\jqs.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\Malwarebytes' Anti-Malware\mbamgui.exec:\windows\RTHDCPL.EXEc:\windows\system32\igfxsrvc.exe.**************************************************************************.Completion time: 2013-09-16 16:34:39 - machine was rebootedComboFix-quarantined-files.txt 2013-09-16 10:34.Pre-Run: 129 496 260 608 байт свободноPost-Run: 130 325 090 304 байт свободно.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional RU" /noexecute=optin /fastdetect.- - End Of File - - 49C9515DD5002239146D7C957C364D265F8B5082F3482CC06B72EC5806598AE9
  3. Nurlan85
    Hi! I did re-scanning program. Here is the log: # AdwCleaner v3.003 - Report created 13/09/2013 at 18:30:22# Updated 07/09/2013 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : User - NURLANDHETIBAEV# Running from : C:\Documents and Settings\User\Рабочий стол\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 ************************* AdwCleaner[R0].txt - [2997 octets] - [11/09/2013 10:07:46]AdwCleaner[R1].txt - [3152 octets] - [13/09/2013 18:15:00]AdwCleaner[R2].txt - [840 octets] - [13/09/2013 18:29:15]AdwCleaner[s0].txt - [3108 octets] - [13/09/2013 18:16:33]AdwCleaner[s1].txt - [762 octets] - [13/09/2013 18:30:22] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [821 octets] ########## But, then again during the scanning MBAM error occurred. The collapse during a quick scan. What to do? Thanks in advance!
  4. Nurlan85
    Hi! Step 1 Remove the program μTorrent, DAEMON Tuls, Toolbar Toolbar Vebalta. Step 2 Place the file JRT. Did the log file. spread: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.9 (09.07.2013:1) OS: Microsoft Windows XP x86 Ran by User on 11.09.2013 at 10:02:19,13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pricegong Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2127165 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{61EB20A4-D4D5-4276-A2C9-DCCE8CE9F633} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} ~~~ Files Successfully deleted: [File] "C:\Documents and Settings\User\Application Data\microsoft\internet explorer\qipsearchbar.dll" Successfully deleted: [File] "C:\WINDOWS\system32\conduitengine.tmp" ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\viewpoint" Successfully deleted: [Folder] "C:\Documents and Settings\User\Application Data\opencandy" Successfully deleted: [Folder] "C:\Documents and Settings\User\Application Data\pricegong" Successfully deleted: [Folder] "C:\Documents and Settings\User\Local Settings\Application Data\conduit" Successfully deleted: [Folder] "C:\Documents and Settings\User\Local Settings\Application Data\iac" Successfully deleted: [Folder] "C:\Program Files\daemon tools toolbar" Successfully deleted: [Folder] "C:\Program Files\iac" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11.09.2013 at 10:05:46,90 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Step 3: Install files Adschtsleaner Xplode. Did the log file. spread: # AdwCleaner v3.003 - Report created 11/09/2013 at 10:07:46 # Updated 07/09/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : User - NURLANDHETIBAEV # Running from : C:\Documents and Settings\User\Рабочий стол\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found C:\Documents and Settings\User\Application Data\Mail.Ru Folder Found C:\Documents and Settings\User\IECompatCache Folder Found C:\Documents and Settings\User\Local Settings\Application Data\Mail.Ru Folder Found C:\Documents and Settings\User\Главное меню\Программы\Mail.Ru Folder Found C:\Documents and Settings\Гость\Local Settings\Application Data\Conduit Folder Found C:\Documents and Settings\Гость\Local Settings\Application Data\ConduitEngine Folder Found C:\Documents and Settings\Гость\Local Settings\Application Data\Mail.Ru Folder Found C:\Program Files\Mail.Ru ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\Software\MetaStream Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tumar CSP_is1 Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Found : HKLM\Software\Uniblue\DriverScanner Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}] Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\User\Application Data\Mail.Ru\Agent\magent.exe] ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [] - Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip ************************* AdwCleaner[R0].txt - [2857 octets] - [11/09/2013 10:07:46] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2917 octets] ########## Step 4: Added to avoid the following files to Kaspersky AV: http://support.kaspersky.com/2695 C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe C: \ Program Files \ Malwarebytes' Anti-Malware \ mbamgui.exe C: \ Program Files \ Malwarebytes' Anti-Malware \ mbamservice.exe Restart the computer. Step 5 Start the "Quick Scan" program Mbam. But, the problem is when you scan, Mbam stops and closes crash.
  5. Nurlan85
    Hi! It did not happen to do a quick scan of the program Mbam. Again crash happened during the scan. Post the log files and JRT log AdwCleaner log JRT.txt AdwCleanerR0.txt
  6. Nurlan85

    In my computer crashes while scanning program Mbam

  7. Nurlan85
    Hi! In my computer crashes while scanning program Mbam. Help please! Post the log files... dds.txt attach.txt CheckResults.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.