Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91980 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

rvzr-a.akamaihd.net --- II [Solved]


  • This topic is locked This topic is locked
21 replies to this topic

#16 vlad1s57

vlad1s57

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 14 November 2013 - 01:17 AM

hi, Jo*,

 

the company name is frigoglass and the access is received via company network. this is my working pc. hope the privacy will not be interrupted ..... 189 views of the topic within several hours seems strange actually. i do believe u not gonna hack anything, right?

 

today my file compressor .rar (almost the same type as .zip but for russia) failed to work properly. i've just reinstalled it.

 

waiting for ur responce & my future actions.

 

thank u


    Advertisements

Register to Remove


#17 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 14 November 2013 - 05:57 AM

Hello vlad1s57,


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    
    :Files
    C:\Users\vkuznetsov\AppData\Roaming\Mozilla\Firefox\Profiles\yandex.default\extensions\staged\po93f9@yyyeb.edu\content\bg.js
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
    
    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system.
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the Fix OTL log

***


Run OTL again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

Graduate of the WTT Classroom
Cheers,
Jo

#18 vlad1s57

vlad1s57

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 14 November 2013 - 06:13 AM

Jo*,

 

All processes killed
========== OTL ==========
========== FILES ==========
C:\Users\vkuznetsov\AppData\Roaming\Mozilla\Firefox\Profiles\yandex.default\extensions\staged\po93f9@yyyeb.edu\content\bg.js moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: dcadminru
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Opera cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: frigoserve
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: vkuznetsov
->Temp folder emptied: 14141907 bytes
->Temporary Internet Files folder emptied: 246679912 bytes
->Java cache emptied: 212 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3193 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57172 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 249,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11142013_160542

Files\Folders moved on Reboot...
C:\Users\vkuznetsov\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\vkuznetsov\AppData\Local\Temp\ExchangePerflog_8484fa31ca0a64c2cfcccd43.dat moved successfully.
C:\Users\vkuznetsov\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YOP1E1NZ\HomePage[1].htm moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CA0KGILP.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CA1DFJK3.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CA21BG5S.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CA4GY1IU.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CA5P8E4I.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CA7F7OU0.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CA8VRGCE.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CAEAMYWB.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CAFDK8E3.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CAGIIQ07.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CAHF51HE.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CAK3MA9T.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CALSFTFD.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CAMWD5OT.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CAP16HIM.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CAPPIZR7.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CAS4PV8K.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CAWDKFM4.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CAXCCZS1.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBB6CR7M\21737CAYVZ3BR.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MSBNTQAO\21737CABV4U06.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MSBNTQAO\21737CADYXFMI.gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MSBNTQAO\21737[5].gif moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MI5BEWIW\EvPKapBawcLZ3hbihjhqAfY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LJZXAGH9\-iGmidt4SirRkI4DjBoTLA[1].eot moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LJZXAGH9\HqHm7BVC_nzzTui2lzQTDfY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LJZXAGH9\MainTop[1].htm moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LJZXAGH9\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KSO0FAFL\MainBottom[2].htm moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KSO0FAFL\mainbottom_navigation[1].htm moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KSO0FAFL\MainTop1[1].htm moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KSO0FAFL\MainTop2[1].htm moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BQ0XDMIZ\fastbutton[1].htm moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BQ0XDMIZ\postmessageRelay[1].htm moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7HHNQKFJ\ELvCmRUbtOdCk3jbD-FqUPesZW2xOQ-xsNqO47m55DA[1].eot moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7HHNQKFJ\RHp5spKuj-AQOgQKPITXrQ[1].eot moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6C7907A8-F1F7-4D80-87F1-A5F2A3503064}.tmp moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7F652E27-8A19-4357-8E55-682550210A0D}.tmp moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{AE67779B-9498-4E93-84BF-41B431E52924}.tmp moved successfully.
C:\Users\vkuznetsov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E3E67893-43CB-434D-8839-A22A1976DA9F}.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

OTL logfile created on: 14/11/13 16:16:58 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\vkuznetsov\Desktop
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd/MM/yy
 
1,97 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 37,38% Memory free
3,93 Gb Paging File | 2,66 Gb Available in Paging File | 67,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 51,42 Gb Free Space | 52,71% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 348,77 Gb Free Space | 94,75% Space Free | Partition Type: NTFS
 
Computer Name: FRIGOSERVE_PC | User Name: vkuznetsov | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\vkuznetsov\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_161_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\CCM\SCNotification.exe (Microsoft Corporation)
PRC - C:\Windows\CCM\RemCtrl\CmRcService.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Policy Platform\policyHost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\ABBYY Lingvo 12\Tutor.exe (ABBYY (BIT Software))
PRC - C:\Program Files\ABBYY Lingvo 12\LvAgent.exe (ABBYY (BIT Software))
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SCNotification\da33c0e56a0139d84211b72513954735\SCNotification.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Data\e6148158755bfb61edbfdaeb4f54e113\SCClient.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Common\790aa3269f6a924303104efe3da6f8af\SCClient.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\644dbdc66a606f0710557f8b1794bc35\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0f881bc8833c56ab7fcfef2bcc244441\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\7ae268d4c2071d1151ec8e02cd39a3aa\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\44d87641535e186f4a7fc9c469bc73dd\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e2a21510532f520930dba2d111b4ebb5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\485a21406ce7d08fe6cf0b40b706f460\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\aeb0f87b0bc25143473c460d018a96f7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\7e3570a0cc71998e14e7adb8e4ea0cbb\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\fe3923469740732d7c0c2f35bd1f167e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7ece4823b0e12cae58be346bbc3cdeac\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\b21ef81fc4131bd1edd6d0bae9d58932\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\0835155203a99b6a9bb540629920da0d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\fc16a5cafc433e6d942e9bd5b14fbeaf\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll ()
MOD - C:\Program Files\Notepad++\NppShell_05.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (CcmExec) -- C:\Windows\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\Windows\CCM\TSManager.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (CmRcService) -- C:\Windows\CCM\RemCtrl\CmRcService.exe (Microsoft Corporation)
SRV - (lppsvc) -- C:\Program Files\Microsoft Policy Platform\policyHost.exe (Microsoft Corporation)
SRV - (lpasvc) -- C:\Program Files\Microsoft Policy Platform\policyHost.exe (Microsoft Corporation)
SRV - (Sony PC Companion) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131113.023\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131113.023\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (prepdrvr) -- C:\Windows\System32\drivers\PrepDrv.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\vkuznetsov\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\y, = http://yandex.ru/yan...1787312&text=%s
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{9717a1766cc8ef8ed320ff954572b8cb}: "URL" =  http://nova.rambler....ef&words={WORDS}
IE - HKCU\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/pe...ms}&submitted=1
IE - HKCU\..\SearchScopes\Yandex: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = workflow.frigoglass.com;smtp.frigoglass.local;crm.frigoglass.com;hfm.frigoglass.group;owa.frigoglass.com;intranet.frigoglass.group;frigonet.frigoglass.group;grathplmdev01.frigoglass.group;Grathplmapl01.frigoglass.group;Grathplmdat01.frigoglass.group;grathnbk03.frigoglass.group;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.60.16:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Яндекс"
FF - prefs.js..browser.search.selectedEngine: "Яндекс"
FF - prefs.js..browser.search.suggest.enabled: true
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..keyword.enabled: true
FF - prefs.js..browser.startup.homepage: "http://www.yandex.ru...79&clid=2015152"
FF - prefs.js..keyword.URL: "http://yandex.ru/yan...id=1787312="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_161.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2013/08/29 16:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vkuznetsov\AppData\Roaming\mozilla\Firefox\Profiles\yandex.default\extensions
[2013/11/01 08:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vkuznetsov\AppData\Roaming\mozilla\Firefox\Profiles\yandex.default\extensions\staged
[2013/07/02 09:48:54 | 000,007,859 | ---- | M] () -- C:\Users\vkuznetsov\AppData\Roaming\mozilla\firefox\profiles\yandex.default\searchplugins\yandex.ru-094854.xml
[2013/06/13 20:45:26 | 000,034,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Яндекс (Enabled)
CHR - default_search_provider: search_url = http://yandex.ru/yan...xt={searchTerms}
CHR - default_search_provider: suggest_url = http://suggest.yande...rt={searchTerms}
CHR - homepage: http://www.yandex.ru/?clid=930634
 
O1 HOSTS File: ([2009/06/11 01:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {468CD8A9-7C25-45FA-969E-3D925C689DC4} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Lingvo Launcher] C:\Program Files\ABBYY Lingvo 12\Lvagent.exe (ABBYY (BIT Software))
O4 - HKCU..\Run: [Tutor.exe] C:\Program Files\ABBYY Lingvo 12\Tutor.exe (ABBYY (BIT Software))
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = Security Notice (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Перевести с помощью ABBYY Lingvo... - C:\Program Files\ABBYY Lingvo 12\Lingvo.exe (ABBYY (BIT Software))
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: frigoglass.group ([frigonet] http in Local intranet)
O15 - HKLM\..Trusted Domains: frigoglass.group ([hfm] http in Trusted sites)
O15 - HKLM\..Trusted Domains: frigoglass.group ([intranet] http in Local intranet)
O15 - HKLM\..Trusted Domains: frigonet ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: grathsps01 ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: *.frigoglass.group ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: *.frigoglass.group ([]https in Local intranet)
O15 - HKCU\..Trusted Domains: frigoglass.group ([frigonet] http in Local intranet)
O15 - HKCU\..Trusted Domains: frigoglass.group ([hfm] http in Trusted sites)
O15 - HKCU\..Trusted Domains: frigoglass.group ([intranet] http in Local intranet)
O15 - HKCU\..Trusted Domains: frigonet ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: grathccmps01 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: grathsps01 ([]http in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://3d.stolplit.r...cortvrml165.cab (ParallelGraphics Cortona Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.60.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = coolruore.frigoglass.group
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{665D7BBF-7CF2-4119-9C46-E7C42948F3A0}: DhcpNameServer = 192.168.60.10
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 01:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{67a0cb2f-3b43-11e1-9d45-d485649ce418}\Shell - "" = AutoRun
O33 - MountPoints2\{67a0cb2f-3b43-11e1-9d45-d485649ce418}\Shell\AutoRun\command - "" = I:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/14 16:05:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/14 11:15:17 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/11/14 11:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/11/14 11:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/11/13 11:11:44 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\AppData\Roaming\Malwarebytes
[2013/11/13 11:11:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/11/13 11:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/11/13 11:05:39 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\AppData\Roaming\Oracle
[2013/11/13 11:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/13 11:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/11/13 11:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/11/13 11:04:33 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/11/13 11:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/13 11:04:22 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/11/13 11:04:21 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/11/13 11:04:21 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/11/13 11:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/11/12 15:23:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/12 09:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/12 09:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/11/12 09:20:24 | 000,075,992 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/11/11 08:57:29 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\Desktop\cure
[2013/11/08 14:59:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\vkuznetsov\Desktop\OTL.exe
[2013/11/08 13:11:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/08 12:22:28 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\Doctor Web
[2013/11/08 10:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/11/08 10:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/11/05 09:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/05 09:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/05 09:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/05 09:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/11/05 09:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/11/01 11:20:17 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\AppData\Roaming\vlc
[2013/11/01 11:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/11/01 11:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/11/01 08:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WinterSoft
[2013/11/01 08:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Download, kEepoer
[2013/11/01 08:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\61f064c042cc6ba4
[2013/11/01 08:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/10/22 13:33:45 | 000,000,000 | R--D | C] -- C:\Users\vkuznetsov\Desktop\FeS & FMS
[2013/10/22 13:11:01 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/10/22 13:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/10/22 13:10:58 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\AppData\Roaming\Notepad++
[2013/10/22 13:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2013/10/22 13:01:55 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/22 13:01:52 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/18 15:02:54 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\Documents\My Received Files
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/14 16:19:25 | 000,016,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/14 16:19:25 | 000,016,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/14 16:14:38 | 000,000,580 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2013/11/14 16:11:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/14 16:11:45 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/14 15:22:10 | 000,037,444 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\2083261.PNG
[2013/11/14 13:39:51 | 000,028,706 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\1337995866_yahooeu_ru_35.jpg
[2013/11/14 12:59:53 | 000,051,557 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\uuusss.jpg
[2013/11/14 12:28:17 | 000,042,627 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\FwamsN6Uk2k.jpg
[2013/11/13 14:31:55 | 000,002,192 | -H-- | M] () -- C:\Users\vkuznetsov\Documents\Default.rdp
[2013/11/13 11:04:13 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/11/13 11:04:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/11/13 11:04:11 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/11/13 11:04:11 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/11/12 16:12:28 | 000,688,516 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2013/11/12 16:12:28 | 000,648,264 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/11/12 16:12:28 | 000,620,436 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/12 16:12:28 | 000,614,630 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2013/11/12 16:12:28 | 000,133,864 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2013/11/12 16:12:28 | 000,130,762 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/11/12 16:12:28 | 000,122,748 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2013/11/12 16:12:28 | 000,107,610 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/12 15:38:51 | 000,004,146 | RHS- | M] () -- C:\Users\vkuznetsov\ntuser.pol
[2013/11/12 14:19:52 | 000,062,730 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\KO.jpg
[2013/11/12 12:50:40 | 000,668,814 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\greetin.gif
[2013/11/12 09:20:46 | 000,075,992 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/11/08 14:59:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vkuznetsov\Desktop\OTL.exe
[2013/11/08 10:06:52 | 000,001,100 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\Registry Life.lnk
[2013/11/08 10:04:00 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/11/05 09:08:14 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/01 11:20:02 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/11/01 09:12:35 | 000,019,151 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\Doc_715613adbe474dd096a370fddfaa8245.rar
[2013/11/01 09:08:44 | 121,143,745 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\4. Adagio Sostenuto.flac
[2013/10/22 13:12:18 | 000,001,025 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\Notepad++.lnk
 
========== Files Created - No Company Name ==========
 
[2013/11/14 15:22:09 | 000,037,444 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\2083261.PNG
[2013/11/14 13:39:59 | 000,028,706 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\1337995866_yahooeu_ru_35.jpg
[2013/11/14 13:00:10 | 000,051,557 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\uuusss.jpg
[2013/11/14 12:28:16 | 000,042,627 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\FwamsN6Uk2k.jpg
[2013/11/12 14:20:25 | 000,062,730 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\KO.jpg
[2013/11/12 12:51:09 | 000,668,814 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\greetin.gif
[2013/11/08 10:04:00 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/11/05 09:08:14 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/01 11:20:02 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/11/01 09:12:35 | 000,019,151 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\Doc_715613adbe474dd096a370fddfaa8245.rar
[2013/11/01 08:57:47 | 121,143,745 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\4. Adagio Sostenuto.flac
[2013/10/22 13:11:01 | 000,001,025 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\Notepad++.lnk
[2013/10/14 12:13:17 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2013/08/30 08:22:09 | 000,000,064 | ---- | C] () -- C:\Users\vkuznetsov\AppData\Roaming\WB.CFG
[2012/09/07 10:58:28 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012/09/07 10:58:27 | 000,648,264 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012/09/07 10:58:27 | 000,130,762 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012/09/07 10:58:27 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012/09/07 10:40:47 | 000,614,630 | ---- | C] () -- C:\Windows\System32\perfh01F.dat
[2012/09/07 10:40:47 | 000,285,034 | ---- | C] () -- C:\Windows\System32\perfi01F.dat
[2012/09/07 10:40:47 | 000,122,748 | ---- | C] () -- C:\Windows\System32\perfc01F.dat
[2012/09/07 10:40:47 | 000,037,160 | ---- | C] () -- C:\Windows\System32\perfd01F.dat
[2012/08/24 09:03:15 | 000,000,580 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2012/03/05 08:41:58 | 000,004,096 | -H-- | C] () -- C:\Users\vkuznetsov\AppData\Local\keyfile3.drm
[2011/08/30 10:53:57 | 000,000,017 | ---- | C] () -- C:\Users\vkuznetsov\AppData\Local\resmon.resmoncfg
[2011/02/14 15:55:03 | 000,004,146 | RHS- | C] () -- C:\Users\vkuznetsov\ntuser.pol
[2011/02/14 15:54:32 | 000,005,394 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/14 08:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 05:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 05:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

 

 

Is it OK now?


Edited by vlad1s57, 14 November 2013 - 06:27 AM.


#19 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 14 November 2013 - 03:37 PM

Hello vlad1s57,

well done. :)

It Appears That Your Pc Is Now Clean!
 

***


Clean up:

Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL

:Commands
[emptytemp]
[clearallrestorepoints]
  • Close all other programs apart from OTL as this step may require a reboot
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Say Yes to the prompt and then allow the program to reboot your computer.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.


***


Here are some Preventive tips to reduce the potential for spyware infection in the future:

1. Browse more secure2. Enable Protected Mode in Internet Explorer. This helps Windows Vista, 7 / 8 users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
4. Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
5. Use only one anti-virus software and keep it up-to-date.

6. Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

7. Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

8. Use Strong passwords!

9. Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/


***


Graduate of the WTT Classroom
Cheers,
Jo

#20 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 18 November 2013 - 04:50 AM

Hi vlad1s57,

it has been several days since I sent my last set of instructions to help with your computer problem.

Could you do these final steps?

Note: Threads will be closed if no response after 3 days.
Graduate of the WTT Classroom
Cheers,
Jo

#21 vlad1s57

vlad1s57

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 18 November 2013 - 01:17 PM

Dear Jo*, hi.

I appologise but i'm on a business trip this week and will not return until Monday. Hope nothing bad is going to happen while i'm away. If u can wait till Monday, i would appreciate.

Cheers :-)

#22 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 26 November 2013 - 07:59 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users