Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

sedoparking connections

Started by thedtk , Oct 21 2011 09:17 AM

  • This topic is locked This topic is locked

#1
thedtk
Posted 21 October 2011 - 09:17 AM

thedtk

    New Member

  • Member
  • Pip
  • 3 posts
Dear Sirs!

My system running Win7 demonstrates strange behaivour. Some code tries to send PING packets and create sockets to the host 82.98.86.164 (www164.sedoparking.com). I'd be grateful if you could help me to stop this from happening.
Exercept from firewall log follows.

2011-10-21 19:01:51 DROP TCP 192.168.1.6 82.98.86.164 51299 445 0 - 0 0 0 - - - SEND
2011-10-21 19:01:52 DROP TCP 192.168.1.6 82.98.86.164 51304 445 0 - 0 0 0 - - - SEND
2011-10-21 19:01:53 DROP ICMP 192.168.1.6 82.98.86.164 - - 0 - - - - 8 0 - SEND
2011-10-21 19:01:53 DROP ICMP 192.168.1.6 82.98.86.164 - - 0 - - - - 8 0 - SEND
2011-10-21 19:01:53 DROP UDP 192.168.1.6 82.98.86.164 137 137 0 - - - - - - - SEND
2011-10-21 19:01:55 DROP UDP 192.168.1.6 82.98.86.164 137 137 0 - - - - - - - SEND
2011-10-21 19:01:56 DROP UDP 192.168.1.6 82.98.86.164 137 137 0 - - - - - - - SEND
2011-10-21 19:01:58 DROP TCP 192.168.1.6 82.98.86.164 51315 445 0 - 0 0 0 - - - SEND
2011-10-21 19:01:59 DROP TCP 192.168.1.6 82.98.86.164 51319 445 0 - 0 0 0 - - - SEND
2011-10-21 19:02:00 DROP ICMP 192.168.1.6 82.98.86.164 - - 0 - - - - 8 0 - SEND
2011-10-21 19:02:00 DROP ICMP 192.168.1.6 82.98.86.164 - - 0 - - - - 8 0 - SEND
2011-10-21 19:02:00 DROP UDP 192.168.1.6 82.98.86.164 137 137 0 - - - - - - - SEND
2011-10-21 19:02:02 DROP UDP 192.168.1.6 82.98.86.164 137 137 0 - - - - - - - SEND
2011-10-21 19:02:03 DROP UDP 192.168.1.6 82.98.86.164 137 137 0 - - - - - - - SEND
2011-10-21 19:02:05 DROP TCP 192.168.1.6 82.98.86.164 51337 445 0 - 0 0 0 - - - SEND
2011-10-21 19:02:06 DROP TCP 192.168.1.6 82.98.86.164 51341 445 0 - 0 0 0 - - - SEND
2011-10-21 19:02:07 DROP ICMP 192.168.1.6 82.98.86.164 - - 0 - - - - 8 0 - SEND
2011-10-21 19:02:07 DROP ICMP 192.168.1.6 82.98.86.164 - - 0 - - - - 8 0 - SEND
2011-10-21 19:02:07 DROP UDP 192.168.1.6 82.98.86.164 137 137 0 - - - - - - - SEND
2011-10-21 19:02:09 DROP UDP 192.168.1.6 82.98.86.164 137 137 0 - - - - - - - SEND
2011-10-21 19:02:10 DROP UDP 192.168.1.6 82.98.86.164 137 137 0 - - - - - - - SEND
2011-10-21 19:02:29 DROP TCP 192.168.1.6 82.98.86.164 51355 1270 0 - 0 0 0 - - - SEND
2011-10-21 19:02:30 DROP TCP 192.168.1.6 82.98.86.164 51355 1270 0 - 0 0 0 - - - SEND
2011-10-21 19:02:31 DROP TCP 192.168.1.6 82.98.86.164 51355 1270 0 - 0 0 0 - - - SEND


OTL log follows:

OTL logfile created on: 21.10.2011 18:55:44 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Пользователи\d_tokarenko\Загрузки
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 36,06% Memory free
3,73 Gb Paging File | 1,54 Gb Available in Paging File | 41,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60,00 Gb Total Space | 22,94 Gb Free Space | 38,23% Space Free | Partition Type: NTFS
Drive D: | 197,99 Gb Total Space | 41,46 Gb Free Space | 20,94% Space Free | Partition Type: NTFS
Drive E: | 4,38 Gb Total Space | 0,55 Gb Free Space | 12,57% Space Free | Partition Type: UDF

Computer Name: ST-TOKARE-DS-NB | User Name: d_tokarenko | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.10.21 18:55:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Пользователи\d_tokarenko\Загрузки\OTL.exe
PRC - [2011.10.06 11:22:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.07.21 13:11:24 | 012,023,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Lync\communicator.exe
PRC - [2011.06.24 08:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.26 00:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\d_tokarenko\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.04.27 14:45:14 | 001,522,328 | ---- | M] (Citrix Systems, Inc) -- C:\Program Files\Citrix\Secure Access Client\nsload.exe
PRC - [2011.04.27 14:42:50 | 000,154,776 | ---- | M] (Citrix Systems, Inc) -- C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
PRC - [2011.02.25 09:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.02 22:03:39 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.01.25 12:41:12 | 002,398,536 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2010.12.20 14:43:36 | 000,390,800 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010.12.20 14:43:32 | 000,804,608 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010.12.20 14:42:06 | 005,582,240 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010.11.20 16:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.03 20:31:22 | 000,596,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Lync\UcMapi.exe
PRC - [2010.10.12 18:23:04 | 000,824,752 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\pnamain.exe
PRC - [2010.10.12 17:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010.10.12 17:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010.10.12 16:55:18 | 002,024,888 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfica32.exe
PRC - [2010.10.12 16:44:00 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2010.08.24 16:54:34 | 001,458,032 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
PRC - [2010.08.24 16:51:50 | 000,388,464 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
PRC - [2010.07.28 12:45:12 | 000,727,664 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010.07.22 02:19:24 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010.07.22 02:19:24 | 000,245,842 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2010.07.21 16:01:38 | 000,147,840 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2010.07.20 13:12:02 | 001,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Forefront Client Security\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
PRC - [2010.07.20 13:09:42 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Forefront Client Security\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
PRC - [2010.07.19 17:42:16 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010.07.19 17:23:28 | 000,477,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010.06.22 11:33:38 | 000,034,232 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2010.06.09 17:38:30 | 000,463,912 | R--- | M] (Ericsson AB) -- C:\Program Files\Dell\Dell WWAN\WMCore\mini_WMCore.exe
PRC - [2010.06.04 15:29:14 | 000,292,208 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010.05.31 17:57:12 | 000,056,032 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2010.05.31 14:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010.05.10 15:24:12 | 001,803,584 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2010.04.26 08:44:12 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe
PRC - [2010.03.29 20:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010.03.29 12:45:48 | 001,164,648 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2010.03.29 12:45:46 | 000,132,456 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
PRC - [2010.03.23 10:57:48 | 015,889,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2010.03.16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2010.02.17 15:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010.01.08 15:55:16 | 002,823,456 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2010.01.08 15:55:16 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010.01.08 15:55:16 | 000,628,000 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.11.20 17:42:48 | 000,278,304 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2009.09.18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009.07.14 05:14:24 | 001,401,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
PRC - [2009.03.03 02:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
PRC - [2007.04.06 04:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Forefront Client Security\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
PRC - [2005.07.21 11:15:14 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Forefront Client Security\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMHost.exe
PRC - [2005.07.21 11:14:58 | 000,134,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Forefront Client Security\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe


========== Modules (No Company Name) ==========

MOD - [2011.10.20 14:54:38 | 001,545,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCEx\09856e5c68686a53563775f9359e07ac\MMCEx.ni.dll
MOD - [2011.10.20 12:12:06 | 000,561,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\189ddbba16fb3c5b7f2250b3286ad0fa\Microsoft.ManagementConsole.ni.dll
MOD - [2011.10.20 12:12:06 | 000,287,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\6bc5509877a8e98672c09d8279aa93f0\MMCFxCommon.ni.dll
MOD - [2011.10.20 12:09:45 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011.10.20 10:31:22 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011.10.20 10:31:21 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.10.20 10:30:17 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.10.20 10:30:09 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.20 10:30:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.20 10:29:51 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.20 10:28:44 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.10.10 10:33:53 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.10.06 11:22:53 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010.12.20 14:41:26 | 011,181,232 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\Common\ti_managers.dll
MOD - [2010.11.20 17:01:06 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MMCEx.resources\3.0.0.0_ru_31bf3856ad364e35\MMCEx.resources.dll
MOD - [2010.11.13 03:39:52 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_ru_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.09.24 12:54:09 | 000,046,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.460.18066__f25c74fcad379103\Status Lib.dll
MOD - [2010.09.24 12:54:09 | 000,014,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.460.18065__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2010.07.28 12:45:12 | 000,727,664 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010.04.13 12:39:08 | 001,017,344 | ---- | M] () -- C:\Program Files\Citrix\ICA Client\avcodec-52.dll
MOD - [2010.04.13 12:39:08 | 000,124,416 | ---- | M] () -- C:\Program Files\Citrix\ICA Client\swscale-0.dll
MOD - [2010.04.13 12:39:08 | 000,118,272 | ---- | M] () -- C:\Program Files\Citrix\ICA Client\avformat-52.dll
MOD - [2010.04.13 12:39:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Citrix\ICA Client\avutil-50.dll
MOD - [2010.03.02 12:46:38 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
MOD - [2010.02.28 02:55:42 | 001,040,736 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010.01.30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.01.19 12:46:00 | 000,270,336 | ---- | M] () -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll
MOD - [2010.01.19 12:44:30 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2009.07.14 11:00:54 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.resources\3.0.0.0_ru_31bf3856ad364e35\Microsoft.ManagementConsole.resources.dll
MOD - [2008.11.12 13:29:14 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_RUS.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.04.27 14:42:50 | 000,154,776 | ---- | M] (Citrix Systems, Inc) [Auto | Running] -- C:\Program Files\Citrix\Secure Access Client\nsverctl.exe -- (nsverctl)
SRV - [2011.02.02 22:03:39 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.02.02 21:54:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.01.25 12:41:12 | 002,398,536 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2010.12.20 14:43:32 | 000,804,608 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.08.24 16:51:50 | 000,388,464 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2010.08.13 00:34:34 | 000,645,704 | ---- | M] (Компания Крипто-Про) [Auto | Running] -- C:\Program Files\Crypto Pro\CSP\cpcspi.dll -- (cpcsp1)
SRV - [2010.07.22 02:19:24 | 000,245,842 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010.07.20 13:09:42 | 000,016,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Forefront Client Security\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)
SRV - [2010.07.19 17:42:16 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2010.07.19 17:23:28 | 000,477,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2010.06.09 17:38:30 | 000,463,912 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2010.05.10 15:24:12 | 001,803,584 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2010.04.26 08:44:12 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe -- (QDLService2kDell) Qualcomm Gobi 2000 Download Service (Dell)
SRV - [2010.03.29 12:45:48 | 001,164,648 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2010.02.03 17:24:20 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010.01.08 15:55:16 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.11.20 17:42:48 | 000,278,304 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2009.09.18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009.09.18 05:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009.07.14 05:16:20 | 000,010,752 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\Windows\System32\wpcsvc.dll -- (WPCSvc)
SRV - [2009.07.14 05:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 05:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 05:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 05:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 05:15:10 | 000,218,624 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.03.03 02:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2008.11.12 13:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007.04.06 04:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Forefront Client Security\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe -- (FcsSas)
SRV - [2005.07.21 11:14:58 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Forefront Client Security\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe -- (MOM)


========== Driver Services (SafeList) ==========

DRV - [2011.04.27 14:43:04 | 000,041,624 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctxva51.sys -- (ctxva51)
DRV - [2011.02.02 22:03:41 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011.02.02 22:03:36 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2011.02.02 22:03:35 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011.02.02 22:03:31 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010.11.20 16:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 16:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 16:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 16:30:00 | 000,078,208 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (mountmgr)
DRV - [2010.11.20 14:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 14:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 13:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 13:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 13:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.08.04 10:56:40 | 000,082,560 | ---- | M] (Citrix Systems, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys -- (cag)
DRV - [2010.08.03 00:36:22 | 000,056,144 | ---- | M] (Компания Крипто-Про) [Kernel | System | Running] -- C:\Windows\System32\drivers\CProCtrl.sys -- (CProCtrl)
DRV - [2010.07.22 02:19:24 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010.07.14 12:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010.07.14 04:42:24 | 006,814,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Драйвер адаптера Intel®
DRV - [2010.07.09 10:41:42 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010.07.09 10:41:34 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\stdcfltn.sys -- (stdcfltn)
DRV - [2010.06.21 21:59:30 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010.03.19 16:39:08 | 000,059,904 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2010.01.19 12:46:44 | 000,229,888 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009.09.18 05:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009.09.18 03:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009.09.15 11:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Драйвер адаптера Intel®
DRV - [2009.07.14 05:19:11 | 000,297,040 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009.07.14 03:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.01 12:57:58 | 000,013,312 | ---- | M] (Компания "Актив") [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtIFDH.sys -- (RTIFDH)
DRV - [2009.04.29 15:37:26 | 000,025,088 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2009.03.30 04:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.06.04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ru.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 C7 09 85 4B ED CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.3.48.6: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.06 11:22:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.12 16:17:48 | 000,000,000 | ---D | M]

[2011.03.29 12:13:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\d_tokarenko\AppData\Roaming\mozilla\Extensions
[2011.10.18 11:45:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\d_tokarenko\AppData\Roaming\mozilla\Firefox\Profiles\oco1i31n.default\extensions
[2011.10.13 10:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.10.13 10:54:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.08.15 12:22:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\D_TOKARENKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OCO1I31N.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011.10.06 11:22:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.10.12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010.10.12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010.10.12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010.10.12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011.08.15 12:22:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2011.07.21 13:09:28 | 000,032,040 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2010.10.12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2011.10.06 11:22:52 | 000,002,549 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mailru.xml
[2011.10.06 11:22:52 | 000,005,568 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ozonru.xml
[2011.10.06 11:22:52 | 000,001,133 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\priceru.xml
[2011.10.06 11:22:52 | 000,001,304 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-ru.xml
[2011.10.06 11:22:52 | 000,001,548 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yandex-slovari.xml
[2011.10.06 11:22:52 | 000,001,719 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yandex.xml

O1 HOSTS File: ([2009.06.11 01:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [Microsoft Forefront Client Security Antimalware Service] C:\Program Files\Forefront Client Security\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\d_tokarenko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\d_tokarenko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\d_tokarenko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Вырезка экрана и программа запуска для OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Отправить в OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: &Экспорт в Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Отправить изображение на &устройство Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Отправить страницу на &устройство Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Дополнительный компонент Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Дополнительный компонент Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: &Связанные заметки OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Связанные заметки OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: it-shp2010 ([]http in Местная интрасеть)
O15 - HKCU\..Trusted Domains: scartel.ru ([eh01spb] http in Надежные узлы)
O15 - HKCU\..Trusted Domains: sl-shp ([]* in Надежные узлы)
O15 - HKCU\..Trusted Domains: sl-shp ([]http in Местная интрасеть)
O15 - HKCU\..Trusted Domains: step.ru ([sl] https in Надежные узлы)
O15 - HKCU\..Trusted Domains: steplogic.ru ([]* in Надежные узлы)
O15 - HKCU\..Trusted Domains: steplogic.ru ([]http in Местная интрасеть)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.3.1.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://cisco.webex....ex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = StepLogic.ru
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{914DD233-2316-4BCA-800A-32538F48E383}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\cpcsp: DllName - (C:\Program Files\Crypto Pro\CSP\cpcspi.dll) - C:\Program Files\Crypto Pro\CSP\cpcspi.dll (Компания Крипто-Про)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) -C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Security Packages - (cpssl) -C:\Windows\System32\cpssl.dll (Компания Крипто-Про)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 01:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.10.21 11:40:58 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Roaming\Malwarebytes
[2011.10.21 11:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.21 11:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.21 11:40:42 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.21 11:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.21 11:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мышь Microsoft
[2011.10.21 11:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011.10.21 11:00:11 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{FF6DC578-7EB3-4475-8734-5E90AC775FF6}
[2011.10.20 10:30:25 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{16C52E0C-9C4B-4F68-A4E1-4FDEFECF3D74}
[2011.10.20 10:30:08 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{69403929-514E-4807-9FE0-72BCDA455574}
[2011.10.19 10:53:06 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{1581E210-ECF4-4782-850A-19556B1584B0}
[2011.10.19 10:52:53 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{4D4CA3D6-CD4A-4415-86BE-88FFE84F2D89}
[2011.10.18 11:24:45 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{FDE79470-D838-4A9E-B86C-69EE625E9D7E}
[2011.10.18 11:24:33 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{C8338D52-D1FE-4C64-B448-87C41CC19806}
[2011.10.17 10:29:13 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{1B38336F-A8EE-4DA4-8A94-A4719BE549EA}
[2011.10.17 10:28:59 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{41604806-74B0-4226-B96E-639F455F78D4}
[2011.10.14 11:06:23 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{BD4CDC05-D6D1-4FC1-BAA9-DC32D2D3F605}
[2011.10.14 11:06:11 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{5CE05DF2-8238-428E-B06E-2DD1727CDF8C}
[2011.10.13 10:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.10.13 10:53:51 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{F3502B4A-02B9-4C68-952B-1679F91EE6EE}
[2011.10.13 10:53:37 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{498C9654-8ED6-4FD5-A34C-B93DC4BEB733}
[2011.10.13 10:53:37 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{26BC2853-B2DB-44E4-86B5-09134110231F}
[2011.10.12 10:47:59 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{DD522E20-5589-423B-9D86-931049335440}
[2011.10.12 10:47:35 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{D6837F9A-5E74-41FC-AFA2-DA8B7C366091}
[2011.10.11 10:27:27 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{745A5F0A-2374-485A-BE15-310A3E6A12B2}
[2011.10.11 10:27:15 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{85E5F7C0-80C7-4F4D-AC89-B8810BEADD44}
[2011.10.10 11:42:20 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{10E49FB0-5BAF-464C-92F2-9AA42BA1E8B8}
[2011.10.10 11:42:17 | 000,000,000 | ---D | C] -- C:\Users\d_tokarenko\AppData\Local\{5D203BE7-BA77-43F2-AF24-27094290ADDE}
[2011.10.10 11:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011.10.10 11:36:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011.10.10 11:25:12 | 000,000,000 | ---D | C] -- C:\Windows\ru
[2011.10.10 11:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011.09.30 10:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1С Предприятие 8.2
[2011.09.30 10:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\1cv82
[2011.09.30 10:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\1C
[2011.09.27 12:23:30 | 000,000,000 | ---D | C] -- D:\Пользователи\d_tokarenko\Мои документы\@ИБДА
[2011.05.04 10:51:34 | 000,454,656 | ---- | C] (Simon Tatham) -- C:\Program Files\putty.exe
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.10.21 15:43:54 | 000,809,732 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2011.10.21 15:43:54 | 000,178,658 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2011.10.21 15:43:53 | 000,739,194 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.21 15:43:53 | 000,150,196 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.21 15:42:45 | 000,018,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.21 15:42:45 | 000,018,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.21 15:37:59 | 000,000,462 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2011.10.21 15:35:47 | 000,000,000 | ---- | M] () -- C:\Users\d_tokarenko\AppData\Local\WavXMapDrive.bat
[2011.10.21 15:35:08 | 000,483,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.21 15:34:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.21 15:34:42 | 1501,966,336 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.21 15:34:41 | 000,222,392 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2011.10.21 15:12:58 | 000,190,482 | ---- | M] () -- D:\Пользователи\d_tokarenko\Рабочий стол\СТЭП ЛОДЖИК; график дежурств 10.2011.pdf
[2011.10.20 10:32:09 | 000,043,152 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.10.20 10:28:43 | 000,005,296 | RHS- | M] () -- C:\Users\d_tokarenko\ntuser.pol
[2011.10.18 17:51:09 | 000,002,036 | -H-- | M] () -- D:\Пользователи\d_tokarenko\Мои документы\Default.rdp
[2011.10.18 13:19:26 | 003,929,160 | ---- | M] () -- D:\Пользователи\d_tokarenko\Рабочий стол\Телефонный справочник.htm
[2011.10.18 12:43:03 | 001,670,226 | ---- | M] () -- D:\Пользователи\d_tokarenko\Рабочий стол\Заявление о выдаче паспорта.pdf
[2011.10.17 16:56:24 | 000,115,712 | ---- | M] () -- D:\Пользователи\d_tokarenko\Рабочий стол\ЗИП.vsd
[2011.10.17 13:05:57 | 001,231,476 | ---- | M] () -- D:\Пользователи\d_tokarenko\Рабочий стол\243-31228.pdf
[2011.10.14 15:37:34 | 000,092,288 | ---- | M] () -- D:\Пользователи\d_tokarenko\Рабочий стол\АТЛАС_ИКИ.png
[2011.10.14 15:31:48 | 000,051,438 | ---- | M] () -- D:\Пользователи\d_tokarenko\Рабочий стол\АТЛАС_M9.png
[2011.10.14 15:26:05 | 000,334,848 | ---- | M] () -- D:\Пользователи\d_tokarenko\Рабочий стол\АТЛАС_ТЕЛЕКОМ_-_Схемы.vsd
[2011.10.14 12:53:35 | 003,520,313 | ---- | M] () -- D:\Пользователи\d_tokarenko\Рабочий стол\Принципиальная_схема_св.jpg
[2011.10.14 12:53:14 | 003,509,324 | ---- | M] () -- D:\Пользователи\d_tokarenko\Рабочий стол\Перспективная_схема_кан.jpg
[2011.10.13 13:45:39 | 000,240,331 | ---- | M] () -- D:\Пользователи\d_tokarenko\Рабочий стол\Форма Заявка на работы.zip
[2011.10.13 13:45:10 | 000,000,257 | ---- | M] () -- D:\Пользователи\d_tokarenko\Рабочий стол\Regupdate.reg
[2011.10.13 13:43:17 | 000,919,512 | ---- | M] () -- D:\Пользователи\d_tokarenko\Рабочий стол\setup.exe
[2011.10.11 16:20:52 | 000,348,160 | ---- | M] () -- D:\Пользователи\d_tokarenko\Рабочий стол\Развертывание LTE.mpp
[2011.10.10 11:21:08 | 000,000,020 | ---- | M] () -- C:\Windows\ щr
[2011.09.30 10:12:19 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\1C Предприятие.lnk
[2011.09.27 12:13:53 | 000,001,276 | ---- | M] () -- C:\Users\d_tokarenko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Вырезка экрана и программа запуска для OneNote 2010.lnk
[2011.09.22 14:51:54 | 000,253,440 | ---- | M] () -- D:\Пользователи\d_tokarenko\Рабочий стол\Инструкция о диспетчеризации заявок Скартел.vsd
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.10.19 13:23:53 | 000,190,482 | ---- | C] () -- D:\Пользователи\d_tokarenko\Рабочий стол\СТЭП ЛОДЖИК; график дежурств 10.2011.pdf
[2011.10.18 13:19:26 | 003,929,160 | ---- | C] () -- D:\Пользователи\d_tokarenko\Рабочий стол\Телефонный справочник.htm
[2011.10.17 16:59:56 | 001,670,226 | ---- | C] () -- D:\Пользователи\d_tokarenko\Рабочий стол\Заявление о выдаче паспорта.pdf
[2011.10.17 16:52:54 | 000,115,712 | ---- | C] () -- D:\Пользователи\d_tokarenko\Рабочий стол\ЗИП.vsd
[2011.10.17 13:05:57 | 001,231,476 | ---- | C] () -- D:\Пользователи\d_tokarenko\Рабочий стол\243-31228.pdf
[2011.10.14 15:37:31 | 000,092,288 | ---- | C] () -- D:\Пользователи\d_tokarenko\Рабочий стол\АТЛАС_ИКИ.png
[2011.10.14 15:31:48 | 000,051,438 | ---- | C] () -- D:\Пользователи\d_tokarenko\Рабочий стол\АТЛАС_M9.png
[2011.10.14 15:26:05 | 000,334,848 | ---- | C] () -- D:\Пользователи\d_tokarenko\Рабочий стол\АТЛАС_ТЕЛЕКОМ_-_Схемы.vsd
[2011.10.14 12:53:34 | 003,520,313 | ---- | C] () -- D:\Пользователи\d_tokarenko\Рабочий стол\Принципиальная_схема_св.jpg
[2011.10.14 12:53:14 | 003,509,324 | ---- | C] () -- D:\Пользователи\d_tokarenko\Рабочий стол\Перспективная_схема_кан.jpg
[2011.10.13 13:45:39 | 000,240,331 | ---- | C] () -- D:\Пользователи\d_tokarenko\Рабочий стол\Форма Заявка на работы.zip
[2011.10.13 13:44:48 | 000,919,512 | ---- | C] () -- D:\Пользователи\d_tokarenko\Рабочий стол\setup.exe
[2011.10.12 12:51:41 | 000,000,257 | ---- | C] () -- D:\Пользователи\d_tokarenko\Рабочий стол\Regupdate.reg
[2011.10.10 12:58:30 | 000,348,160 | ---- | C] () -- D:\Пользователи\d_tokarenko\Рабочий стол\Развертывание LTE.mpp
[2011.10.10 11:21:55 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011.10.10 11:21:16 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011.10.10 11:21:07 | 000,000,020 | ---- | C] () -- C:\Windows\ щr
[2011.10.10 11:20:45 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011.10.10 11:20:25 | 000,002,432 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011.09.30 10:12:19 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\1C Предприятие.lnk
[2011.09.27 12:13:53 | 000,001,276 | ---- | C] () -- C:\Users\d_tokarenko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Вырезка экрана и программа запуска для OneNote 2010.lnk
[2011.09.22 14:51:53 | 000,253,440 | ---- | C] () -- D:\Пользователи\d_tokarenko\Рабочий стол\Инструкция о диспетчеризации заявок Скартел.vsd
[2011.07.22 11:33:18 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.04.12 11:41:27 | 000,000,435 | ---- | C] () -- C:\Windows\System32\dsac.exe.config
[2011.03.28 18:11:36 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.03.28 18:10:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.03 05:54:58 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2011.02.02 20:04:51 | 000,000,000 | ---- | C] () -- C:\Users\d_tokarenko\AppData\Local\WavXMapDrive.bat
[2011.02.02 20:04:05 | 000,000,462 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2010.09.24 12:49:38 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2010.09.24 12:49:21 | 000,043,152 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.09.24 12:49:20 | 000,000,206 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2010.07.28 21:01:14 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010.07.28 21:01:12 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010.07.28 21:01:10 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010.07.28 20:18:42 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.07.28 20:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.07.28 20:14:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.03.02 12:46:38 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2010.02.04 11:18:22 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_th.dll
[2010.02.04 11:18:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
[2010.02.04 11:18:20 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sl.dll
[2010.02.04 11:18:18 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sk.dll
[2010.02.04 11:18:18 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_hr.dll
[2010.02.04 11:18:12 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2010.02.04 11:18:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2010.02.04 11:18:10 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2010.02.04 11:18:10 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2010.02.04 11:18:08 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2010.02.04 11:18:08 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2010.02.04 11:18:06 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2010.02.04 11:18:06 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2010.02.04 11:18:04 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2010.02.04 11:18:04 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2010.02.04 11:18:02 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2010.02.04 11:18:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2010.02.04 11:18:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2010.02.04 11:17:58 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2010.02.04 11:17:58 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2010.02.04 11:17:56 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2010.02.04 11:17:56 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2010.02.04 11:17:54 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2010.02.04 11:17:54 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2010.02.04 11:17:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2010.02.04 11:17:50 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2010.02.04 11:17:50 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2010.02.04 11:17:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2010.02.04 11:17:46 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2010.01.19 12:44:30 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2009.11.06 15:27:22 | 000,839,680 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2009.08.26 16:25:08 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2009.07.14 11:01:34 | 000,809,732 | ---- | C] () -- C:\Windows\System32\perfh019.dat
[2009.07.14 11:01:34 | 000,336,704 | ---- | C] () -- C:\Windows\System32\perfi019.dat
[2009.07.14 11:01:34 | 000,178,658 | ---- | C] () -- C:\Windows\System32\perfc019.dat
[2009.07.14 11:01:34 | 000,039,446 | ---- | C] () -- C:\Windows\System32\perfd019.dat
[2009.07.14 08:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 08:33:53 | 000,483,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 06:05:48 | 000,739,194 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 06:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 06:05:48 | 000,150,196 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 06:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 06:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 06:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 03:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 03:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 03:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.11 01:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.03.25 09:46:00 | 000,077,536 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
[2006.06.30 12:58:44 | 000,176,128 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2006.06.30 12:58:44 | 000,126,976 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2005.07.21 11:01:04 | 000,008,527 | ---- | C] () -- C:\Windows\System32\MOMCounters.ini
[2005.07.21 11:01:04 | 000,005,295 | ---- | C] () -- C:\Windows\System32\MomAgntCtrs.ini

========== LOP Check ==========

[2011.10.04 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\d_tokarenko\AppData\Roaming\1C
[2011.02.02 22:41:40 | 000,000,000 | ---D | M] -- C:\Users\d_tokarenko\AppData\Roaming\Acronis
[2011.02.02 20:05:05 | 000,000,000 | ---D | M] -- C:\Users\d_tokarenko\AppData\Roaming\Broadcom
[2011.10.20 10:30:02 | 000,000,000 | ---D | M] -- C:\Users\d_tokarenko\AppData\Roaming\Dropbox
[2011.08.19 17:30:37 | 000,000,000 | ---D | M] -- C:\Users\d_tokarenko\AppData\Roaming\GHISLER
[2011.04.13 19:14:25 | 000,000,000 | ---D | M] -- C:\Users\d_tokarenko\AppData\Roaming\ICAClient
[2011.09.07 18:51:45 | 000,000,000 | ---D | M] -- C:\Users\d_tokarenko\AppData\Roaming\Jpeg Resampler
[2011.07.06 18:57:14 | 000,000,000 | ---D | M] -- C:\Users\d_tokarenko\AppData\Roaming\KDE
[2011.02.02 20:05:06 | 000,000,000 | ---D | M] -- C:\Users\d_tokarenko\AppData\Roaming\Wave Systems Corp
[2011.06.14 11:59:41 | 000,000,000 | ---D | M] -- C:\Users\d_tokarenko\AppData\Roaming\webex
[2011.08.02 10:20:57 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Render
Posted 25 October 2011 - 05:37 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Unfortunately, as your computer is a company/business computer (StepLogic.ru), I am unable to help. There will be various settings, restrictions, and domain policies on the computer that I would not be aware of and these may mean that many of the tools I would need to use to clean the computer will not work. Even if the tools did work, they are likely to affect the settings of the computer which may result in it either not working properly or not at all.

I suggest you contact your company's IT support desk without delay.
  • 0

#3
thedtk
Posted 25 October 2011 - 12:36 PM

thedtk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Hi,

Unfortunately, as your computer is a company/business computer (StepLogic.ru), I am unable to help. There will be various settings, restrictions, and domain policies on the computer that I would not be aware of and these may mean that many of the tools I would need to use to clean the computer will not work. Even if the tools did work, they are likely to affect the settings of the computer which may result in it either not working properly or not at all.

I suggest you contact your company's IT support desk without delay.


Many thanks for your kind attention! I realized that the best choice for me is to restore from image. I used to back up system after initial setup and periodically update this image with new software updates.
I just can't figure how did they get me! The only thing I did wrong was shut down the firewall. And after getting it up and running I noticed this activity. MS Forefront and Malwarebytes did not find anything suspicious...
  • 0

#4
Render
Posted 25 October 2011 - 01:01 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
You are welcome. But please confirm that this is company computer. I only assume it's company's as it is on domain and you are not logged in as administrator.
  • 0

#5
thedtk
Posted 26 October 2011 - 01:49 PM

thedtk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

You are welcome. But please confirm that this is company computer. I only assume it's company's as it is on domain and you are not logged in as administrator.

Yes it is company's computer.
  • 0

#6
Render
Posted 26 October 2011 - 01:53 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. As I've already said. I suggest you contact your company's IT support department.
  • 0

#7
Render
Posted 15 November 2011 - 04:28 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP