- This topic has 12 ответов, 2 участника, and was last updated 16 years назад by
.
-
Сообщения
-
Здравствуйте! Хотелось бы получить помощь в решении моей проблемы!
При наведении курсора на какой нибудь файл, папку, ярлык на рабочем столе нажимаю на правую клавишу мыши и вместо окна с выбором действий получаю зависание системы, причем никакими способами вывести из этого состояния не могу кроме как кнопкой перезагрузки. Предположил что вирус, сканировал антивирусом (стоит лицензионный Outpost Security Suite Pro ) вирусов не обнаружил, скачал Dr. Web сканировал результат тот же. Может кто сталкивался с подобной проблемой?
Прошу помочь!!!
Прилагаю log и info сканирования программы RSITЗдравствуйте, добро пожаловать на Spyware-ru форум.
Скачайте инсталлятор HijackThis кликнув по этой ссылке и сохраните файл на ваш рабочий стол.
Кликните дважды по иконке HJTinstall.exe на вашем рабочем столе для установки программы на ваш компьютер.
По окончании процедуры инсталляции на вашем рабочем столе появится иконка HijackThis и программа автоматически запустится.
Закройте её.Запустите RSIT снова, по-окончании сканирования откроётся ноый log.txt вставьте его содержимое в ваше ответное сообщение.
Valeri, спасибо что ответили!
Сделал все как вы сказали,вставляю лог.
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2009-06-16 00:59:27
Microsoft Windows XP Professional Service Pack 3
System drive C: has 89 GB (87%) free of 103 GB
Total RAM: 1023 MB (44% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:59:44, on 16.06.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32oodag.exe
C:WINDOWSsystem32IoctlSvc.exe
C:WINDOWSsystem32HPZipm12.exe
C:Program FilesCyberLinkShared filesRichVideo.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesAnalog DevicesSoundMAXSmax4.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesJavajre6binjusched.exe
C:Program FilesMail.RuAgentMAgent.exe
C:WINDOWSsystem32oodtray.exe
C:Program FilesCyberLinkPowerDVD8PDVD8Serv.exe
C:Program FilesCyberlinkShared Filesbrs.exe
C:Program FilesVistaDriveIconVistaDrv.exe
C:Program FilesPunto Switcherpunto.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Program FilesAVerTVQuickTV.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclRSSrv.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSexplorer.exe
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe
C:Program FilesNokiaNokia PC Suite 7OneTouchAccess.exe
C:Program FilesOperaopera.exe
C:Documents and SettingsAdminРабочий столRSIT.exe
C:Program FilesTrend MicroHijackThisAdmin.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://xtreme.ws/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesmail.rusputnikMailRuSputnik.dll
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
O2 — BHO: SnagIt Toolbar Loader — {00C6482D-C502-44C8-8409-FCE54AD9C208} — C:Program FilesTechSmithSnagit 9SnagitBHO.dll
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — c:program filesmail.rusputnikMailRuSputnik.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: Snagit — {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} — C:Program FilesTechSmithSnagit 9SnagitIEAddin.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesmail.rusputnikMailRuSputnik.dll
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [SoundMAX] «C:Program FilesAnalog DevicesSoundMAXSmax4.exe» /tray
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [OODefragTray] C:WINDOWSsystem32oodtray.exe
O4 — HKLM..Run: [RemoteControl8] «C:Program FilesCyberLinkPowerDVD8PDVD8Serv.exe»
O4 — HKLM..Run: [PDVD8LanguageShortcut] «C:Program FilesCyberLinkPowerDVD8LanguageLanguage.exe»
O4 — HKLM..Run: [BDRegion] C:Program FilesCyberlinkShared Filesbrs.exe
O4 — HKLM..Run: [OutpostMonitor] C:PROGRA~1AgnitumOUTPOS~1op_mon.exe /tray /noservice
O4 — HKLM..Run: [OutpostFeedBack] «C:Program FilesAgnitumOutpost Security Suite Profeedback.exe» /dump:os_startup
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherpunto.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [PC Suite Tray] «C:Program FilesNokiaNokia PC Suite 7PCSuite.exe» -onlytray
O4 — HKCU..Run: [AlcoholAutomount] «C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKCU..Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe» ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Global Startup: QuickTV.lnk = C:Program FilesAVerTVQuickTV.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Поиск@Mail.Ru — res://c:program filesmail.rusputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://c:program filesmail.rusputnikMailRuSputnik.dll/283
O9 — Extra button: Быстрая настройка Outpost Security Suite Pro — {44627E97-789B-40d4-B5C2-58BD171129A1} — C:Program FilesAgnitumOutpost Security Suite Proie_bar.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O17 — HKLMSystemCCSServicesTcpip..{C4A8DA9D-27B0-4108-99B2-6C6055E662A4}: NameServer = 10.17.128.1 217.66.145.1
O20 — AppInit_DLLs: c:progra~1agnitumoutpos~1wl_hook.dll
O23 — Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) — ABBYY (BIT Software) — C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe
O23 — Service: Agnitum Client Security Service (acssrv) — Agnitum Ltd. — C:PROGRA~1AgnitumOUTPOS~1acs.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: HP Port Resolver — Hewlett-Packard Company — C:WINDOWSsystem32spooldriversw32x863HPBPRO.EXE
O23 — Service: HP Status Server — Hewlett-Packard Company — C:WINDOWSsystem32spooldriversw32x863HPBOID.EXE
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: O&O Defrag — O&O Software GmbH — C:WINDOWSsystem32oodag.exe
O23 — Service: PLFlash DeviceIoControl Service — Prolific Technology Inc. — C:WINDOWSsystem32IoctlSvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared filesRichVideo.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 11858 bytes======Scheduled tasks folder======
C:WINDOWStasksWebReg Photosmart C5100 series.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader — C:Program FilesTechSmithSnagit 9SnagitBHO.dll [2009-01-22 68936][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — c:program filesmail.rusputnikMailRuSputnik.dll [2009-05-16 680624][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2008-10-24 157696][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-05-13 35840][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-05-13 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} — Snagit — C:Program FilesTechSmithSnagit 9SnagitIEAddin.dll [2009-01-22 211272]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll [2009-05-16 680624][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2005-05-20 925696]
«SoundMAX»=C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2005-09-07 716800]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2009-02-09 13680640]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2009-02-09 86016]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-05-13 148888]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-02-27 35696]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-05-16 6210744]
«OODefragTray»=C:WINDOWSsystem32oodtray.exe [2009-02-25 2553088]
«RemoteControl8″=C:Program FilesCyberLinkPowerDVD8PDVD8Serv.exe [2008-03-20 83240]
«PDVD8LanguageShortcut»=C:Program FilesCyberLinkPowerDVD8LanguageLanguage.exe [2007-12-14 50472]
«BDRegion»=C:Program FilesCyberlinkShared Filesbrs.exe [2008-06-27 91432]
«OutpostMonitor»=C:PROGRA~1AgnitumOUTPOS~1op_mon.exe [2009-04-15 1289048]
«OutpostFeedBack»=C:Program FilesAgnitumOutpost Security Suite Profeedback.exe [2009-04-14 433496][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2008-03-23 132096]
«Punto Switcher»=C:Program FilesPunto Switcherpunto.exe [2008-10-30 734504]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-12-19 37376]
«PC Suite Tray»=C:Program FilesNokiaNokia PC Suite 7PCSuite.exe [2009-03-20 1312256]
«AlcoholAutomount»=C:Program FilesAlcohol SoftAlcohol 120axcmd.exe [2008-09-02 205256]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe [2008-12-12 1840424][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHDInspector.exe]
[][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]
C:Program FilesHPHP Software UpdateHPWuSchd2.exe [2006-02-19 49152][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBKeyScan]
C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [2008-12-02 2221352][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:Program FilesCommon FilesNeroLibNeroCheck.exe [2008-11-06 570664][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^HP Digital Imaging Monitor.lnk]
C:PROGRA~1HPDIGITA~1binhpqtra08.exe [2006-02-19 288472][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Быстрый запуск HP Photosmart Premier.lnk]
C:PROGRA~1HPDIGITA~1binhpqthb08.exe [2006-02-10 73728]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
QuickTV.lnk — C:Program FilesAVerTVQuickTV.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»c:progra~1agnitumoutpos~1wl_hook.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2007-06-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSMConfigurePrograms»=1
«NoSMHelp»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{048d95f6-58b5-11de-8fe5-af55cdc9ec09}]
shellAutocommand — RavMonE.exe e
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
shellexplorecommand — RavMonE.exe e
shellopencommand — RavMonE.exe e[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b84682a8-451f-11de-8f99-9b7c5d7362b1}]
shellAutoRuncommand — K:Programsnu2menunu2menu.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{bd79c2d9-3f10-11de-8a4c-806d6172696f}]
shellPlayWithPowerDVD8command — «C:Program FilesCyberLinkPowerDVD8PowerDVD8.exe» «%L»======List of files/folders created in the last 1 months======
2009-06-15 13:39:37 —-A—- C:audiodec.txt
2009-06-14 01:32:25 —-D—- C:rsit
2009-06-14 01:32:25 —-D—- C:Program Filestrend micro
2009-06-12 15:34:11 —-D—- C:Documents and SettingsAll UsersApplication DataCrystalIdea Software
2009-06-11 10:19:38 —-A—- C:WINDOWSntbtlog.txt
2009-06-07 16:32:49 —-D—- C:WINDOWSsystem32appmgmt
2009-06-07 16:25:29 —-D—- C:Documents and SettingsAdminApplication DataBinarySense
2009-06-07 16:25:20 —-D—- C:Program FilesCommon FilesBinarySense
2009-06-07 16:25:20 —-D—- C:Program FilesBinarySense
2009-06-07 14:31:07 —-D—- C:Documents and SettingsAdminApplication DataLavasoft
2009-06-07 09:41:09 —-A—- C:WINDOWSModemLog_Nokia N73 USB Modem #3.txt
2009-05-28 14:38:48 —-D—- C:WINDOWSsystem32Filt
2009-05-28 14:38:48 —-D—- C:Program FilesAgnitum
2009-05-28 14:38:48 —-D—- C:Documents and SettingsAdminApplication DataAgnitum
2009-05-28 14:38:12 —-D—- C:Documents and SettingsAll UsersApplication DataAgnitum
2009-05-27 19:41:37 —-D—- C:Program FilesAshampoo
2009-05-20 19:03:29 —-A—- C:WINDOWSModemLog_Nokia N73 USB Modem #2.txt
2009-05-20 18:51:57 —-D—- C:bin
2009-05-20 18:50:47 —-D—- C:Program FilesCommon FilesSonic Shared
2009-05-20 18:49:10 —-D—- C:Program FilesCommon FilesHP
2009-05-20 18:47:15 —-D—- C:Program FilesHewlett-Packard
2009-05-20 18:19:58 —-D—- C:Documents and SettingsAdminApplication DataHP
2009-05-18 09:16:55 —-D—- C:Program FilesAlwil Software
2009-05-18 07:52:17 —-A—- C:WINDOWSModemLog_Nokia N73 USB Modem.txt
2009-05-18 07:51:35 —-D—- C:WINDOWSsystem32LogFiles
2009-05-18 07:51:33 —-N—- C:WINDOWSsystem32spmsg.dll
2009-05-18 07:51:30 —-HDC—- C:WINDOWS$NtUninstallWudf01005$
2009-05-18 07:49:56 —-SHD—- C:WINDOWSftpcache
2009-05-18 07:48:12 —-D—- C:WINDOWSDownloaded Installations
2009-05-18 07:44:34 —-N—- C:WINDOWSsystem32spmsgXP_2k3.dll
2009-05-18 07:44:32 —-HDC—- C:WINDOWS$NtUninstallWdf01007$
2009-05-18 00:53:31 —-A—- C:WINDOWSNeroDigital.ini
2009-05-17 22:44:40 —-A—- C:WINDOWSsystem32hpz3l054.dll
2009-05-17 16:39:44 —-D—- C:Documents and SettingsAdminApplication Datafoobar2000
2009-05-17 16:39:36 —-D—- C:Program Filesfoobar2000
2009-05-17 16:19:06 —-D—- C:Program FilesDVD Shrink
2009-05-17 16:06:53 —-D—- C:Program FilesCommon FilesCyberLink
2009-05-17 16:05:50 —-A—- C:WINDOWSsystem32msxml3a.dll
2009-05-17 15:06:51 —-D—- C:Documents and SettingsAdminApplication DataCyberLink
2009-05-17 15:04:54 —-D—- C:Documents and SettingsAll UsersApplication DataCyberLink
2009-05-17 15:02:51 —-D—- C:Program FilesCyberLink
2009-05-17 14:25:16 —-D—- C:Documents and SettingsAdminApplication DataPRMT
2009-05-17 14:18:03 —-D—- C:WINDOWSspeech
2009-05-17 14:15:03 —-D—- C:WINDOWSLhsp
2009-05-17 14:15:03 —-D—- C:Program FilesPRMT8
2009-05-17 14:15:03 —-D—- C:Documents and SettingsAll UsersApplication DataPRMT
2009-05-17 14:09:40 —-D—- C:Program FilesMSBuild
2009-05-17 14:07:18 —-D—- C:WINDOWSsystem32XPSViewer
2009-05-17 14:07:16 —-D—- C:WINDOWSsystem32en-us
2009-05-17 14:06:42 —-D—- C:Program FilesReference Assemblies
2009-05-17 14:06:24 —-N—- C:WINDOWSsystem32spmsg2.dll
2009-05-17 14:06:24 —-A—- C:WINDOWSsystem32spupdsvc.exe
2009-05-17 13:55:46 —-D—- C:Program FilesKC Softwares
2009-05-17 12:09:50 —-D—- C:Documents and SettingsAdminApplication DataNero
2009-05-17 12:09:23 —-A—- C:WINDOWSsystem32MsiExec.exe.log
2009-05-17 12:06:59 —-D—- C:Program FilesNero
2009-05-17 12:06:59 —-D—- C:Program FilesCommon FilesNero
2009-05-17 12:06:59 —-D—- C:Documents and SettingsAll UsersApplication DataNero
2009-05-17 11:46:20 —-D—- C:Documents and SettingsAdminApplication DataABBYY
2009-05-17 11:41:24 —-D—- C:Program FilesABBYY FineReader 9.0
2009-05-17 11:41:24 —-D—- C:Documents and SettingsAll UsersApplication DataABBYY
2009-05-17 11:39:13 —-D—- C:temp
2009-05-17 09:58:57 —-D—- C:Documents and SettingsAdminApplication DataAltrixSoft
2009-05-17 09:54:50 —-D—- C:Documents and SettingsAll UsersApplication DataDVD Shrink
2009-05-17 09:51:09 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-05-17 09:51:02 —-D—- C:Documents and SettingsAll UsersApplication DataEasy CD-DA Extractor
2009-05-17 09:50:54 —-D—- C:WINDOWSEasy CD-DA Extractor 12
2009-05-17 09:50:54 —-D—- C:Program FilesEasy CD-DA Extractor 12
2009-05-17 09:42:17 —-D—- C:Program FilesWinAVI Video Converter
2009-05-17 09:28:58 —-D—- C:Documents and SettingsAdminApplication DataSkype
2009-05-17 01:17:33 —-D—- C:Documents and SettingsAdminApplication DataXnView
2009-05-17 01:16:44 —-D—- C:Program FilesXnView======List of files/folders modified in the last 1 months======
2009-06-15 20:44:54 —-D—- C:WINDOWSTemp
2009-06-15 18:18:23 —-D—- C:WINDOWSPrefetch
2009-06-15 13:12:56 —-D—- C:WINDOWS
2009-06-15 12:55:55 —-D—- C:WINDOWSsystem32CatRoot2
2009-06-15 12:45:22 —-A—- C:WINDOWSAVerTV.ini
2009-06-15 12:43:00 —-A—- C:WINDOWSSchedLgU.Txt
2009-06-14 15:39:56 —-D—- C:WINDOWSsystem32ShellExt
2009-06-14 01:32:25 —-AD—- C:Program Files
2009-06-12 15:34:19 —-D—- C:WINDOWSsystem32
2009-06-12 11:59:44 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-06-12 11:13:16 —-D—- C:Program FilesAVerTV
2009-06-11 08:48:55 —-D—- C:Documents and SettingsAdminApplication DatauTorrent
2009-06-10 18:54:07 —-SD—- C:WINDOWSTasks
2009-06-10 16:58:23 —-D—- C:WINDOWSRegistration
2009-06-10 07:44:08 —-HD—- C:WINDOWSinf
2009-06-10 00:23:09 —-D—- C:WINDOWSsystem32drivers
2009-06-08 23:15:50 —-HD—- C:Config.Msi
2009-06-08 23:15:50 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-06-08 23:15:49 —-SHD—- C:WINDOWSInstaller
2009-06-08 23:02:48 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-06-07 16:25:20 —-AD—- C:Program FilesCommon Files
2009-06-07 14:28:55 —-SD—- C:Documents and SettingsAdminApplication DataMicrosoft
2009-06-06 01:52:42 —-A—- C:WINDOWSIE4 Error Log.txt
2009-06-05 00:39:41 —-D—- C:Documents and SettingsAdminApplication DataPC Suite
2009-05-29 07:20:00 —-D—- C:WINDOWSsystem32CPLDAPU
2009-05-28 23:23:55 —-SHD—- C:RECYCLER
2009-05-28 20:58:07 —-D—- C:WINDOWSsystem32config
2009-05-28 14:39:13 —-D—- C:WINDOWSsystem32CatRoot
2009-05-28 14:39:04 —-D—- C:WINDOWSWinSxS
2009-05-25 07:33:50 —-D—- C:Documents and SettingsAdminApplication DataWinRAR
2009-05-25 07:32:05 —-D—- C:Program FilesWinRAR
2009-05-21 07:38:31 —-SH—- C:boot.ini
2009-05-21 07:38:31 —-A—- C:WINDOWSwin.ini
2009-05-21 07:38:31 —-A—- C:WINDOWSsystem.ini
2009-05-20 18:53:10 —-D—- C:Program FilesHP
2009-05-20 18:52:07 —-RSD—- C:WINDOWSassembly
2009-05-20 18:50:44 —-RSD—- C:WINDOWSFonts
2009-05-20 18:47:18 —-D—- C:WINDOWStwain_32
2009-05-18 07:50:48 —-D—- C:Documents and SettingsAdminApplication DataNokia
2009-05-18 07:50:47 —-D—- C:Documents and SettingsAll UsersApplication DataPC Suite
2009-05-18 07:49:34 —-D—- C:Program FilesNokia
2009-05-18 07:49:07 —-D—- C:Program FilesWindows Media Player
2009-05-18 07:44:44 —-A—- C:WINDOWSimsins.BAK
2009-05-17 16:06:53 —-HD—- C:Program FilesInstallShield Installation Information
2009-05-17 16:05:25 —-A—- C:WINDOWSsystem32msxml3r.dll
2009-05-17 14:45:07 —-D—- C:WINDOWSMicrosoft.NET
2009-05-17 14:17:29 —-D—- C:WINDOWSmsagent
2009-05-17 14:17:29 —-D—- C:WINDOWSHelp
2009-05-17 14:14:15 —-AD—- C:Program FilesCommon FilesMicrosoft Shared
2009-05-17 14:06:30 —-D—- C:WINDOWSsystem32spool
2009-05-17 14:06:26 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-05-17 13:57:17 —-D—- C:Program FilesCommon FilesAdobe
2009-05-17 12:06:54 —-D—- C:WINDOWSCursors======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Amfilter;A4Tech Mouse Filter Driver; C:WINDOWSsystem32DRIVERSAmfilter.sys [2007-05-15 9216]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
R1 SandBox;SandBox; ??C:WINDOWSsystem32driversSandBox.sys []
R1 VBoxDrv;VirtualBox Service; C:WINDOWSsystem32DRIVERSVBoxDrv.sys [2009-02-16 100560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:WINDOWSsystem32DRIVERSVBoxUSBMon.sys [2009-02-16 41744]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; ??C:Program FilesCyberLinkPowerDVD800.fcl []
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-10-11 62848]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2005-09-15 141312]
R3 AEAudioService;AEAudio Service; C:WINDOWSsystem32driversAEAudio.sys [2005-03-04 127872]
R3 afw;Agnitum firewall driver; C:WINDOWSsystem32DRIVERSafw.sys [2009-02-18 31128]
R3 afwcore;afwcore; C:WINDOWSsystem32driversafwcore.sys [2009-02-10 257432]
R3 ASWFilt;ASWFilt; ??C:WINDOWSsystem32FiltASWFilt.dll []
R3 Cap7134;Cap7134 Capture; C:WINDOWSsystem32DRIVERSAVerM15x.sys [2009-05-12 409120]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-15 144384]
R3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversccdcmb.sys [2009-02-09 17664]
R3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversccdcmbo.sys [2009-02-09 22016]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2009-02-09 6307328]
R3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys [2008-08-26 18816]
R3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2009-05-13 47360]
R3 PhTVTune;Cap7134 TVTuner; C:WINDOWSsystem32DRIVERSM15xTune.sys [2009-05-12 60704]
R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2005-08-11 393088]
R3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2009-02-09 7808]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-14 59520]
R3 usbser;USB Modem Driver; C:WINDOWSsystem32driversusbser.sys [2008-04-14 26112]
R3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2009-02-09 7808]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-14 20608]
R3 VBEngNT;VBEngNT; ??C:WINDOWSsystem32driversVBEngNT.sys []
R3 VBFilt;VBFilt; ??C:WINDOWSsystem32FiltVBFilt.dll []
R3 VBoxNetFlt;VBoxNetFlt Service; C:WINDOWSsystem32DRIVERSVBoxNetFlt.sys [2009-02-16 87568]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:WINDOWSSystem32Driverswdf01000.sys [2008-03-27 503008]
R3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S3 a3kb87qc;a3kb87qc; C:WINDOWSsystem32driversa3kb87qc.sys []
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:WINDOWSsystem32DRIVERSAmusbprt.sys [2007-05-15 14336]
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-14 17024]
S3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:WINDOWSsystem32DRIVERSe1000325.sys [2004-11-22 176128]
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSsystem32DRIVERSHPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSsystem32DRIVERSHPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSsystem32DRIVERSHPZius12.sys [2006-04-13 21568]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-14 15232]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-14 32128]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-14 19200]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service; C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe [2007-11-02 566560]
R2 acssrv;Agnitum Client Security Service; C:PROGRA~1AgnitumOUTPOS~1acs.exe [2009-04-14 1605976]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-05-13 152984]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2008-12-02 877864]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2009-02-09 163908]
R2 O&O Defrag;O&O Defrag; C:WINDOWSsystem32oodag.exe [2009-02-25 1352960]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:WINDOWSsystem32IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2006-03-03 69632]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared filesRichVideo.exe [2007-02-07 173616]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2008-12-12 537896]
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2009-03-04 621056]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 HP Port Resolver;HP Port Resolver; C:WINDOWSsystem32spooldriversw32x863HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:WINDOWSsystem32spooldriversw32x863HPBOID.EXE [2004-10-16 73728]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
EOF
При наведении курсора на какой нибудь файл, папку, ярлык на рабочем столе нажимаю на правую клавишу мыши и вместо окна с выбором действий получаю зависание системы
А если кликнуть на пустом месте рабочего стола, какой результат ?
И проверим ещё одной программой.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.
Добрый день,Валерий!Спасибо за ответ!
Если нажимаешь на пустом месте рабочего стола все работает как и должно работать,а также работает ярлык «Мой компьютер» кликаю правой клавишей все работает, а вот со всеми остальными ярлыками , файлами, папками -зависает!Если не с рабочего стола открываешь правой клавишей, тоже виснет, но там хоть через диспетчера задач снимаешь задачу и не нужно перегружаться. Прилагаю лог Combofix.ComboFix 09-06-17.02 — Admin 18.06.2009 13:10.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1023.563 [GMT 4:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
AV: Outpost Security Suite Pro *On-access scanning disabled* (Updated) {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: Outpost Security Suite Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32IoctlSvc.exe
c:documents and settingsAdminApplication Datainst.exe
c:windowsIE4 Error Log.txt.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_PLFlash_DeviceIoControl_Service
Service_PLFlash DeviceIoControl Service((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.2009-06-17 06:03 . 2009-06-17 06:03 603904 —-a-w- c:windowssystem32TUProgSt.exe
2009-06-17 06:03 . 2009-06-17 06:03 360192 —-a-w- c:windowssystem32TuneUpDefragService.exe
2009-06-17 06:03 . 2008-12-11 09:31 27904 —-a-w- c:windowssystem32uxtuneup.dll
2009-06-17 06:03 . 2009-06-17 06:03
d
w- c:documents and settingsAdminApplication DataTuneUp Software
2009-06-17 06:02 . 2009-06-17 06:02
d
w- c:documents and settingsAll UsersApplication DataTuneUp Software
2009-06-17 06:02 . 2009-06-17 06:05
d
w- c:program filesTuneUp Utilities 2009
2009-06-17 06:02 . 2009-06-17 06:02
d-sh—w- c:documents and settingsAll UsersApplication Data{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-13 21:32 . 2009-06-15 20:59
d
w- C:rsit
2009-06-13 21:32 . 2009-06-15 20:57
d
w- c:program filestrend micro
2009-06-12 11:34 . 2009-06-12 11:34
d
w- c:documents and settingsAll UsersApplication DataCrystalIdea Software
2009-06-12 09:06 . 2009-06-12 09:06
d
w- c:documents and settingsAdminLocal SettingsApplication DataNero
2009-06-07 12:25 . 2009-06-07 12:25
d
w- c:documents and settingsAdminApplication DataBinarySense
2009-06-07 12:25 . 2009-06-08 03:51
d
w- c:program filesCommon FilesBinarySense
2009-06-07 12:25 . 2009-06-07 12:25
d
w- c:program filesBinarySense
2009-06-07 10:31 . 2009-06-08 19:02
d
w- c:documents and settingsAdminApplication DataLavasoft
2009-06-07 07:26 . 2008-04-13 20:15 10368 —-a-w- c:windowssystem32drivershidusb.sys
2009-06-05 10:49 . 2009-06-05 10:49
d
w- c:documents and settingsAdminDoctorWeb
2009-05-28 10:39 . 2009-04-03 11:23 1175256 —-a-w- c:windowssystem32driversVBEngNT.sys
2009-05-28 10:39 . 2009-04-06 07:37 704384 —-a-w- c:windowssystem32driversSandBox.sys
2009-05-28 10:39 . 2009-02-10 12:15 257432 —-a-w- c:windowssystem32driversafwcore.sys
2009-05-28 10:38 . 2009-02-18 13:30 31128 —-a-w- c:windowssystem32driversafw.sys
2009-05-28 10:38 . 2009-06-17 19:34
d
w- c:windowssystem32Filt
2009-05-28 10:38 . 2009-05-28 10:38
d
w- c:program filesAgnitum
2009-05-28 10:38 . 2009-05-28 10:38
d
w- c:documents and settingsAdminApplication DataAgnitum
2009-05-28 10:38 . 2009-05-28 10:38
d
w- c:documents and settingsAll UsersApplication DataAgnitum
2009-05-27 15:41 . 2009-05-27 15:41
d
w- c:program filesAshampoo
2009-05-20 14:51 . 2009-05-20 14:51
d
w- C:bin
2009-05-20 14:50 . 2009-05-20 14:50
d
w- c:program filesCommon FilesSonic Shared
2009-05-20 14:49 . 2009-05-20 14:50
d
w- c:program filesCommon FilesHP
2009-05-20 14:47 . 2009-05-20 14:47
d
w- c:program filesHewlett-Packard
2009-05-20 14:42 . 2009-05-20 14:53 118968 —-a-w- c:windowshpoins11.dat
2009-05-20 14:19 . 2009-05-20 14:53
d
w- c:documents and settingsAdminApplication DataHP.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 08:49 . 2009-05-16 21:17
d
w- c:documents and settingsAdminApplication DataXnView
2009-06-12 07:59 . 2008-04-15 12:00 84660 —-a-w- c:windowssystem32perfc019.dat
2009-06-12 07:59 . 2008-04-15 12:00 485242 —-a-w- c:windowssystem32perfh019.dat
2009-06-12 07:13 . 2009-05-12 13:54
d
w- c:program filesAVerTV
2009-06-12 06:06 . 2009-05-17 12:39
d
w- c:documents and settingsAdminApplication Datafoobar2000
2009-06-11 04:48 . 2009-05-12 15:46
d
w- c:documents and settingsAdminApplication DatauTorrent
2009-06-08 19:15 . 2009-05-12 15:45
d
w- c:program filesCommon FilesWise Installation Wizard
2009-06-07 15:42 . 2009-05-17 05:51
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-06-07 07:42 . 2009-05-12 13:12 86327 —-a-w- c:windowspchealthhelpctrOfflineCacheindex.dat
2009-06-04 20:39 . 2009-05-16 13:44
d
w- c:documents and settingsAdminApplication DataPC Suite
2009-05-24 10:14 . 2009-05-17 05:28
d
w- c:documents and settingsAdminApplication DataSkype
2009-05-20 14:54 . 2009-05-12 13:56 72576 —-a-w- c:documents and settingsAdminLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-05-20 14:53 . 2009-05-12 13:57
d
w- c:program filesHP
2009-05-18 05:16 . 2009-05-18 05:16
d
w- c:program filesAlwil Software
2009-05-18 03:50 . 2009-05-16 13:44
d
w- c:documents and settingsAdminApplication DataNokia
2009-05-18 03:50 . 2009-05-16 13:44
d
w- c:documents and settingsAll UsersApplication DataPC Suite
2009-05-18 03:49 . 2009-05-16 13:43
d
w- c:program filesNokia
2009-05-18 03:44 . 2009-05-18 03:44 0 —ha-w- c:windowssystem32driversMsft_Kernel_ccdcmb_01007.Wdf
2009-05-18 03:44 . 2009-05-18 03:44 0 —ha-w- c:windowssystem32driversMsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-17 12:39 . 2009-05-17 12:39
d
w- c:program filesfoobar2000
2009-05-17 12:20 . 2009-05-17 05:54
d
w- c:documents and settingsAll UsersApplication DataDVD Shrink
2009-05-17 12:19 . 2009-05-17 12:19
d
w- c:program filesDVD Shrink
2009-05-17 12:07 . 2009-05-17 11:06
d
w- c:documents and settingsAdminApplication DataCyberLink
2009-05-17 12:06 . 2009-05-17 12:06
d
w- c:program filesCommon FilesCyberLink
2009-05-17 12:06 . 2009-05-12 13:32
d—h—w- c:program filesInstallShield Installation Information
2009-05-17 12:06 . 2009-05-17 11:02
d
w- c:program filesCyberLink
2009-05-17 12:05 . 2009-05-17 12:05 29480 —-a-w- c:windowssystem32msxml3a.dll
2009-05-17 12:05 . 2008-04-15 12:00 49448 —-a-w- c:windowssystem32msxml3r.dll
2009-05-17 11:05 . 2009-05-17 11:04
d
w- c:documents and settingsAll UsersApplication DataCyberLink
2009-05-17 10:25 . 2009-05-17 10:25
d
w- c:documents and settingsAdminApplication DataPRMT
2009-05-17 10:15 . 2009-05-17 10:15
d
w- c:program filesPRMT8
2009-05-17 10:15 . 2009-05-17 10:15
d
w- c:documents and settingsAll UsersApplication DataPRMT
2009-05-17 10:09 . 2009-05-17 10:09
d
w- c:program filesMSBuild
2009-05-17 10:09 . 2009-05-17 10:09 161328 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2009-05-17 10:06 . 2009-05-17 10:06
d
w- c:program filesReference Assemblies
2009-05-17 09:57 . 2009-05-13 06:38
d
w- c:program filesCommon FilesAdobe
2009-05-17 09:55 . 2009-05-17 09:55
d
w- c:program filesKC Softwares
2009-05-17 08:09 . 2009-05-17 08:09
d
w- c:documents and settingsAdminApplication DataNero
2009-05-17 08:08 . 2009-05-17 08:06
d
w- c:program filesCommon FilesNero
2009-05-17 08:07 . 2009-05-17 08:06
d
w- c:documents and settingsAll UsersApplication DataNero
2009-05-17 08:06 . 2009-05-17 08:06
d
w- c:program filesNero
2009-05-17 07:50 . 2009-05-17 07:41
d
w- c:program filesABBYY FineReader 9.0
2009-05-17 07:46 . 2009-05-17 07:46
d
w- c:documents and settingsAdminApplication DataABBYY
2009-05-17 07:41 . 2009-05-17 07:41
d
w- c:documents and settingsAll UsersApplication DataABBYY
2009-05-17 05:58 . 2009-05-17 05:58
d
w- c:documents and settingsAdminApplication DataAltrixSoft
2009-05-17 05:52 . 2009-05-17 05:50
d
w- c:program filesEasy CD-DA Extractor 12
2009-05-17 05:51 . 2009-05-17 05:51
d
w- c:documents and settingsAll UsersApplication DataEasy CD-DA Extractor
2009-05-17 05:43 . 2009-05-17 05:42
d
w- c:program filesWinAVI Video Converter
2009-05-16 21:16 . 2009-05-16 21:16
d
w- c:program filesXnView
2009-05-16 19:59 . 2009-05-16 19:47
d
w- c:program filesAlcohol Soft
2009-05-16 19:34 . 2009-05-12 15:46
d
w- c:program filesUltraISO
2009-05-16 19:34 . 2009-05-12 15:46
d
w- c:program filesCommon FilesEZB Systems
2009-05-16 19:04 . 2009-05-16 19:04
d
w- c:program filesOO Software
2009-05-16 18:49 . 2009-05-16 18:49
d
w- c:documents and settingsAdminApplication DataMra
2009-05-16 18:49 . 2009-05-16 18:48
d
w- c:program filesMail.Ru
2009-05-16 13:44 . 2009-05-16 13:44
d
w- c:program filesCommon FilesPCSuite
2009-05-16 13:44 . 2009-05-16 13:44
d
w- c:program filesCommon FilesNokia
2009-05-16 13:43 . 2009-05-16 13:43
d
w- c:program filesDIFX
2009-05-16 13:43 . 2009-05-16 13:43
d
w- c:program filesPC Connectivity Solution
2009-05-16 13:42 . 2009-05-16 13:42 8192 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}InstallerCommonCustomActionsUninstCCD.exe
2009-05-16 13:42 . 2009-05-16 13:42 61440 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}InstallerCommonCustomActionsUninstPCSFEMsi.exe
2009-05-16 13:42 . 2009-05-16 13:42 10240 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}InstallerCommonCustomActionsUninstPCS.exe
2009-05-16 13:42 . 2009-05-16 13:42
d
w- c:documents and settingsAll UsersApplication DataInstallations
2009-05-16 03:24 . 2009-05-16 03:24
d
w- c:program filesMediaInfo
2009-05-15 03:38 . 2009-05-15 03:38
d
w- c:documents and settingsAdminApplication DataAshampoo
2009-05-15 03:37 . 2009-05-15 03:37
d
w- c:documents and settingsAll UsersApplication Dataashampoo
2009-05-13 06:40 . 2009-05-13 06:40
d
w- c:documents and settingsAdminApplication DataVso
2009-05-13 06:40 . 2009-05-13 06:40 47360 —-a-w- c:windowssystem32driverspcouffin.sys
2009-05-13 06:40 . 2009-05-13 06:40 47360 —-a-w- c:documents and settingsAdminApplication Datapcouffin.sys
2009-05-13 06:40 . 2009-05-13 06:40 47360 —-a-w- c:documents and settingsAdminApplication Datapcouffin.sys
2009-05-13 06:40 . 2009-05-13 06:40
d
w- c:program filesDVDFab 5
2009-05-12 21:28 . 2009-05-12 21:25
d
w- c:program filesjv16 PowerTools 2009
2009-05-12 21:25 . 2009-05-12 21:25 23 —sha-w- c:windowssystem32cbbefbcaf2_x.dat
2009-05-12 20:40 . 2009-05-12 13:17 410984 —-a-w- c:windowssystem32deploytk.dll
2009-05-12 20:40 . 2009-05-12 20:40
d
w- c:program filesJava
2009-05-12 20:38 . 2009-05-12 20:38
d
w- c:program filesMSECache
2009-05-12 20:28 . 2009-05-12 20:28
d
w- c:program filesLight Alloy
2009-05-12 20:16 . 2009-05-12 20:16
d
w- c:program filesTeamViewer
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:program filesSun xVM VirtualBox
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:program filesSkype
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:program filesuTorrent
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:documents and settingsDefault UserApplication DatauTorrent
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:program filesDownload Master
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:documents and settingsAdminApplication DataDownload Master
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:program filesUnlocker
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:program filesTotal Commander
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:program filesEverest
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:program filesOpera
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:program filesUninstall Tool
2009-05-12 15:45 . 2009-05-12 15:45
d
w- c:program filesTechSmith
2009-05-12 15:45 . 2009-05-12 15:45
d
w- c:documents and settingsAll UsersApplication DataTechSmith
2009-05-12 15:43 . 2009-05-12 15:43
d
w- c:program filesMicrosoft Works
2009-05-12 15:43 . 2009-05-12 15:43
d
w- c:program filesMicrosoft.NET
2009-05-12 15:42 . 2009-05-12 15:42
d
w- c:program filesPunto Switcher
2009-05-12 15:42 . 2009-05-12 15:42
d—a-w- c:documents and settingsAdminApplication DataYandex
2009-05-12 14:43 . 2009-05-12 14:43
d
w- c:documents and settingsAdminApplication DataMedia Player Classic
2009-05-12 14:43 . 2009-05-12 14:42
d
w- c:program filesK-Lite Codec Pack
2009-05-12 14:34 . 2009-05-12 14:34 128 —-a-w- c:documents and settingsAdminLocal SettingsApplication Datafusioncache.dat
2009-05-12 14:10 . 2009-05-12 14:10
d
w- c:documents and settingsAll UsersApplication DataHP
2009-05-12 14:08 . 2009-05-12 14:08
d
w- c:documents and settingsAll UsersApplication DataSonic
.
Sigcheck
[-] 2008-12-19 14:11 631808 A46326FFE00FF90CB9A372B94E571438 c:windowssystem32user32.dll[-] 2008-12-19 14:11 884224 9CA2A8437D6C26D64FCD860A94006401 c:windowssystem32wininet.dll
[-] 2008-12-13 22:30 361600 EC936BB945F789C0B4DAE06397334430 c:windowssystem32driverstcpip.sys
[-] 2008-12-19 14:06 2207232 FC64B5369E3F5A18668D529950ECC29B c:windowssystem32ntkrnlpa.exe
[-] 2008-12-19 14:01 2330368 CE07EC9D1AD64289933C3D94EDEC3215 c:windowssystem32ntoskrnl.exe
[-] 2008-12-19 14:09 1926144 E448E5836FEA2DE06AE6EE1D05874B3C c:windowsexplorer.exe
[-] 2008-12-19 14:09 37376 0DE18690E4223998E471048889F09B8B c:windowssystem32ctfmon.exe
[-] 2008-12-19 14:07 1571840 9C8FB3912BB3A20E7A9A079960EEC0A2 c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-03-23 132096]
«Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-10-30 734504]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-12-19 37376]
«PC Suite Tray»=»c:program filesNokiaNokia PC Suite 7PCSuite.exe» [2009-03-20 1312256]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120axcmd.exe» [2008-09-02 205256]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe» [2008-12-12 1840424]
«TuneUp MemOptimizer»=»c:program filesTuneUp Utilities 2009MemOptimizer.exe» [2008-12-13 157952][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2005-05-20 925696]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-02-09 13680640]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-02-09 86016]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-05-12 148888]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2009-05-16 6210744]
«OODefragTray»=»c:windowssystem32oodtray.exe» [2009-02-25 2553088]
«RemoteControl8″=»c:program filesCyberLinkPowerDVD8PDVD8Serv.exe» [2008-03-20 83240]
«PDVD8LanguageShortcut»=»c:program filesCyberLinkPowerDVD8LanguageLanguage.exe» [2007-12-14 50472]
«BDRegion»=»c:program filesCyberlinkShared Filesbrs.exe» [2008-06-27 91432]
«OutpostMonitor»=»c:progra~1AgnitumOUTPOS~1op_mon.exe» [2009-04-15 1289048]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Security Suite Profeedback.exe» [2009-04-14 433496]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2009-02-09 1657376][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-03-23 132096][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» — c:windowssystem32advpack.dll [2008-12-19 124928]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2008-12-19 124928]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
QuickTV.lnk — c:program filesAVerTVQuickTV.exe [2006-2-21 401408][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *0OODBS[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^HP Digital Imaging Monitor.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаHP Digital Imaging Monitor.lnk
backup=c:windowspssHP Digital Imaging Monitor.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Быстрый запуск HP Photosmart Premier.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаБыстрый запуск HP Photosmart Premier.lnk
backup=c:windowspssБыстрый запуск HP Photosmart Premier.lnkCommon Startup[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=R1 SandBox;SandBox;c:windowssystem32driversSandBox.sys [28.05.2009 14:39 704384]
R1 VBoxDrv;VirtualBox Service;c:windowssystem32driversVBoxDrv.sys [13.05.2009 0:16 100560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:windowssystem32driversVBoxUSBMon.sys [12.05.2009 19:46 41744]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:program filesCyberLinkPowerDVD8000.fcl [27.06.2008 16:50 61424]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:program filesABBYY FineReader 9.0NetworkLicenseServer.exe [02.11.2007 18:58 566560]
R2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [28.05.2009 14:38 1605976]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:windowssystem32TUProgSt.exe [17.06.2009 10:03 603904]
R3 afw;Agnitum firewall driver;c:windowssystem32driversafw.sys [28.05.2009 14:38 31128]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [28.05.2009 14:39 257432]
R3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [28.05.2009 14:39 33888]
R3 PhTVTune;Cap7134 TVTuner;c:windowssystem32driversM15xTune.sys [12.05.2009 17:54 60704]
R3 VBEngNT;VBEngNT;c:windowssystem32driversVBEngNT.sys [28.05.2009 14:39 1175256]
R3 VBFilt;VBFilt;c:windowssystem32FiltVBFilt.dll [28.05.2009 14:39 234304]
R3 VBoxNetFlt;VBoxNetFlt Service;c:windowssystem32driversVBoxNetFlt.sys [13.05.2009 0:16 87568]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
UxTuneUp
.
Contents of the ‘Scheduled Tasks’ folder2009-06-18 c:windowsTasks1-Click Maintenance.job
— c:program filesTuneUp Utilities 2009OneClickStarter.exe [2008-12-11 17:36]2009-06-17 c:windowsTasksWebReg Photosmart C5100 series.job
— c:program filesHPDigital Imagingbinhpqwrg.exe [2006-02-19 01:09]2009-06-18 c:windowsTasksБыстрое решение проблем.job
— c:program filesTuneUp Utilities 2009OneClickStarter.exe [2008-12-11 17:36]
.
— — — — ORPHANS REMOVED — — — —MSConfigStartUp-HDInspector — (no file)
.
Supplementary Scan
.
uStart Page = hxxp://xtreme.ws/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Поиск@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-18 13:18
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001Services{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
«ImagePath»=»??c:program filesCyberLinkPowerDVD8000.fcl»
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(640)
c:windowssystem32SETUPAPI.dll
c:windowssystem32cscui.dll— — — — — — — > ‘lsass.exe'(696)
c:windowssystem32SETUPAPI.dll— — — — — — — > ‘explorer.exe'(3744)
c:windowssystem32SHDOCVW.dll
c:windowssystem32COMRes.dll
c:windowsSystem32cscui.dll
c:program filesPunto Switcherpshook.dll
c:windowssystem32msi.dll
c:windowssystem32SETUPAPI.dll
c:windowssystem32credui.dll
c:windowssystem32MSVCP60.dll
c:windowssystem32wpdshserviceobj.dll
c:program filesNokiaNokia PC Suite 7PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 7NGSCM.DLL
c:program filesNokiaNokia PC Suite 7LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 7ResourcePhoneBrowser_Nokia.ngr
c:windowssystem32portabledevicetypes.dll
c:windowssystem32portabledeviceapi.dll
.
Other Running Processes
.
c:program filesJavajre6binjqs.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:program filesNeroNero8Nero BackItUpNBService.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32oodag.exe
c:windowssystem32HPZipm12.exe
c:program filesCyberLinkShared filesRichVideo.exe
c:program filesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
c:windowssystem32rundll32.exe
c:program filesAgnitumOutpost Security Suite Proop_mon.exe
c:program filesCommon FilesNeroLibNMIndexingService.exe
c:program filesPC Connectivity SolutionServiceLayer.exe
c:program filesPC Connectivity SolutionTransportsNclUSBSrv.exe
c:program filesPC Connectivity SolutionTransportsNclRSSrv.exe
c:windowssystem32WudfHost.exe
c:windowssystem32wbemwmiapsrv.exe
.
**************************************************************************
.
Completion time: 2009-06-18 13:20 — machine was rebooted
ComboFix-quarantined-files.txt 2009-06-18 09:20Pre-Run: 98 732 158 976 байт свободно
Post-Run: 98 636 742 656 байт свободно327
Combofix лог выглядит нормально. Судя по вашему описанию проблема именно в дополнительных пунктах контеккстного меню.
Запустите HijackThis.
Кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующие строки, если они присутствуют:O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Закачать ВСЕ при помощи Download Master - C:Program FilesDownload Masterdmieall.htm
O8 - Extra context menu item: Закачать при помощи Download Master - C:Program FilesDownload Masterdmie.htm
O8 - Extra context menu item: Поиск@Mail.Ru - res://c:program filesmail.rusputnikMailRuSputnik.dll/282
O8 - Extra context menu item: Словари@Mail.Ru - res://c:program filesmail.rusputnikMailRuSputnik.dll/283
O9 - Extra button: Быстрая настройка Outpost Security Suite Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:Program FilesAgnitumOutpost Security Suite Proie_bar.dll
O9 - Extra button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:Program FilesMail.RuAgentmagent.exe
O9 - Extra 'Tools' menuitem: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:Program FilesMail.RuAgentmagent.exe
O9 - Extra button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:Program FilesDownload Masterdmaster.exe
O9 - Extra 'Tools' menuitem: &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:Program FilesDownload Masterdmaster.exe
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
Закройте все запущенные программы (включая InternetExplorer) и окна Windows.
Кликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
Перезагрузите компьютер.Попробуйте открыть контекстное меню теперь. И приложите к вашему ответу свежий HijackThis лог.
Добрый день, Валерий!
Спасибо за ответ. Проблема осталась, только теперь если кликнуть правой клавишей на папку не на рабочем столе все также виснет, я снимаю задачу через диспетчера задач, появляется окно завершение процесса explorer.exe, я завершаю процесс. Процесс завершается и после этого все начинает работать, то есть навожу курсор на папку на рабочем столе, жму на правую клавишу и открывается контексное меню, все работает пробовал несколько раз. Но после выключения,при новом включении или после перезагрузки, проблема опять всплывает и снова пока не проделаешь вышеописанную процедуру система виснет.
Сделал все как вы сказали, вставляю лог.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:01, on 21.06.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32oodag.exe
C:WINDOWSsystem32HPZipm12.exe
C:Program FilesCyberLinkShared filesRichVideo.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32TUProgSt.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesJavajre6binjusched.exe
C:Program FilesMail.RuAgentMAgent.exe
C:WINDOWSsystem32oodtray.exe
C:Program FilesCyberLinkPowerDVD8PDVD8Serv.exe
C:Program FilesCyberlinkShared Filesbrs.exe
C:Program FilesVistaDriveIconVistaDrv.exe
C:Program FilesPunto Switcherpunto.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Program FilesTuneUp Utilities 2009MemOptimizer.exe
C:Program FilesAVerTVQuickTV.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclRSSrv.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSsystem32wuauclt.exe
C:Program Filestrend microHijackThisHijackThis.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://xtreme.ws/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesmail.rusputnikMailRuSputnik.dll
O2 — BHO: SnagIt Toolbar Loader — {00C6482D-C502-44C8-8409-FCE54AD9C208} — C:Program FilesTechSmithSnagit 9SnagitBHO.dll
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — c:program filesmail.rusputnikMailRuSputnik.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: Snagit — {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} — C:Program FilesTechSmithSnagit 9SnagitIEAddin.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesmail.rusputnikMailRuSputnik.dll
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [OODefragTray] C:WINDOWSsystem32oodtray.exe
O4 — HKLM..Run: [RemoteControl8] «C:Program FilesCyberLinkPowerDVD8PDVD8Serv.exe»
O4 — HKLM..Run: [PDVD8LanguageShortcut] «C:Program FilesCyberLinkPowerDVD8LanguageLanguage.exe»
O4 — HKLM..Run: [BDRegion] C:Program FilesCyberlinkShared Filesbrs.exe
O4 — HKLM..Run: [OutpostMonitor] C:PROGRA~1AgnitumOUTPOS~1op_mon.exe /tray /noservice
O4 — HKLM..Run: [OutpostFeedBack] «C:Program FilesAgnitumOutpost Security Suite Profeedback.exe» /dump:os_startup
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherpunto.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [PC Suite Tray] «C:Program FilesNokiaNokia PC Suite 7PCSuite.exe» -onlytray
O4 — HKCU..Run: [AlcoholAutomount] «C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKCU..Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe» ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 — HKCU..Run: [TuneUp MemOptimizer] «C:Program FilesTuneUp Utilities 2009MemOptimizer.exe» autostart
O4 — HKUSS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Global Startup: QuickTV.lnk = C:Program FilesAVerTVQuickTV.exe
O23 — Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) — ABBYY (BIT Software) — C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe
O23 — Service: Agnitum Client Security Service (acssrv) — Agnitum Ltd. — C:PROGRA~1AgnitumOUTPOS~1acs.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: HP Port Resolver — Hewlett-Packard Company — C:WINDOWSsystem32spooldriversw32x863HPBPRO.EXE
O23 — Service: HP Status Server — Hewlett-Packard Company — C:WINDOWSsystem32spooldriversw32x863HPBOID.EXE
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: O&O Defrag — O&O Software GmbH — C:WINDOWSsystem32oodag.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared filesRichVideo.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: TuneUp Drive Defrag Service (TuneUp.Defrag) — TuneUp Software — C:WINDOWSSystem32TuneUpDefragService.exe
O23 — Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) — TuneUp Software — C:WINDOWSSystem32TUProgSt.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 8926 bytes
И подскажите как после использования правильно удалить HijackThis и RSIT. Заранее благодарен!И подскажите как после использования правильно удалить HijackThis и RSIT
RSIT можно просто удалить, стерев сам файл.
Удалить HijackThis можно стандартным способом через панель Добавления/Удаления программ.Проверим ещё одной программой.
Скачайте сканер OTListIt2 кликнув по этой ссылке и сохраните файл на вашем рабочем столе.* Дважды кликните по скачанному файлу.
* Поставьте галочку в пункте «Scan All Users».
* Кликните по кнопке «Run Scan».
* Когда программа закончит работу, будут показаны два лога (OTListIt.txt и Extra.txt).Вставьте оба OTListIt лога в ваш ответ. Каждый лог в отдельное сообщение.
Валерий добрый день! Спасибо за ответ! Вставляю лог
OTL logfile created on: 24.06.2009 18:17:49 — Run 1
OTL by OldTimer — Version 3.0.5.2 Folder = C:Documents and SettingsAdminРабочий стол
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) — Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy1023,23 Mb Total Physical Memory | 544,86 Mb Available Physical Memory | 53,25% Memory free
2,40 Gb Paging File | 1,91 Gb Available in Paging File | 79,54% Paging File free
Paging file location(s): C:pagefile.sys 1536 3072 [binary data]%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 100,27 Gb Total Space | 91,92 Gb Free Space | 91,66% Space Free | Partition Type: NTFS
Drive D: | 100,03 Gb Total Space | 90,41 Gb Free Space | 90,39% Space Free | Partition Type: NTFS
Drive E: | 48,77 Gb Total Space | 17,08 Gb Free Space | 35,03% Space Free | Partition Type: NTFS
Drive F: | 365,72 Gb Total Space | 35,14 Gb Free Space | 9,61% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loadedComputer Name: MICROSOF-299232
Current User Name: Admin
Logged in as Administrator.Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard========== Processes (SafeList) ==========
PRC — [2008.04.15 16:00:00 | 00,050,688 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32smss.exe
PRC — [2008.04.15 16:00:00 | 00,509,440 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32winlogon.exe
PRC — [2008.04.15 16:00:00 | 00,109,056 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32services.exe
PRC — [2008.12.19 18:09:52 | 01,926,144 | —- | M] (Корпорация Майкрософт) — C:WINDOWSExplorer.EXE
PRC — [2007.11.02 18:58:38 | 00,566,560 | —- | M] (ABBYY (BIT Software)) — C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe
PRC — [2009.05.13 00:40:21 | 00,152,984 | —- | M] (Sun Microsystems, Inc.) — C:Program FilesJavajre6binjqs.exe
PRC — [2003.06.19 23:25:00 | 00,322,120 | —- | M] (Microsoft Corporation) — C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
PRC — [2008.12.02 15:29:52 | 00,877,864 | —- | M] (Nero AG) — C:Program FilesNeroNero8Nero BackItUpNBService.exe
PRC — [2009.02.09 13:18:00 | 00,163,908 | —- | M] (NVIDIA Corporation) — C:WINDOWSSystem32nvsvc32.exe
PRC — [2009.02.25 21:59:06 | 01,352,960 | —- | M] (O&O Software GmbH) — C:WINDOWSSystem32oodag.exe
PRC — [2007.02.07 16:29:50 | 00,173,616 | —- | M] () — C:Program FilesCyberLinkShared filesRichVideo.exe
PRC — [2007.05.28 20:57:54 | 00,275,968 | —- | M] (Rocket Division Software) — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
PRC — [2009.06.17 10:03:17 | 00,603,904 | —- | M] (TuneUp Software) — C:WINDOWSSystem32TUProgSt.exe
PRC — [2005.05.20 05:11:06 | 00,925,696 | R— | M] (Analog Devices, Inc.) — C:Program FilesAnalog DevicesCoresmax4pnp.exe
PRC — [2008.04.15 16:00:00 | 00,033,280 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32RUNDLL32.EXE
PRC — [2009.05.13 00:40:21 | 00,148,888 | —- | M] (Sun Microsystems, Inc.) — C:Program FilesJavajre6binjusched.exe
PRC — [2009.05.16 22:49:13 | 06,210,744 | —- | M] (Mail.Ru) — C:Program FilesMail.RuAgentMAgent.exe
PRC — [2009.02.25 21:58:04 | 02,553,088 | —- | M] (O&O Software GmbH) — C:WINDOWSSystem32oodtray.exe
PRC — [2008.03.20 20:23:22 | 00,083,240 | —- | M] (Cyberlink Corp.) — C:Program FilesCyberLinkPowerDVD8PDVD8Serv.exe
PRC — [2008.06.27 16:50:38 | 00,091,432 | —- | M] (cyberlink) — C:Program FilesCyberlinkShared Filesbrs.exe
PRC — [2008.03.23 17:18:06 | 00,132,096 | —- | M] () — C:Program FilesVistaDriveIconVistaDrv.exe
PRC — [2008.10.30 13:56:42 | 00,734,504 | —- | M] (ООО Яндекс) — C:Program FilesPunto Switcherpunto.exe
PRC — [2009.03.20 14:32:32 | 01,312,256 | —- | M] (Nokia) — C:Program FilesNokiaNokia PC Suite 7PCSuite.exe
PRC — [2008.12.12 08:31:10 | 01,840,424 | —- | M] (Nero AG) — C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
PRC — [2008.12.13 13:30:31 | 00,157,952 | —- | M] (TuneUp Software GmbH) — C:Program FilesTuneUp Utilities 2009MemOptimizer.exe
PRC — [2006.02.21 14:11:02 | 00,401,408 | —- | M] (AVerMedia Technologies, Inc.) — C:Program FilesAVerTVQuickTV.exe
PRC — [2008.12.12 08:31:10 | 00,537,896 | —- | M] (Nero AG) — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
PRC — [2009.03.04 11:25:12 | 00,621,056 | —- | M] (Nokia.) — C:Program FilesPC Connectivity SolutionServiceLayer.exe
PRC — [2009.03.09 13:44:12 | 00,130,560 | —- | M] () — C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe
PRC — [2008.11.26 12:35:00 | 00,119,808 | —- | M] () — C:Program FilesPC Connectivity SolutionTransportsNclRSSrv.exe
PRC — [2008.04.15 16:00:00 | 00,126,464 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32wbemwmiapsrv.exe
PRC — [2006.02.19 05:24:52 | 00,239,320 | —- | M] (Hewlett-Packard Development Company, L.P.) — C:Program FilesHPDigital ImagingbinhpqSTE08.exe
PRC — [2006.09.15 23:30:06 | 00,142,848 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32wudfhost.exe
PRC — [2009.03.11 13:06:20 | 00,159,744 | —- | M] (Nokia) — C:Program FilesNokiaNokia PC Suite 7OneTouchAccess.exe
PRC — [2008.12.10 22:32:46 | 00,098,816 | —- | M] (Opera Software) — C:Program FilesOperaopera.exe
PRC — [2009.06.24 18:15:20 | 00,512,512 | —- | M] (OldTimer Tools) — C:Documents and SettingsAdminРабочий столOTL.exe========== Win32 Services (SafeList) ==========
SRV — [2007.11.02 18:58:38 | 00,566,560 | —- | M] (ABBYY (BIT Software)) — C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe — (ABBYY.Licensing.FineReader.Professional.9.0 [Auto | Running])
SRV — [2009.04.14 19:31:08 | 01,605,976 | —- | M] (Agnitum Ltd.) — C:Program FilesAgnitumOutpost Security Suite Proacs.exe — (acssrv [Auto | Running])
SRV — [2008.04.15 16:00:00 | 00,171,008 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32appmgmts.dll — (AppMgmt [On_Demand | Stopped])
SRV — [2007.10.24 03:47:22 | 00,033,800 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe — (aspnet_state [On_Demand | Stopped])
SRV — [2008.04.15 16:00:00 | 00,409,088 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32qmgr.dll — (BITS [On_Demand | Stopped])
SRV — [2007.10.24 03:47:40 | 00,070,144 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe — (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV — [2008.04.15 16:00:00 | 00,126,464 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32dhcpcsvc.dll — (Dhcp [Auto | Running])
SRV — [2008.04.15 16:00:00 | 00,024,064 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32dmserver.dll — (dmserver [Auto | Running])
SRV — [2008.04.15 16:00:00 | 00,045,568 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32dnsrslvr.dll — (Dnscache [Auto | Running])
SRV — [2008.04.15 16:00:00 | 00,109,056 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32services.exe — (Eventlog [Auto | Running])
SRV — [2008.04.15 16:00:00 | 00,135,680 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32shsvcs.dll — (FastUserSwitchingCompatibility [On_Demand | Running])
SRV — [2006.10.20 21:21:24 | 00,036,864 | —- | M] (Microsoft Corporation) — c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe — (FontCache3.0.0.0 [On_Demand | Stopped])
SRV — [2008.04.15 16:00:00 | 00,038,400 | —- | M] (Microsoft Corporation) — C:WINDOWSPCHealthHelpCtrBinariespchsvc.dll — (helpsvc [Auto | Running])
SRV — [2005.05.20 10:37:12 | 00,081,920 | —- | M] (Hewlett-Packard Company) — C:WINDOWSSystem32spooldriversw32x863HPBPRO.EXE — (HP Port Resolver [On_Demand | Stopped])
SRV — [2004.10.16 05:31:06 | 00,073,728 | —- | M] (Hewlett-Packard Company) — C:WINDOWSSystem32spooldriversw32x863HPBOID.EXE — (HP Status Server [On_Demand | Stopped])
SRV — [2006.10.30 03:33:58 | 00,741,376 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe — (idsvc [Unknown | Stopped])
SRV — [2008.04.15 16:00:00 | 00,150,528 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32imapi.exe — (ImapiService [On_Demand | Stopped])
SRV — [2009.05.13 00:40:21 | 00,152,984 | —- | M] (Sun Microsystems, Inc.) — C:Program FilesJavajre6binjqs.exe — (JavaQuickStarterService [Auto | Running])
SRV — [2003.06.19 23:25:00 | 00,322,120 | —- | M] (Microsoft Corporation) — C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE — (MDM [Auto | Running])
SRV — [2008.04.15 16:00:00 | 00,032,768 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32mnmsrvc.exe — (mnmsrvc [Disabled | Stopped])
SRV — [2008.12.02 15:29:52 | 00,877,864 | —- | M] (Nero AG) — C:Program FilesNeroNero8Nero BackItUpNBService.exe — (Nero BackItUp Scheduler 3 [Auto | Running])
SRV — [2008.04.15 16:00:00 | 00,113,664 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32netdde.exe — (NetDDE [Disabled | Stopped])
SRV — [2008.04.15 16:00:00 | 00,113,664 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32netdde.exe — (NetDDEdsdm [Disabled | Stopped])
SRV — [2008.04.15 16:00:00 | 00,198,144 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32netman.dll — (Netman [On_Demand | Running])
SRV — [2006.10.30 03:34:02 | 00,122,880 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe — (NetTcpPortSharing [Disabled | Stopped])
SRV — [2008.12.19 18:01:25 | 00,247,296 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32mswsock.dll — (Nla [On_Demand | Running])
SRV — [2008.12.12 08:31:10 | 00,537,896 | —- | M] (Nero AG) — C:Program FilesCommon FilesNeroLibNMIndexingService.exe — (NMIndexingService [On_Demand | Running])
SRV — [2008.04.15 16:00:00 | 00,436,736 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32ntmssvc.dll — (NtmsSvc [On_Demand | Stopped])
SRV — [2009.02.09 13:18:00 | 00,163,908 | —- | M] (NVIDIA Corporation) — C:WINDOWSSystem32nvsvc32.exe — (NVSvc [Auto | Running])
SRV — [2009.02.25 21:59:06 | 01,352,960 | —- | M] (O&O Software GmbH) — C:WINDOWSSystem32oodag.exe — (O&O Defrag [Auto | Running])
SRV — [2003.07.28 20:28:22 | 00,089,136 | —- | M] (Microsoft Corporation) — C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE — (ose [On_Demand | Stopped])
SRV — [2008.04.15 16:00:00 | 00,109,056 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32services.exe — (PlugPlay [Auto | Running])
SRV — [2006.03.03 21:03:10 | 00,069,632 | —- | M] (HP) — C:WINDOWSSystem32HPZipm12.exe — (Pml Driver HPZ12 [Unknown | Stopped])
SRV — [2008.04.15 16:00:00 | 00,141,824 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32sessmgr.exe — (RDSessMgr [Disabled | Stopped])
SRV — [2007.02.07 16:29:50 | 00,173,616 | —- | M] () — C:Program FilesCyberLinkShared filesRichVideo.exe — (RichVideo [Auto | Running])
SRV — [2008.04.15 16:00:00 | 00,096,768 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32SCardSvr.exe — (SCardSvr [On_Demand | Stopped])
SRV — [2008.04.15 16:00:00 | 00,193,024 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32schedsvc.dll — (Schedule [Auto | Running])
SRV — [2008.04.15 16:00:00 | 00,018,944 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32seclogon.dll — (seclogon [On_Demand | Stopped])
SRV — [2009.03.04 11:25:12 | 00,621,056 | —- | M] (Nokia.) — C:Program FilesPC Connectivity SolutionServiceLayer.exe — (ServiceLayer [On_Demand | Running])
SRV — [2008.12.19 18:01:15 | 00,330,752 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32ipnathlp.dll — (SharedAccess [Auto | Running])
SRV — [2008.04.15 16:00:00 | 00,135,680 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32shsvcs.dll — (ShellHWDetection [Auto | Running])
SRV — [2008.04.15 16:00:00 | 00,171,008 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32srsvc.dll — (srservice [Auto | Running])
SRV — [2007.05.28 20:57:54 | 00,275,968 | —- | M] (Rocket Division Software) — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe — (StarWindServiceAE [Auto | Running])
SRV — [2008.04.15 16:00:00 | 00,333,824 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32wiaservc.dll — (stisvc [Auto | Running])
SRV — [2008.04.15 16:00:00 | 00,091,648 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32smlogsvc.exe — (SysmonLog [On_Demand | Stopped])
SRV — [2008.04.15 16:00:00 | 00,249,856 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32tapisrv.dll — (TapiSrv [On_Demand | Running])
SRV — [2008.04.15 16:00:00 | 00,295,936 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32termsrv.dll — (TermService [On_Demand | Running])
SRV — [2008.04.15 16:00:00 | 00,135,680 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32shsvcs.dll — (Themes [Auto | Running])
SRV — [2008.04.15 16:00:00 | 00,073,216 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32tlntsvr.exe — (TlntSvr [Disabled | Stopped])
SRV — [2009.06.17 10:03:15 | 00,360,192 | —- | M] (TuneUp Software) — C:WINDOWSSystem32TuneUpDefragService.exe — (TuneUp.Defrag [On_Demand | Stopped])
SRV — [2009.06.17 10:03:17 | 00,603,904 | —- | M] (TuneUp Software) — C:WINDOWSSystem32TUProgSt.exe — (TuneUp.ProgramStatisticsSvc [Auto | Running])
SRV — [2008.04.15 16:00:00 | 00,186,368 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32upnphost.dll — (upnphost [On_Demand | Stopped])
SRV — [2008.12.11 13:31:36 | 00,027,904 | —- | M] (TuneUp Software) — C:WINDOWSSystem32uxtuneup.dll — (UxTuneUp [Auto | Running])
SRV — [2008.04.15 16:00:00 | 00,290,304 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32vssvc.exe — (VSS [On_Demand | Stopped])
SRV — [2008.12.19 18:01:52 | 00,175,616 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32w32time.dll — (W32Time [Auto | Running])
SRV — [2008.04.15 16:00:00 | 00,145,408 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32wbemWMIsvc.dll — (winmgmt [Auto | Running])
SRV — [2008.04.15 16:00:00 | 00,687,616 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32advapi32.dll — (Wmi [On_Demand | Stopped])
SRV — [2008.04.15 16:00:00 | 00,126,464 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32wbemwmiapsrv.exe — (WmiApSrv [On_Demand | Running])
SRV — [2006.10.18 21:05:24 | 00,913,408 | —- | M] (Microsoft Corporation) — C:Program FilesWindows Media Playerwmpnetwk.exe — (WMPNetworkSvc [On_Demand | Stopped])
SRV — [2008.12.19 18:06:26 | 00,483,840 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32wzcsvc.dll — (WZCSVC [Auto | Running])========== Driver Services (SafeList) ==========
DRV — [2008.04.15 16:00:00 | 00,188,288 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32DRIVERSACPI.sys — (ACPI [Boot | Running])
DRV — [2008.04.15 16:00:00 | 00,011,776 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversacpiec.sys — (ACPIEC [Disabled | Stopped])
DRV — [2005.09.15 08:56:48 | 00,141,312 | R— | M] (Analog Devices, Inc.) — C:WINDOWSSystem32driversADIHdAud.sys — (ADIHdAudAddService [On_Demand | Running])
DRV — [2005.03.04 16:53:00 | 00,127,872 | R— | M] (Andrea Electronics Corporation) — C:WINDOWSSystem32driversAEAudio.sys — (AEAudioService [On_Demand | Running])
DRV — [2009.02.18 17:30:56 | 00,031,128 | —- | M] (Agnitum Ltd.) — C:WINDOWSSystem32DRIVERSafw.sys — (afw [On_Demand | Running])
DRV — [2009.02.10 16:15:42 | 00,257,432 | —- | M] (Agnitum Ltd.) — C:WINDOWSSystem32driversafwcore.sys — (afwcore [On_Demand | Running])
DRV — [2007.05.15 01:38:22 | 00,009,216 | R— | M] (A4Tech Co.,Ltd.) — C:WINDOWSSystem32DRIVERSAmfilter.sys — (Amfilter [System | Running])
DRV — [2007.05.15 01:41:46 | 00,014,336 | R— | M] (A4Tech Co.,Ltd.) — C:WINDOWSSystem32DRIVERSAmusbprt.sys — (Amusbprt [On_Demand | Stopped])
DRV — [2009.04.06 11:37:46 | 00,033,888 | —- | M] (Agnitum Ltd.) — C:WINDOWSSystem32FiltASWFilt.dll — (ASWFilt [On_Demand | Running])
DRV — [2009.05.12 17:54:32 | 00,409,120 | —- | M] (AVerMedia TECHNOLOGIES, Inc.) — C:WINDOWSSystem32DRIVERSAVerM15x.sys — (Cap7134 [On_Demand | Running])
DRV — [2004.11.22 06:38:40 | 00,176,128 | R— | M] (Intel Corporation) — C:WINDOWSSystem32DRIVERSe1000325.sys — (E1000 [On_Demand | Stopped])
DRV — [2008.04.15 16:00:00 | 00,044,544 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversfips.sys — (Fips [System | Running])
DRV — [2008.04.15 16:00:00 | 00,125,440 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32DRIVERSftdisk.sys — (Ftdisk [Boot | Running])
DRV — [2008.04.15 16:00:00 | 00,144,384 | —- | M] (Windows (R) Server 2003 DDK provider) — C:WINDOWSSystem32DRIVERSHDAudBus.sys — (HDAudBus [On_Demand | Running])
DRV — [2006.04.13 04:04:39 | 00,049,664 | —- | M] (HP) — C:WINDOWSSystem32DRIVERSHPZid412.sys — (HPZid412 [On_Demand | Stopped])
DRV — [2006.04.13 04:04:39 | 00,016,496 | —- | M] (HP) — C:WINDOWSSystem32DRIVERSHPZipr12.sys — (HPZipr12 [On_Demand | Stopped])
DRV — [2006.04.13 04:04:39 | 00,021,568 | —- | M] (HP) — C:WINDOWSSystem32DRIVERSHPZius12.sys — (HPZius12 [On_Demand | Stopped])
DRV — [2008.04.15 16:00:00 | 00,053,120 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32DRIVERSi8042prt.sys — (i8042prt [System | Running])
DRV — [2008.04.15 01:16:18 | 00,005,504 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32DRIVERSintelide.sys — (IntelIde [Boot | Running])
DRV — [2008.04.14 21:17:16 | 00,037,504 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32DRIVERSisapnp.sys — (isapnp [Boot | Running])
DRV — [2008.04.15 16:00:00 | 00,024,832 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32DRIVERSkbdclass.sys — (Kbdclass [System | Running])
DRV — [2008.12.19 18:06:26 | 00,030,208 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversmodem.sys — (Modem [On_Demand | Running])
DRV — [2008.12.19 18:06:26 | 00,023,296 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32DRIVERSmouclass.sys — (Mouclass [System | Running])
DRV — [2009.02.09 07:37:46 | 00,017,664 | —- | M] (Nokia) — C:WINDOWSSystem32driversccdcmb.sys — (nmwcd [On_Demand | Running])
DRV — [2009.02.09 07:37:46 | 00,022,016 | —- | M] (Nokia) — C:WINDOWSSystem32driversccdcmbo.sys — (nmwcdc [On_Demand | Running])
DRV — [2009.02.09 13:18:00 | 06,307,328 | —- | M] (NVIDIA Corporation) — C:WINDOWSSystem32DRIVERSnv4_mini.sys — (nv [On_Demand | Running])
DRV — [2008.12.19 18:06:26 | 00,080,128 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32DRIVERSparport.sys — (Parport [On_Demand | Running])
DRV — [2008.04.15 16:00:00 | 00,006,912 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversparvdm.sys — (ParVdm [Auto | Running])
DRV — [2008.08.26 10:26:12 | 00,018,816 | —- | M] (Nokia) — C:WINDOWSSystem32DRIVERSpccsmcfd.sys — (pccsmcfd [On_Demand | Running])
DRV — [2008.04.14 21:22:30 | 00,068,480 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32DRIVERSpci.sys — (PCI [Boot | Running])
DRV — [2001.10.19 20:32:14 | 00,003,328 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32DRIVERSpciide.sys — (PCIIde [Boot | Running])
DRV — [2008.04.15 16:00:00 | 00,120,192 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driverspcmcia.sys — (Pcmcia [Disabled | Stopped])
DRV — [2009.05.13 10:40:29 | 00,047,360 | —- | M] (VSO Software) — C:WINDOWSSystem32Driverspcouffin.sys — (pcouffin [On_Demand | Running])
DRV — [2009.05.12 17:54:32 | 00,060,704 | —- | M] (AVerMedia TECHNOLOGIES, Inc.) — C:WINDOWSSystem32DRIVERSM15xTune.sys — (PhTVTune [On_Demand | Running])
DRV — [2008.04.15 16:00:00 | 00,017,792 | —- | M] (Parallel Technologies, Inc.) — C:WINDOWSSystem32DRIVERSptilink.sys — (Ptilink [On_Demand | Running])
DRV — [2005.08.19 03:00:00 | 00,046,080 | —- | M] (Sonic Solutions) — C:WINDOWSSystem32DriversPxHelp20.sys — (PxHelp20 [Boot | Running])
DRV — [2008.04.15 01:11:48 | 00,058,368 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32DRIVERSredbook.sys — (redbook [System | Running])
DRV — [2009.04.06 11:37:12 | 00,704,384 | —- | M] (Agnitum Ltd.) — C:WINDOWSSystem32driversSandBox.sys — (SandBox [System | Running])
DRV — [2008.04.15 16:00:00 | 00,020,480 | —- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) — C:WINDOWSSystem32DRIVERSsecdrv.sys — (Secdrv [On_Demand | Stopped])
DRV — [2005.08.11 09:49:28 | 00,393,088 | R— | M] (Sensaura) — C:WINDOWSSystem32driversSenfilt.sys — (SenFiltService [On_Demand | Running])
DRV — [2008.04.15 16:00:00 | 00,065,024 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32DRIVERSserial.sys — (Serial [System | Running])
DRV — [2009.05.12 17:17:24 | 00,717,296 | —- | M] () — C:WINDOWSSystem32Driverssptd.sys — (sptd [Boot | Running])
DRV — [2008.04.15 16:00:00 | 00,073,472 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32DRIVERSsr.sys — (sr [Boot | Running])
DRV — [2009.02.09 07:37:48 | 00,007,808 | —- | M] (Nokia) — C:WINDOWSSystem32DRIVERSusbser_lowerflt.sys — (upperdev [On_Demand | Running])
DRV — [2008.04.14 00:15:38 | 00,026,112 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32driversusbser.sys — (usbser [On_Demand | Running])
DRV — [2009.02.09 07:37:56 | 00,007,808 | —- | M] (Nokia) — C:WINDOWSSystem32DRIVERSusbser_lowerfltj.sys — (UsbserFilt [On_Demand | Running])
DRV — [2009.04.03 15:23:32 | 01,175,256 | —- | M] (VirusBuster Kft.) — C:WINDOWSSystem32driversVBEngNT.sys — (VBEngNT [On_Demand | Running])
DRV — [2009.04.06 11:37:40 | 00,234,304 | —- | M] (Agnitum Ltd.) — C:WINDOWSSystem32FiltVBFilt.dll — (VBFilt [On_Demand | Running])
DRV — [2009.02.16 17:46:56 | 00,100,560 | —- | M] () — C:WINDOWSSystem32DRIVERSVBoxDrv.sys — (VBoxDrv [System | Running])
DRV — [2009.02.16 17:47:00 | 00,087,568 | —- | M] (Windows (R) Server 2003 DDK provider) — C:WINDOWSSystem32DRIVERSVBoxNetFlt.sys — (VBoxNetFlt [On_Demand | Running])
DRV — [2009.02.16 17:47:00 | 00,041,744 | —- | M] (Sun Microsystems, Inc.) — C:WINDOWSSystem32DRIVERSVBoxUSBMon.sys — (VBoxUSBMon [System | Running])
DRV — [2008.04.15 16:00:00 | 00,051,968 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversvolsnap.sys — (VolSnap [Boot | Running])
DRV — [2008.06.27 16:50:32 | 00,061,424 | —- | M] (Cyberlink Corp.) — C:Program FilesCyberLinkPowerDVD800.fcl — ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} [Auto | Running])========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Secondary_Page_URL = [binary data]
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Extensions Off Page = about:NoAdd-ons
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = %SystemRoot%system32blank.htm
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Security Risk Page = about:SecurityRisk
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE — HKLMSOFTWAREMicrosoftInternet ExplorerSearch,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE — HKLMSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmIE — HKU.DEFAULTSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE — HKU.DEFAULTSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE — HKU.DEFAULT.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0IE — HKUS-1-5-18SOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE — HKUS-1-5-18SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE — HKUS-1-5-18S-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0IE — HKUS-1-5-19SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://xtreme.ws/
IE — HKUS-1-5-19S-1-5-19SoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0IE — HKUS-1-5-20SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://xtreme.ws/
IE — HKUS-1-5-20S-1-5-20SoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0IE — HKUS-1-5-21-1715567821-1292428093-1177238915-500SOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsystem32blank.htm
IE — HKUS-1-5-21-1715567821-1292428093-1177238915-500SOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE — HKUS-1-5-21-1715567821-1292428093-1177238915-500SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://xtreme.ws/
IE — URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesmail.rusputnikMailRuSputnik.dll (@Mail.Ru)
IE — HKUS-1-5-21-1715567821-1292428093-1177238915-500S-1-5-21-1715567821-1292428093-1177238915-500SoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0FF — HKLMsoftwaremozillaFirefoxextensions\jqs@sun.com: C:Program FilesJavajre6libdeployjqsff [2009.05.13 00:40:21 | 00,000,000 | —D | M]
FF — HKLMsoftwaremozillaFirefoxextensions\bkmrksync@nokia.com: C:Program FilesNokiaNokia PC Suite 7bkmrksync [2009.05.16 17:44:13 | 00,000,000 | —D | M]O1 HOSTS File: (27 bytes) — C:WINDOWSSystem32driversetcHosts
O1 — Hosts: 127.0.0.1 localhost
O2 — BHO: (SnagIt Toolbar Loader) — {00C6482D-C502-44C8-8409-FCE54AD9C208} — C:Program FilesTechSmithSnagit 9SnagitBHO.dll (TechSmith Corporation)
O2 — BHO: (Adobe PDF Link Helper) — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 — BHO: (MailRuBHO Class) — {8984B388-A5BB-4DF7-B274-77B879E179DB} — c:program filesmail.rusputnikMailRuSputnik.dll (@Mail.Ru)
O2 — BHO: (IE 4.x-6.x BHO for Download Master) — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:Program FilesDownload Masterdmiehlp.dll (WestByte)
O2 — BHO: (Java(tm) Plug-In 2 SSV Helper) — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll (Sun Microsystems, Inc.)
O2 — BHO: (JQSIEStartDetectorImpl Class) — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll (Sun Microsystems, Inc.)
O3 — HKLM..Toolbar: (Спутник@Mail.Ru) — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesmail.rusputnikMailRuSputnik.dll (@Mail.Ru)
O3 — HKLM..Toolbar: (Snagit) — {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} — C:Program FilesTechSmithSnagit 9SnagitIEAddin.dll (TechSmith Corporation)
O3 — HKUS-1-5-21-1715567821-1292428093-1177238915-500..ToolbarShellBrowser: (&Адрес) — {01E04581-4EEE-11D0-BFE9-00AA005B4383} — C:WINDOWSSystem32browseui.dll (Корпорация Майкрософт)
O4 — HKLM..Run: [BDRegion] C:Program FilesCyberlinkShared Filesbrs.exe (cyberlink)
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe (Mail.Ru)
O4 — HKLM..Run: [NvCplDaemon] C:WINDOWSSystem32NvCpl.DLL (NVIDIA Corporation)
O4 — HKLM..Run: [NvMediaCenter] C:WINDOWSSystem32NvMcTray.DLL (NVIDIA Corporation)
O4 — HKLM..Run: [nwiz] C:WINDOWSSystem32nwiz.exe ()
O4 — HKLM..Run: [OODefragTray] C:WINDOWSSystem32oodtray.exe (O&O Software GmbH)
O4 — HKLM..Run: [OutpostFeedBack] C:Program FilesAgnitumOutpost Security Suite Profeedback.exe (Agnitum Ltd.)
O4 — HKLM..Run: [OutpostMonitor] C:Program FilesAgnitumOutpost Security Suite Proop_mon.exe (Agnitum Ltd.)
O4 — HKLM..Run: [PDVD8LanguageShortcut] C:Program FilesCyberLinkPowerDVD8LanguageLanguage.exe ()
O4 — HKLM..Run: [RemoteControl8] C:Program FilesCyberLinkPowerDVD8PDVD8Serv.exe (Cyberlink Corp.)
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe (Analog Devices, Inc.)
O4 — HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre6binjusched.exe (Sun Microsystems, Inc.)
O4 — HKU.DEFAULT..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe ()
O4 — HKUS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe ()
O4 — HKUS-1-5-21-1715567821-1292428093-1177238915-500..Run: [AlcoholAutomount] C:Program FilesAlcohol SoftAlcohol 120axcmd.exe (Alcohol Soft Development Team)
O4 — HKUS-1-5-21-1715567821-1292428093-1177238915-500..Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe (Nero AG)
O4 — HKUS-1-5-21-1715567821-1292428093-1177238915-500..Run: [PC Suite Tray] C:Program FilesNokiaNokia PC Suite 7PCSuite.exe (Nokia)
O4 — HKUS-1-5-21-1715567821-1292428093-1177238915-500..Run: [Punto Switcher] C:Program FilesPunto Switcherpunto.exe (ООО Яндекс)
O4 — HKUS-1-5-21-1715567821-1292428093-1177238915-500..Run: [TuneUp MemOptimizer] C:Program FilesTuneUp Utilities 2009MemOptimizer.exe (TuneUp Software GmbH)
O4 — HKUS-1-5-21-1715567821-1292428093-1177238915-500..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe ()
O4 — HKU.DEFAULT..RunOnce: [IE7_011] File not found
O4 — HKU.DEFAULT..RunOnce: [IE7_012] C:WINDOWSSystem32advpack.DLL (Microsoft Corporation)
O4 — HKU.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] C:WINDOWSSystem32advpack.DLL (Microsoft Corporation)
O4 — HKUS-1-5-18..RunOnce: [IE7_011] File not found
O4 — HKUS-1-5-18..RunOnce: [IE7_012] C:WINDOWSSystem32advpack.DLL (Microsoft Corporation)
O4 — HKUS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] C:WINDOWSSystem32advpack.DLL (Microsoft Corporation)
O4 — Startup: C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузкаQuickTV.lnk = C:Program FilesAVerTVQuickTV.exe (AVerMedia Technologies, Inc.)
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108607
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: dontdisplaylastusername = 0
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: legalnoticecaption =
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: legalnoticetext =
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: shutdownwithoutlogon = 1
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: undockwithoutlogon = 1
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: NoInternetOpenWith = 1
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DisableRegistryTools = 0
O7 — HKU.DEFAULTSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323
O7 — HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoLowDiskSpaceChecks = 1
O7 — HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoRecentDocsMenu = 01 00 00 00 [binary data]
O7 — HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoSMConfigurePrograms = 1
O7 — HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoSMHelp = 1
O7 — HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863
O7 — HKUS-1-5-18SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323
O7 — HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoLowDiskSpaceChecks = 1
O7 — HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoRecentDocsMenu = 01 00 00 00 [binary data]
O7 — HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoSMConfigurePrograms = 1
O7 — HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoSMHelp = 1
O7 — HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863
O7 — HKUS-1-5-19SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 — HKUS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoLowDiskSpaceChecks = 1
O7 — HKUS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoRecentDocsMenu = 01 00 00 00 [binary data]
O7 — HKUS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoSMConfigurePrograms = 1
O7 — HKUS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoSMHelp = 1
O7 — HKUS-1-5-19_ClassesSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-20SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 — HKUS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoLowDiskSpaceChecks = 1
O7 — HKUS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoRecentDocsMenu = 01 00 00 00 [binary data]
O7 — HKUS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoSMConfigurePrograms = 1
O7 — HKUS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoSMHelp = 1
O7 — HKUS-1-5-20_ClassesSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-21-1715567821-1292428093-1177238915-500SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-21-1715567821-1292428093-1177238915-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323
O7 — HKUS-1-5-21-1715567821-1292428093-1177238915-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoLowDiskSpaceChecks = 1
O7 — HKUS-1-5-21-1715567821-1292428093-1177238915-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoRecentDocsMenu = 01 00 00 00 [binary data]
O7 — HKUS-1-5-21-1715567821-1292428093-1177238915-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoSMConfigurePrograms = 1
O7 — HKUS-1-5-21-1715567821-1292428093-1177238915-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoSMHelp = 1
O7 — HKUS-1-5-21-1715567821-1292428093-1177238915-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108543
O7 — HKUS-1-5-21-1715567821-1292428093-1177238915-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O7 — HKUS-1-5-21-1715567821-1292428093-1177238915-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DisableRegistryTools = 0
O7 — HKUS-1-5-21-1715567821-1292428093-1177238915-500_ClassesSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O10 — NameSpace_Catalog5Catalog_Entries00000000001 [] — C:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
O10 — NameSpace_Catalog5Catalog_Entries00000000003 [] — C:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000001 — C:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000002 — C:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000003 — C:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000004 — C:WINDOWSSystem32rsvpsp.dll (Microsoft Corporation)
O10 — Protocol_Catalog9Catalog_Entries00000000005 — C:WINDOWSSystem32rsvpsp.dll (Microsoft Corporation)
O10 — Protocol_Catalog9Catalog_Entries00000000006 — C:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000007 — C:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000008 — C:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000009 — C:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000010 — C:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000011 — C:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000012 — C:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000013 — C:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000014 — C:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000015 — C:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000016 — C:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000017 — C:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
O16 — DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 — DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 — DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O18 — ProtocolHandlerdvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} — C:WINDOWSSystem32msvidctl.dll (Корпорация Майкрософт)
O18 — ProtocolHandlerhttpx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} — C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
O18 — ProtocolHandlerhttpoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} — C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
O18 — ProtocolHandlerhttpsx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} — C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
O18 — ProtocolHandlerhttpsoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} — C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
O18 — ProtocolHandleripp — No CLSID value found
O18 — ProtocolHandlerippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} — C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
O18 — ProtocolHandlermsdaipp — No CLSID value found
O18 — ProtocolHandlermsdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} — C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
O18 — ProtocolHandlermsdaippoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} — C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
O18 — ProtocolHandlerms-itss {0A9007C0-4076-11D3-8789-0000F8105754} — C:Program FilesCommon FilesMicrosoft SharedInformation RetrievalMSITSS.DLL (Microsoft Corporation)
O18 — ProtocolHandlermso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} — C:Program FilesCommon FilesMicrosoft SharedWeb Components10OWC10.DLL (Microsoft Corporation)
O18 — ProtocolHandlermso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} — C:Program FilesCommon FilesMicrosoft SharedWeb Components11OWC11.DLL (Microsoft Corporation)
O18 — ProtocolHandlertv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} — C:WINDOWSSystem32msvidctl.dll (Корпорация Майкрософт)
O18 — ProtocolFilter: — text/webviewhtml — C:WINDOWSSystem32SHELL32.dll (Корпорация Майкрософт)
O18 — ProtocolFilter: — text/xml — C:Program FilesCommon FilesMicrosoft SharedOFFICE11MSOXMLMF.DLL (Microsoft Corporation)
O20 — HKLM Winlogon: Shell — (Explorer.exe) — C:WINDOWSExplorer.exe (Корпорация Майкрософт)
O20 — HKLM Winlogon: UserInit — (C:WINDOWSsystem32userinit.exe) — C:WINDOWSSystem32userinit.exe (Корпорация Майкрософт)
O20 — HKLM Winlogon: UIHost — (logonui.exe) — C:WINDOWSSystem32logonui.exe (Корпорация Майкрософт)
O20 — HKLM Winlogon: VMApplet — (rundll32 shell32) — C:WINDOWSSystem32shell32.dll (Корпорация Майкрософт)
O20 — HKLM Winlogon: VMApplet — (Control_RunDLL «sysdm.cpl») — C:WINDOWSSystem32sysdm.cpl (Корпорация Майкрософт)
O20 — WinlogonNotifycrypt32chain: DllName — crypt32.dll — C:WINDOWSSystem32crypt32.dll (Корпорация Майкрософт)
O20 — WinlogonNotifycscdll: DllName — cscdll.dll — C:WINDOWSSystem32cscdll.dll (Корпорация Майкрософт)
O20 — WinlogonNotifyScCertProp: DllName — wlnotify.dll — C:WINDOWSSystem32wlnotify.dll (Корпорация Майкрософт)
O20 — WinlogonNotifySchedule: DllName — wlnotify.dll — C:WINDOWSSystem32wlnotify.dll (Корпорация Майкрософт)
O20 — WinlogonNotifysclgntfy: DllName — sclgntfy.dll — C:WINDOWSSystem32sclgntfy.dll (Корпорация Майкрософт)
O20 — WinlogonNotifySensLogn: DllName — WlNotify.dll — C:WINDOWSSystem32WlNotify.dll (Корпорация Майкрософт)
O20 — WinlogonNotifytermsrv: DllName — wlnotify.dll — C:WINDOWSSystem32wlnotify.dll (Корпорация Майкрософт)
O20 — WinlogonNotifywlballoon: DllName — wlnotify.dll — C:WINDOWSSystem32wlnotify.dll (Корпорация Майкрософт)
O21 — SSODL: CDBurn — {fbeb8a05-beee-4442-804e-409d6c4515e9} — C:WINDOWSSystem32SHELL32.dll (Корпорация Майкрософт)
O21 — SSODL: SysTray — {35CEC8A3-2BE6-11D2-8773-92E220524153} — C:WINDOWSSystem32stobject.dll (Корпорация Майкрософт)
O22 — SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} — Предзагрузчик Browseui — C:WINDOWSSystem32browseui.dll (Корпорация Майкрософт)
O22 — SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} — Демон кэша категорий компонентов — C:WINDOWSSystem32browseui.dll (Корпорация Майкрософт)
O24 — Desktop Components:0 (Моя текущая домашняя страница) — About:Home
O28 — HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} — Reg Error: Key error. File not found
O29 — HKLM SecurityProviders — (digest.dll) — C:WINDOWSSystem32digest.dll (Корпорация Майкрософт)
O29 — HKLM SecurityProviders — (msnsspc.dll) — C:WINDOWSSystem32msnsspc.dll (Корпорация Майкрософт)
O31 — SafeBoot: AlternateShell — cmd.exe
O32 — HKLM CDRom: AutoRun — 1
O32 — AutoRun File — [2009.05.12 17:13:46 | 00,000,000 | —- | M] () — C:AUTOEXEC.BAT — [ NTFS ]
O34 — HKLM BootExecute: (autocheck) — File not found
O34 — HKLM BootExecute: (autochk) — C:WINDOWSSystem32autochk.exe (Microsoft Corporation)
O34 — HKLM BootExecute: (*) — File not found
O34 — HKLM BootExecute: (OODBS) — C:WINDOWSSystem32OODBS.exe (O&O Software GmbH)========== Files/Folders — Created Within 30 Days ==========
[1 C:WINDOWSSystem32*.tmp files]
[3 C:WINDOWS*.tmp files]
[2009.06.24 18:15:07 | 00,512,512 | —- | C] (OldTimer Tools) — C:Documents and SettingsAdminРабочий столOTL.exe
[2009.06.23 12:48:40 | 00,666,391 | —- | C] () — C:Documents and SettingsAdminРабочий столoldiprr.zip
[2009.06.19 17:57:01 | 00,780,411 | —- | C] () — C:Documents and SettingsAdminРабочий столСистема непрерывной подачи чернил с раздельными картриджами.rar
[2009.06.19 17:10:47 | 00,092,816 | —- | C] () — C:Documents and SettingsAdminРабочий столСистема непрерывной подачи чернил Hewlett packard.rar
[2009.06.19 00:14:42 | 00,000,000 | -HSD | C] — C:RECYCLER
[2009.06.18 13:06:50 | 00,000,000 | —D | C] — C:WINDOWSERDNT
[2009.06.17 18:56:52 | 00,000,308 | —- | C] () — C:WINDOWStasksWebReg Photosmart C5100 series.job
[2009.06.17 10:08:05 | 00,000,506 | —- | C] () — C:WINDOWStasksБыстрое решение проблем.job
[2009.06.17 10:03:17 | 00,603,904 | —- | C] (TuneUp Software) — C:WINDOWSSystem32TUProgSt.exe
[2009.06.17 10:03:15 | 00,360,192 | —- | C] (TuneUp Software) — C:WINDOWSSystem32TuneUpDefragService.exe
[2009.06.17 10:03:15 | 00,027,904 | —- | C] (TuneUp Software) — C:WINDOWSSystem32uxtuneup.dll
[2009.06.17 10:03:14 | 00,000,486 | —- | C] () — C:WINDOWStasks1-Click Maintenance.job
[2009.06.17 10:03:12 | 00,000,000 | —D | C] — C:Documents and SettingsAdminApplication DataTuneUp Software
[2009.06.17 10:03:10 | 00,001,617 | —- | C] () — C:Documents and SettingsAll UsersРабочий столTuneUp 1-Click Maintenance.lnk
[2009.06.17 10:03:10 | 00,001,545 | —- | C] () — C:Documents and SettingsAll UsersРабочий столTuneUp Utilities 2009.lnk
[2009.06.17 10:02:43 | 00,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataTuneUp Software
[2009.06.17 10:02:41 | 00,000,000 | —D | C] — C:Program FilesTuneUp Utilities 2009
[2009.06.17 10:02:27 | 00,000,000 | -HSD | C] — C:Documents and SettingsAll UsersApplication Data{55A29068-F2CE-456C-9148-C869879E2357}
[2009.06.16 00:57:05 | 00,812,344 | —- | C] (Trend Micro Inc.) — C:Documents and SettingsAdminРабочий столHJTInstall.exe
[2009.06.15 12:55:53 | 00,000,000 | —D | C] — C:Documents and SettingsAdminМои документыМои альбомы
[2009.06.14 01:32:25 | 00,000,000 | —D | C] — C:Program Filestrend micro
[2009.06.12 15:34:11 | 00,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataCrystalIdea Software
[2009.06.12 13:06:45 | 00,000,000 | —D | C] — C:Documents and SettingsAdminLocal SettingsApplication DataNero
[2009.06.12 13:03:29 | 00,000,000 | —D | C] — C:Documents and SettingsAdminМои документыNeroVision
[2009.06.07 16:32:49 | 00,000,000 | —D | C] — C:WINDOWSSystem32appmgmt
[2009.06.07 16:25:29 | 00,000,000 | —D | C] — C:Documents and SettingsAdminApplication DataBinarySense
[2009.06.07 16:25:20 | 00,000,000 | —D | C] — C:Program FilesCommon FilesBinarySense
[2009.06.07 16:25:20 | 00,000,000 | —D | C] — C:Program FilesBinarySense
[2009.06.07 14:31:07 | 00,000,000 | —D | C] — C:Documents and SettingsAdminApplication DataLavasoft
[2009.06.07 11:26:19 | 00,010,368 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32drivershidusb.sys
[2009.05.28 14:39:18 | 01,175,256 | —- | C] (VirusBuster Kft.) — C:WINDOWSSystem32driversVBEngNT.sys
[2009.05.28 14:39:17 | 00,704,384 | —- | C] (Agnitum Ltd.) — C:WINDOWSSystem32driversSandBox.sys
[2009.05.28 14:39:10 | 00,257,432 | —- | C] (Agnitum Ltd.) — C:WINDOWSSystem32driversafwcore.sys
[2009.05.28 14:38:57 | 00,000,049 | —- | C] () — C:WINDOWStransp.gif
[2009.05.28 14:38:52 | 00,031,128 | —- | C] (Agnitum Ltd.) — C:WINDOWSSystem32driversafw.sys
[2009.05.28 14:38:48 | 00,000,000 | —D | C] — C:WINDOWSSystem32Filt
[2009.05.28 14:38:48 | 00,000,000 | —D | C] — C:Program FilesAgnitum
[2009.05.28 14:38:48 | 00,000,000 | —D | C] — C:Documents and SettingsAdminApplication DataAgnitum
[2009.05.28 14:38:12 | 00,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataAgnitum
[2009.05.27 19:41:45 | 00,000,846 | —- | C] () — C:Documents and SettingsAll UsersРабочий столAshampoo Burning Studio 2009.lnk
[2009.05.27 19:41:37 | 00,000,000 | —D | C] — C:Program FilesAshampoo
[2009.05.27 13:25:04 | 00,000,000 | —D | C] — C:Documents and SettingsAdminМои документыФайлы Mail.Ru Агента
[2009.05.18 00:53:31 | 00,000,069 | —- | C] () — C:WINDOWSNeroDigital.ini
[2009.05.13 00:16:09 | 00,100,560 | —- | C] () — C:WINDOWSSystem32driversVBoxDrv.sys
[2009.05.12 19:45:19 | 00,000,394 | —- | C] () — C:WINDOWSODBC.INI
[2009.05.12 18:43:03 | 00,168,448 | —- | C] () — C:WINDOWSSystem32unrar.dll
[2009.05.12 18:43:01 | 00,795,648 | —- | C] () — C:WINDOWSSystem32xvidcore.dll
[2009.05.12 18:43:00 | 03,596,288 | —- | C] () — C:WINDOWSSystem32qt-dx331.dll
[2009.05.12 18:43:00 | 00,130,048 | —- | C] () — C:WINDOWSSystem32xvidvfw.dll
[2009.05.12 18:42:59 | 00,084,480 | —- | C] () — C:WINDOWSSystem32ff_vfw.dll
[2009.05.12 18:42:59 | 00,000,547 | —- | C] () — C:WINDOWSSystem32ff_vfw.dll.manifest
[2009.05.12 17:28:34 | 00,015,327 | —- | C] () — C:WINDOWSAscd_tmp.ini
[2009.05.12 17:28:31 | 00,005,824 | —- | C] () — C:WINDOWSSystem32driversASUSHWIO.SYS
[2009.05.12 17:17:23 | 00,717,296 | —- | C] () — C:WINDOWSSystem32driverssptd.sys
[2009.05.12 17:17:19 | 00,000,951 | —- | C] () — C:WINDOWSSystem32oeminfo.ini
[2009.05.12 17:14:23 | 00,271,264 | —- | C] () — C:WINDOWSSystem32vbrun100.dll
[2009.05.12 17:14:23 | 00,210,944 | —- | C] () — C:WINDOWSSystem32msvcrt10.dll
[2009.05.12 17:14:23 | 00,059,904 | —- | C] () — C:WINDOWSSystem32zlib1.dll
[2008.04.15 16:00:00 | 00,000,658 | —- | C] () — C:WINDOWSwin.ini
[2008.04.15 16:00:00 | 00,000,227 | —- | C] () — C:WINDOWSsystem.ini
[2007.03.12 21:31:28 | 01,732,608 | —- | C] () — C:WINDOWSSystem32BCGPStyle2007Luna.dll
[2006.01.04 13:12:04 | 00,077,824 | —- | C] () — C:WINDOWSSystem32HPZIDS01.dll
[2005.09.02 10:45:36 | 00,008,366 | —- | C] () — C:WINDOWSAVerTV.ini
[2005.06.16 05:20:00 | 01,724,416 | —- | C] () — C:WINDOWSSystem32nvwdmcpl.dll
[2005.06.16 05:20:00 | 01,507,328 | —- | C] () — C:WINDOWSSystem32nview.dll
[2005.06.16 05:20:00 | 01,101,824 | —- | C] () — C:WINDOWSSystem32nvwimg.dll
[2005.06.16 05:20:00 | 00,540,672 | —- | C] () — C:WINDOWSSystem32nvhwvid.dll
[2005.06.16 05:20:00 | 00,466,944 | —- | C] () — C:WINDOWSSystem32nvshell.dll
[2003.04.10 13:43:32 | 00,005,412 | —- | C] () — C:WINDOWSSystem32OUTLPERF.INI
[2001.07.07 03:00:02 | 00,003,249 | —- | C] () — C:WINDOWSSystem32HPTCPMON.INI========== Files — Modified Within 30 Days ==========
[1 C:WINDOWSSystem32*.tmp files]
[3 C:WINDOWS*.tmp files]
[2009.06.24 18:15:20 | 00,512,512 | —- | M] (OldTimer Tools) — C:Documents and SettingsAdminРабочий столOTL.exe
[2009.06.24 18:00:01 | 00,000,506 | —- | M] () — C:WINDOWStasksБыстрое решение проблем.job
[2009.06.24 18:00:01 | 00,000,486 | —- | M] () — C:WINDOWStasks1-Click Maintenance.job
[2009.06.24 13:51:26 | 00,000,027 | —- | M] () — C:WINDOWSSystem32driversetchosts
[2009.06.24 12:41:20 | 00,200,866 | —- | M] () — C:WINDOWSSystem32nvapps.xml
[2009.06.24 12:41:15 | 00,008,366 | —- | M] () — C:WINDOWSAVerTV.ini
[2009.06.24 12:40:58 | 00,000,006 | -H— | M] () — C:WINDOWStasksSA.DAT
[2009.06.24 12:40:56 | 00,002,206 | —- | M] () — C:WINDOWSSystem32wpa.dbl
[2009.06.24 12:40:54 | 00,002,048 | —S- | M] () — C:WINDOWSbootstat.dat
[2009.06.24 12:40:51 | 00,155,794 | —- | M] () — C:WINDOWSSystem32oodbs.lor
[2009.06.23 22:05:06 | 00,077,824 | —- | M] () — C:Documents and SettingsAdminLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.23 13:43:50 | 00,000,069 | —- | M] () — C:WINDOWSNeroDigital.ini
[2009.06.23 12:53:13 | 00,666,391 | —- | M] () — C:Documents and SettingsAdminРабочий столoldiprr.zip
[2009.06.23 00:55:17 | 00,000,051 | —- | M] () — C:Documents and SettingsAdminApplication Datadefault.pls
[2009.06.19 17:57:10 | 00,780,411 | —- | M] () — C:Documents and SettingsAdminРабочий столСистема непрерывной подачи чернил с раздельными картриджами.rar
[2009.06.19 17:10:47 | 00,092,816 | —- | M] () — C:Documents and SettingsAdminРабочий столСистема непрерывной подачи чернил Hewlett packard.rar
[2009.06.18 13:18:54 | 00,000,227 | —- | M] () — C:WINDOWSsystem.ini
[2009.06.17 18:56:53 | 00,000,308 | —- | M] () — C:WINDOWStasksWebReg Photosmart C5100 series.job
[2009.06.17 10:03:17 | 00,603,904 | —- | M] (TuneUp Software) — C:WINDOWSSystem32TUProgSt.exe
[2009.06.17 10:03:15 | 00,360,192 | —- | M] (TuneUp Software) — C:WINDOWSSystem32TuneUpDefragService.exe
[2009.06.17 10:03:10 | 00,001,617 | —- | M] () — C:Documents and SettingsAll UsersРабочий столTuneUp 1-Click Maintenance.lnk
[2009.06.17 10:03:10 | 00,001,545 | —- | M] () — C:Documents and SettingsAll UsersРабочий столTuneUp Utilities 2009.lnk
[2009.06.16 00:57:19 | 00,812,344 | —- | M] (Trend Micro Inc.) — C:Documents and SettingsAdminРабочий столHJTInstall.exe
[2009.06.12 11:59:44 | 01,097,152 | —- | M] () — C:WINDOWSSystem32PerfStringBackup.INI
[2009.06.12 11:59:44 | 00,485,242 | —- | M] () — C:WINDOWSSystem32perfh019.dat
[2009.06.12 11:59:44 | 00,441,760 | —- | M] () — C:WINDOWSSystem32perfh009.dat
[2009.06.12 11:59:44 | 00,084,660 | —- | M] () — C:WINDOWSSystem32perfc019.dat
[2009.06.12 11:59:44 | 00,071,444 | —- | M] () — C:WINDOWSSystem32perfc009.dat
[2009.05.28 14:32:27 | 00,005,709 | —- | M] () — C:WINDOWSSystem32CONFIG.NT
[2009.05.27 19:41:45 | 00,000,846 | —- | M] () — C:Documents and SettingsAll UsersРабочий столAshampoo Burning Studio 2009.lnk========== Alternate Data Streams ==========
@Alternate Data Stream — 108 bytes -> C:Documents and SettingsAll UsersApplication DataTEMP:2BE9FEFC
А теперь Extras
OTL Extras logfile created on: 24.06.2009 18:17:49 — Run 1
OTL by OldTimer — Version 3.0.5.2 Folder = C:Documents and SettingsAdminРабочий стол
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) — Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy1023,23 Mb Total Physical Memory | 544,86 Mb Available Physical Memory | 53,25% Memory free
2,40 Gb Paging File | 1,91 Gb Available in Paging File | 79,54% Paging File free
Paging file location(s): C:pagefile.sys 1536 3072 [binary data]%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 100,27 Gb Total Space | 91,92 Gb Free Space | 91,66% Space Free | Partition Type: NTFS
Drive D: | 100,03 Gb Total Space | 90,41 Gb Free Space | 90,39% Space Free | Partition Type: NTFS
Drive E: | 48,77 Gb Total Space | 17,08 Gb Free Space | 35,03% Space Free | Partition Type: NTFS
Drive F: | 365,72 Gb Total Space | 35,14 Gb Free Space | 9,61% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loadedComputer Name: MICROSOF-299232
Current User Name: Admin
Logged in as Administrator.Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINESOFTWAREClasses]
.chm [@ = chm.file] — C:WINDOWShh.exe (Microsoft Corporation)
.cpl [@ = cplfile] — C:WINDOWSSystem32shell32.DLL (Корпорация Майкрософт)
.hlp [@ = hlpfile] — C:WINDOWSSystem32winhlp32.exe (Корпорация Майкрософт)
.html [@ = Opera.HTML] — C:Program FilesOperaopera.exe (Opera Software)
.inf [@ = inffile] — C:WINDOWSSystem32NOTEPAD.EXE (Корпорация Майкрософт)
.ini [@ = inifile] — C:WINDOWSSystem32NOTEPAD.EXE (Корпорация Майкрософт)
.reg [@ = regfile] — C:WINDOWSregedit.exe (Корпорация Майкрософт)
.txt [@ = txtfile] — C:WINDOWSSystem32NOTEPAD.EXE (Корпорация Майкрософт)========== Security Center Settings ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
«FirstRunDisabled» = 1
«FirewallDisableNotify» = 0
«FirewallOverride» = 1
«UpdatesDisableNotify» = 1
«UpdatesOverride» = 1
«AntiVirusDisableNotify» = 0
«AntiVirusOverride» = 1[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]
«EnableFirewall» = 0[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
«EnableFirewall» = 0[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
[2008.04.15 16:00:00 | 00,558,080 | —- | M] (Microsoft Corporation) — %windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008.04.15 16:00:00 | 00,141,824 | —- | M] (Корпорация Майкрософт) — %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
[2008.04.15 16:00:00 | 00,558,080 | —- | M] (Microsoft Corporation) — %windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008.04.15 16:00:00 | 00,141,824 | —- | M] (Корпорация Майкрософт) — %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}» = Nokia N73 highlights
«{0A65A3BD-54B5-4d0d-B084-7688507813F5}» = SlideShow
«{15095BF3-A3D7-4DDF-B193-3A496881E003}» = Microsoft .NET Framework 3.0
«{15C0AF59-4877-49B6-B8C6-A61CE54515F5}» = cp_OnlineProjectsConfig
«{1A9DEF19-760C-4e01-958F-D9B8E6C61B90}» = c5100_Help
«{1CA7ACD6-B21B-4240-AA05-4FC55F6E1049}» = Nero 8
«{212748BB-0DA5-46DE-82A1-403736DC9F27}» = MSVC80_x86
«{2376813B-2E5A-4641-B7B3-A0D5ADB55229}» = HPPhotoSmartExpress
«{26A24AE4-039D-4CA4-87B4-2F83216012FF}» = Java(TM) 6 Update 12
«{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}» = Microsoft .NET Framework 1.1 Russian Language Pack
«{2F58D60D-2BFD-4467-9B4D-64E7355C329D}» = Sonic_PrimoSDK
«{307BD415-B3E6-4E60-962A-FEF793237322}» = PowerDVD
«{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}» = SkinsHP1
«{350C9419-3D7C-4EE8-BAA9-00BCB3D54227}» = WebFldrs XP
«{363790D2-DA98-41DD-9C9F-69FA36B169DE}» = PanoStandAlone
«{388E4B09-3E71-4649-8921-F44A3A2954A7}» = Microsoft Visual Studio 2005 Tools for Office Runtime
«{3921A67A-5AB1-4E48-9444-C71814CF3027}» = VCRedistSetup
«{41E776A5-9B12-416D-9A12-B4F7B044EBED}» = CP_Package_Basic1
«{45B8A76B-57EC-4242-B019-066400CD8428}» = BufferChm
«{491DD792-AD81-429C-9EB4-86DD3D22E333}» = Windows Communication Foundation
«{4EA684E9-5C81-4033-A696-3019EC57AC3A}» = HPProductAssistant
«{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}» = FullDPAppQFolder
«{55A29068-F2CE-456C-9148-C869879E2357}» = TuneUp Utilities 2009
«{56C049BE-79E9-4502-BEA7-9754A3E60F9B}» = neroxml
«{59359B3D-ABE7-46BF-AB55-43B67A64DC68}» = Nokia MTP driver
«{66910000-8B30-4973-A159-6371345AFFA5}» = WebReg
«{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}» = RandMap
«{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}» = eSupportQFolder
«{68763C27-235D-4165-A961-FDEA228CE504}» = AiOSoftwareNPI
«{6909F917-5499-482e-9AA1-FAD06A99F231}» = Toolbox
«{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}» = CustomerResearchQFolder
«{7299052b-02a4-4627-81f2-1818da5d550d}» = Microsoft Visual C++ 2005 Redistributable
«{736C803C-DD3B-4015-BC51-AFB9E67B9076}» = Readme
«{73E30715-9EC4-4DAE-BE67-64500AEB8012}» = Nokia Nseries Skin for Microsoft Windows Media Player
«{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}» = Nokia PC Suite
«{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}» = Nokia themes for your device
«{7C03270C-4FAB-4F5C-B10D-52FEDA190790}» = DocumentViewerQFolder
«{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}» = Windows Workflow Foundation
«{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}» = ProductContextNPI
«{82427977-8776-4087-90CA-9F65174D3C4D}» = Nokia Connectivity Cable Driver
«{8331C3EA-0C91-43AA-A4D4-27221C631139}» = Status
«{87E2B986-07E8-477a-93DC-AF0B6758B192}» = DocProcQFolder
«{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}» = DocProc
«{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}» = Unload
«{8DF56C91-281F-4C15-B954-F45FDC919568}» = AVerTV
«{90110419-6000-11D3-8CFE-0150048383C9}» = Microsoft Office — профессиональный выпуск версии 2003
«{90120000-0020-0419-0000-0000000FF1CE}» = Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office
«{996512CF-F35B-48DE-9291-557FA5316967}» = ScannerCopy
«{9A25302D-30C0-39D9-BD6F-21E6EC160475}» = Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.17
«{9FD06147-BA7E-44F5-B5E8-B4F562A62098}» = Sun xVM VirtualBox
«{A29800BA-0BF1-4E63-9F31-DF05A87F4104}» = InstantShareDevices
«{A4F761F7-FBC8-49BF-BC37-15550C3EAA85}» = PROMT Expert 8 Giant Try-Buy
«{AB5D51AE-EBC3-438D-872C-705C7C2084B0}» = DeviceManagementQFolder
«{AC76BA86-7AD7-1049-7B44-A91000000001}» = Adobe Reader 9.1.1 — Russian
«{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}» = cp_PosterPrintConfig
«{B3B9BC18-2A09-4728-9B46-12E85FF3F628}» = C5100
«{B508B3F1-A24A-32C0-B310-85786919EF28}» = Microsoft .NET Framework 2.0 Service Pack 1
«{B6286A44-7505-471A-A72B-04EC2DB2F442}» = CueTour
«{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}» = CP_Panorama1Config
«{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}» = PC Connectivity Solution
«{BAF78226-3200-4DB4-BE33-4D922A799840}» = Windows Presentation Foundation
«{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}» = HP Software Update
«{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}» = HP Photosmart, Officejet and Deskjet 7.0.A
«{C1C6767D-B395-43CB-BF99-051B58B86DA6}» = PhotoGallery
«{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}» = SolutionCenter
«{C8753E28-2680-49BF-BD48-DD38FD086EFE}» = AiO_Scan_CDA
«{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}» = Microsoft .NET Framework 1.1
«{DBC20735-34E6-4E97-A9E5-2066B66B243D}» = TrayApp
«{E1B80DEE-A795-4258-8445-074C06AE3AB8}» = MarketResearch
«{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}» = CP_CalendarTemplates1
«{F0A37341-D692-11D4-A984-009027EC0A9C}» = SoundMAX
«{F157460F-720E-482f-8625-AD7843891E5F}» = InstantShareDevicesMFC
«{F20A984B-9B30-4A9E-A3AC-918AF0D85A48}» = Snagit 9.1.1
«{F3760724-B29D-465B-BC53-E5D72095BCC4}» = Scan
«{F4D0F248-2BF7-4912-814E-4FD751923838}» = Microsoft .NET Framework 2.0 Language Pack — RUS
«{F530581E-12FE-43B4-A28D-E5257AAD63E6}» = O&O Defrag Professional
«{F6076EF9-08E1-442F-B6A2-BFB61B295A14}» = Fax_CDA
«{F9000000-0001-0000-0000-074957833700}» = ABBYY FineReader 9.0 Professional Edition
«{FB15E224-67C3-491F-9F5C-F257BC418412}» = Destinations
«{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}» = NewCopy_CDA
«{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}» = DocumentViewer
«{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}» = Microsoft Visual C++ 2008 Redistributable — x86 9.0.21022
«504244733D18C8F63FF584AEB290E3904E791693» = Пакет драйверов Windows — Nokia pccsmcfd (08/22/2008 7.0.0.0)
«Adobe Flash Player ActiveX» = Adobe Flash Player 10 ActiveX
«Adobe Flash Player Plugin» = Adobe Flash Player 10 Plugin
«Agnitum Outpost Security Suite Pro_is1» = Outpost Security Suite Pro
«Ashampoo Burning Studio 2009_is1» = Ashampoo Burning Studio 2009
«CDClose» = CDClose
«D978F69D5F15B845BD6BC6F8BF9BCD36982A2087» = Пакет драйверов Windows — Nokia Modem (02/24/2009 4.0)
«Download Master_is1» = Download Master 5.5.9.1157
«DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1» = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
«E7F682214B951640C9C539C41FDA1A7F836FF7B6» = Пакет драйверов Windows — Nokia Modem (02/23/2009 7.01.0.2)
«Easy CD-DA Extractor 12» = Easy CD-DA Extractor 12
«Everest» = Everest
«foobar2000» = foobar2000 v0.9.6.1
«HashTab» = HashTab 2.1.0
«HP Document Viewer» = HP Document Viewer 7.0
«HP Imaging Device Functions» = HP Imaging Device Functions 7.0
«HP Photo & Imaging» = HP Photosmart Premier Software 6.5
«HP Solution Center & Imaging Support Tools» = HP Solution Center 7.0
«HPExtendedCapabilities» = HP Customer Participation Program 7.0
«HPOCR» = OCR Software by I.R.I.S 7.0
«InstallShield_{307BD415-B3E6-4E60-962A-FEF793237322}» = CyberLink PowerDVD 8
«InstallShield_{8DF56C91-281F-4C15-B954-F45FDC919568}» = AVerTV
«jv16 PowerTools 2009_is1» = jv16 PowerTools 2009
«KC Softwares VideoInspector_is1» = KC Softwares VideoInspector
«KLiteCodecPack_is1» = K-Lite Mega Codec Pack 4.8.0
«LHTTSFRF» = L&H TTS3000 Franзais
«LHTTSGED» = L&H TTS3000 Deutsch
«LHTTSITI» = L&H TTS3000 Italiano
«LHTTSRUR» = L&H TTS3000 Russian
«LHTTSSPE» = L&H TTS3000 Espaсol
«Light Alloy» = Light Alloy 4.4 (build 794)
«MailRuSputnik» = Mail.Ru Спутник 2.0.1.90
«MediaInfo» = MediaInfo 0.7.11
«Microsoft .NET Framework 1.1 (1033)» = Microsoft .NET Framework 1.1
«Microsoft .NET Framework 3.0» = Microsoft .NET Framework 3.0
«Microsoft Visual Studio 2005 Tools for Office Runtime» = еда выполнения Visual Studio 2005 Tools for Office, второй выпуск
«MRA» = Mail.Ru Агент 5.4 (сборка 2645, для всех пользователей)
«Nokia PC Suite» = Nokia PC Suite
«NVIDIA Drivers» = NVIDIA Drivers
«Opera 9.63» = Opera 9.63
«PROSet» = Intel(R) PRO Network Connections Drivers
«Skype» = Skype
«TeamViewer 4.0.5543» = TeamViewer 4.0.5543
«Total Commander7.04a» = Total Commander7.04a
«tv_enua» = Lernout & Hauspie TruVoice American English TTS Engine
«UltraISO_is1» = UltraISO Premium V9.33
«Uninstall Tool_is1» = Uninstall Tool 2.7.1.4932
«Unlocker» = Unlocker
«uTorrent» = uTorrent 1.8.2 b14458
«Vista Drive Icon_addon» = Vista Drive Icon
«Wdf01007» = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
«WinAVI Video Converter_is1» = WinAVI Video Converter
«WinRAR archiver» = Архиватор WinRAR
«XnView_is1» = XnView 1.95.4
«XpsEPSC» = XML Paper Specification Shared Components Pack 1.0
«Дополнительные апплеты_is1» = Дополнительные апплеты========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«uTorrent» = µTorrent========== Last 10 Event Log Errors ==========
[ Application Events ]
Error — 12.05.2009 9:17:54 | Computer Name = MICROSOF-299232 | Source = .NET Runtime Optimization Service | ID = 1111
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
— Service reached limit of transient errors. Will shut down. Last error returned
from Service Manager: 0x800736b1.Error — 12.05.2009 9:17:54 | Computer Name = MICROSOF-299232 | Source = PerfNet | ID = 2004
Description = Не удалось открыть службу сервера. Данные производительности сервера
не будут возвращены. В данных находится возвращенный код ошибки — в DWORD 0.Error — 17.05.2009 6:06:15 | Computer Name = MICROSOF-299232 | Source = MsiInstaller | ID = 11931
Description = Product: MSXML 6.0 Parser (KB925673) — Error 1931. The Windows Installer
service cannot update the system file c:WINDOWSsystem32msxml6r.dll because the
file is protected by Windows. You may need to update your operating system for
this program to work correctly. Package version: 6.0.3883.0, OS Protected version:
6.0.3883.0[ System Events ]
Error — 17.05.2009 7:13:24 | Computer Name = MICROSOF-299232 | Source = DCOM | ID = 10005
Description = Ошибка DCOM «%1058» при попытке запуска службы wuauserv с аргументами
«» для запуска сервера: {E60687F7-01A1-40AA-86AC-DB1CBF673334}Error — 17.05.2009 7:14:07 | Computer Name = MICROSOF-299232 | Source = DCOM | ID = 10005
Description = Ошибка DCOM «%1058» при попытке запуска службы wuauserv с аргументами
«» для запуска сервера: {E60687F7-01A1-40AA-86AC-DB1CBF673334}Error — 17.05.2009 7:18:57 | Computer Name = MICROSOF-299232 | Source = DCOM | ID = 10005
Description = Ошибка DCOM «%1058» при попытке запуска службы wuauserv с аргументами
«» для запуска сервера: {E60687F7-01A1-40AA-86AC-DB1CBF673334}Error — 18.05.2009 1:12:13 | Computer Name = MICROSOF-299232 | Source = DCOM | ID = 10005
Description = Ошибка DCOM «%1058» при попытке запуска службы wuauserv с аргументами
«» для запуска сервера: {E60687F7-01A1-40AA-86AC-DB1CBF673334}Error — 18.05.2009 1:13:00 | Computer Name = MICROSOF-299232 | Source = Service Control Manager | ID = 7006
Description = Сбой при вызове ScRegSetValueExW для DeleteFlag из-за ошибки %%5Error — 20.05.2009 10:29:23 | Computer Name = MICROSOF-299232 | Source = DCOM | ID = 10005
Description = Ошибка DCOM «%1058» при попытке запуска службы wuauserv с аргументами
«» для запуска сервера: {E60687F7-01A1-40AA-86AC-DB1CBF673334}Error — 20.05.2009 10:45:58 | Computer Name = MICROSOF-299232 | Source = Service Control Manager | ID = 7034
Description = Служба «HP Port Resolver» неожиданно прервана. Это произошло (раз):
1.Error — 27.05.2009 11:39:05 | Computer Name = MICROSOF-299232 | Source = DCOM | ID = 10005
Description = Ошибка DCOM «%1058» при попытке запуска службы wuauserv с аргументами
«» для запуска сервера: {E60687F7-01A1-40AA-86AC-DB1CBF673334}Error — 27.05.2009 15:05:15 | Computer Name = MICROSOF-299232 | Source = Cdrom | ID = 262151
Description = Неверный блок на устройстве DeviceCdRom2.Error — 28.05.2009 6:31:46 | Computer Name = MICROSOF-299232 | Source = DCOM | ID = 10005
Description = Ошибка DCOM «%1058» при попытке запуска службы wuauserv с аргументами
«» для запуска сервера: {E60687F7-01A1-40AA-86AC-DB1CBF673334}Лог выглядит нормально.
Попробуйте программу ShellExView , скачайте её с этого сайта.
Запустите и по очереди попробуйте по-отключать различные компоненты меню, таким образом найдя тот, который вызывает зависание компьютера.Валерий, добрый день!
Наконец проблема решена, зависание вызывала программа Snagit 9. При помощи программы shexview, по вашему совету, отключил все что касается контекстного меню и по очереди включал.Таким образом определил что это Snagit 9. Сейчас все работает! Спасибо огромное за помощь, за внимание к чужим проблемам!!!
Удачи!Рад вам помочь 🙂
Удалите Combofix с вашего компьютера, действуйте согласно инструкции: Как правильно удалить combofix с компьютера.
Удалите RSIT и другие скачанные вами сканеры.
Всего доброго!
- Для ответа в этой теме необходимо авторизоваться.
