Созданные ответы форума
-
Сообщения
-
Комп вроде работает нормуль-единственное что не нравиться- долго шуршит диск в процессе работы . остальное все ок! Огромное Вам Валерий спасибо! Вот лог, излечили до конца комп???
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Администратор at 2009-04-05 09:30:15
Microsoft Windows XP Professional Service Pack 2
System drive C: has 82 GB (82%) free of 100 GB
Total RAM: 1007 MB (60% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:42, on 05.04.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAnalog DevicesSoundMAXSmax4.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:WINDOWSPixArtPAC207Monitor.exe
C:Program FilesMail.RuAgentMAgent.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesRSPrintPrintMon.exe
C:WINDOWSsystem32CNAB4RPK.EXE
C:WINDOWSsystem32ZoneLabsisafe.exe
C:Program FilesFirebirdbinfbguard.exe
C:Program FilesKctSWnd5NNKSRV32.EXE
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesFirebirdbinfbserver.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsАдминистратор.ELENAРабочий столОкна_2009RSIT.exe
C:Program Filestrend microАдминистратор.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.5.0_10binssv.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O4 — HKLM..Run: [SoundMAX] «C:Program FilesAnalog DevicesSoundMAXSmax4.exe» /tray
O4 — HKLM..Run: [JMB36X IDE Setup] C:WINDOWSJMJMInsIDE.exe
O4 — HKLM..Run: [36X Raid Configurer] C:WINDOWSsystem32JMRaidSetup.exe boot
O4 — HKLM..Run: [GrooveMonitor] «C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 — HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 — HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [Zone Labs Client] «C:Program FilesZone LabsZoneAlarmzlclient.exe»
O4 — HKLM..Run: [Monitor] C:WINDOWSPixArtPAC207Monitor.exe
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Вырезка экрана и программа запуска для OneNote 2007.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 — Global Startup: AutoCAD Startup Accelerator.lnk = C:Program FilesCommon FilesAutodesk Sharedacstart16.exe
O4 — Global Startup: Монитор АПС-Печать.lnk = C:Program FilesRSPrintPrintMon.exe
O8 — Extra context menu item: Поиск@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0_10binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0_10binssv.dll
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: PokerStars.net — {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} — C:Program FilesPokerStars.NETPokerStarsUpdate.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:PROGRA~1MICROS~2Office12GR99D3~1.DLL
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Autodesk Licensing Service — Autodesk — C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: CA ISafe (CAISafe) — Computer Associates International, Inc. — C:WINDOWSsystem32ZoneLabsisafe.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Firebird Guardian — DefaultInstance (FirebirdGuardianDefaultInstance) — The Firebird Project — C:Program FilesFirebirdbinfbguard.exe
O23 — Service: Firebird Server — DefaultInstance (FirebirdServerDefaultInstance) — The Firebird Project — C:Program FilesFirebirdbinfbserver.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) — Unknown owner — C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe (file missing)
O23 — Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) — Unknown owner — C:Program FilesMicrosoft SQL ServerMSSQL.2MSSQLBinnsqlservr.exe (file missing)
O23 — Service: Guardant network service (NNKSrv32) — Aktiv Co. — C:Program FilesKctSWnd5NNKSRV32.EXE
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: SQL Server Browser (SQLBrowser) — Unknown owner — C:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe (file missing)
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: TrueVector Internet Monitor (vsmon) — Zone Labs Inc. — C:WINDOWSsystem32ZoneLabsvsmon.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 10111 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-04-16 37808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-27 2210608][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.5.0_10binssv.dll [2006-11-09 440056][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-01-12 676704][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2008-04-24 2427968][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2008-04-24 2427968]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-01-12 676704][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMAX»=C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2006-07-13 729088]
«JMB36X IDE Setup»=C:WINDOWSJMJMInsIDE.exe [2006-10-30 36864]
«36X Raid Configurer»=C:WINDOWSsystem32JMRaidSetup.exe [2006-11-16 1953792]
«GrooveMonitor»=C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2006-10-27 31016]
«IgfxTray»=C:WINDOWSsystem32igfxtray.exe [2006-08-14 98304]
«HotKeysCmds»=C:WINDOWSsystem32hkcmd.exe [2006-08-14 114688]
«Persistence»=C:WINDOWSsystem32igfxpers.exe [2006-08-14 94208]
«SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2006-12-18 868352]
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2008-11-26 81000]
«Zone Labs Client»=C:Program FilesZone LabsZoneAlarmzlclient.exe [2004-07-26 705808]
«Monitor»=C:WINDOWSPixArtPAC207Monitor.exe [2006-11-03 319488]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-01-12 5598392][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
AutoCAD Startup Accelerator.lnk — C:Program FilesCommon FilesAutodesk Sharedacstart16.exe
Монитор АПС-Печать.lnk — C:Program FilesRSPrintPrintMon.exeC:Documents and SettingsАдминистратор.ELENAГлавное менюПрограммыАвтозагрузка
Вырезка экрана и программа запуска для OneNote 2007.lnk — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSSYSTEM32igfxdev.dll [2006-08-14 155648][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-27 2210608][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableLUA»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE»=»C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove»
«C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE»=»C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote»
«C:WINDOWSsystem32CNAB4RPK.EXE»=»C:WINDOWSsystem32CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process»
«C:WINDOWSlibor.exe»=»C:WINDOWSlibor.exe:*:Enabled:enable»
«C:WINDOWSJMJMInsIDE.exe»=»C:WINDOWSJMJMInsIDE.exe:*:Enabled:ipsec»
«C:WINDOWSExplorer.EXE»=»C:WINDOWSExplorer.EXE:*:Enabled:ipsec»
«C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»=»C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe:*:Enabled:ipsec»
«C:Program FilesAnalog DevicesSoundMAXSmax4.exe»=»C:Program FilesAnalog DevicesSoundMAXSmax4.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ipsec»
«C:PROGRA~1ALWILS~1Avast4ashDisp.exe»=»C:PROGRA~1ALWILS~1Avast4ashDisp.exe:*:Enabled:ipsec»
«C:Program FilesZone LabsZoneAlarmzlclient.exe»=»C:Program FilesZone LabsZoneAlarmzlclient.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32hkcmd.exe»=»C:WINDOWSsystem32hkcmd.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32ctfmon.exe»=»C:WINDOWSsystem32ctfmon.exe:*:Enabled:ipsec»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======File associations======
.scr — open — «C:WINDOWSsystem32notepad.exe» «%1»
.scr — install —
.scr — config —======List of files/folders created in the last 1 months======
2009-04-02 08:11:53 —-D—- C:_OTMoveIt
2009-04-02 08:01:55 —-RASHD—- C:autorun.inf
2009-03-30 20:18:50 —-D—- C:Documents and SettingsАдминистратор.ELENAApplication DataMalwarebytes
2009-03-30 20:18:47 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-30 20:18:47 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-03-22 21:35:58 —-D—- C:Program FilesИгры
2009-03-22 10:36:55 —-A—- C:avexport.bat
2009-03-21 22:34:15 —-A—- C:zip.exe
2009-03-21 22:34:15 —-A—- C:cleanup.bat
2009-03-20 09:14:24 —-D—- C:skin
2009-03-20 08:41:45 —-D—- C:graphics
2009-03-17 07:43:55 —-D—- C:Program Filestrend micro
2009-03-17 07:43:36 —-D—- C:rsit
2009-03-15 18:31:23 —-HD—- C:WINDOWSPIF======List of files/folders modified in the last 1 months======
2009-04-05 09:29:56 —-D—- C:WINDOWSPrefetch
2009-04-05 09:28:04 —-D—- C:WINDOWSTemp
2009-04-05 09:26:49 —-D—- C:WINDOWSsystem32CatRoot2
2009-04-05 09:26:29 —-D—- C:WINDOWSMicrosoft.NET
2009-04-05 09:25:32 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-05 09:22:34 —-D—- C:WINDOWSCAVTemp
2009-04-05 08:54:31 —-D—- C:Documents and SettingsАдминистратор.ELENAApplication DataMra
2009-04-05 07:23:05 —-D—- C:WINDOWSInternet Logs
2009-04-01 03:54:13 —-D—- C:Program FilesPokerStars.NET
2009-03-30 20:53:26 —-D—- C:WINDOWSsystem32drivers
2009-03-30 20:53:26 —-D—- C:WINDOWS
2009-03-30 20:51:06 —-D—- C:WINDOWSsystem32
2009-03-30 20:51:06 —-D—- C:Program FilesGamesBar
2009-03-30 20:18:47 —-D—- C:Program Files
2009-03-29 08:43:35 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-22 11:30:36 —-D—- C:Program FilesQUIK======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2008-11-26 50864]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R1 NVKEYNT;NVKEYNT; ??C:WINDOWSsystem32DRIVERSNVKEYNT.SYS []
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:WINDOWSsystem32driversVETFDDNT.sys [2008-07-04 114856]
R1 VET-FILT;VET File System Filter; C:WINDOWSsystem32driversVET-FILT.sys [2004-05-28 21605]
R1 VETMONNT;VET File and Macro Monitor; C:WINDOWSsystem32driversVETMONNT.sys [2008-07-04 896472]
R1 VET-REC;VET File System Recognizer; C:WINDOWSsystem32driversVET-REC.sys [2004-05-28 15668]
R1 vsdatant;vsdatant; C:WINDOWSSystem32vsdatant.sys [2004-07-26 271216]
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2008-11-26 94032]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:WINDOWSsystem32driversAEAudio.sys [2006-08-07 93952]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-17 60800]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2008-11-26 23152]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:WINDOWSsystem32DRIVERSe1e5132.sys [2006-06-05 230400]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSigxpmp32.sys [2006-08-14 1109568]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-17 61824]
R3 NVKEYUSB;Guardant Stealth I/II USB Key; C:WINDOWSsystem32DRIVERSNVKEYUSB.SYS [2005-10-21 38400]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-21 5888]
R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2006-03-17 392960]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S2 hardlock;hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
S3 aksusb;Aladdin USB Key; C:WINDOWSsystem32DRIVERSaksusb.sys [2008-05-05 18944]
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 PAC207;Look 110; C:WINDOWSsystem32DRIVERSPFC027.SYS [2007-03-01 507264]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-10-21 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2008-11-26 155160]
R2 CAISafe;CA ISafe; C:WINDOWSsystem32ZoneLabsisafe.exe [2004-05-28 184320]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian — DefaultInstance; C:Program FilesFirebirdbinfbguard.exe [2004-07-14 65536]
R2 NNKSrv32;Guardant network service; C:Program FilesKctSWnd5NNKSRV32.EXE [2005-12-26 208384]
R2 vsmon;TrueVector Internet Monitor; C:WINDOWSsystem32ZoneLabsvsmon.exe [2004-07-26 918792]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2008-11-26 352920]
R3 FirebirdServerDefaultInstance;Firebird Server — DefaultInstance; C:Program FilesFirebirdbinfbserver.exe [2004-07-14 1527887]
S2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe -sSQLEXPRESS []
S2 MSSQLSERVER;SQL Server (MSSQLSERVER); C:Program FilesMicrosoft SQL ServerMSSQL.2MSSQLBinnsqlservr.exe -sMSSQLSERVER []
S2 SQLBrowser;SQL Server Browser; C:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe []
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2008-03-21 77944]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-04-24 138168]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-03 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:Program FilesMicrosoft SQL Server90Sharedsqladhlp90.exe []
EOF
Да, была проблема с этим авторуном точка инф, и аваст ругался на него но удалить не мог (ДВД диск). Как только это попало в комп-интересно….. Интерсные и полезные у Вас, Валерий проги!!!!!!!!! Огромное спасибо!!! Вот что получилось после флэш и отмовелт3. Думаете это конец моим мукам?? 😉
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{151475ae-266c-11dd-8aec-001d603f6aa8}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{5676968b-ad4f-11dc-8a3b-001d603f6aa8}\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:DOCUME~166FD~1.ELELOCALS~1Temp~DFB625.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsАдминистратор.ELENALocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:WINDOWStempPerflib_Perfdata_578.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.10.0 log created on 04022009_081153
Files moved on Reboot…
C:DOCUME~166FD~1.ELELOCALS~1Temp~DFB625.tmp moved successfully.
C:WINDOWStempPerflib_Perfdata_578.dat moved successfully.Logfile of random’s system information tool 1.05 (written by random/random)
Run by Администратор at 2009-04-02 08:16:51
Microsoft Windows XP Professional Service Pack 2
System drive C: has 82 GB (82%) free of 100 GB
Total RAM: 1007 MB (60% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:17, on 02.04.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAnalog DevicesSoundMAXSmax4.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:WINDOWSPixArtPAC207Monitor.exe
C:Program FilesMail.RuAgentMAgent.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesRSPrintPrintMon.exe
C:WINDOWSsystem32CNAB4RPK.EXE
C:WINDOWSsystem32ZoneLabsisafe.exe
C:Program FilesFirebirdbinfbguard.exe
C:Program FilesKctSWnd5NNKSRV32.EXE
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesFirebirdbinfbserver.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsАдминистратор.ELENAРабочий столОкна_2009RSIT.exe
C:Program Filestrend microАдминистратор.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.5.0_10binssv.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O4 — HKLM..Run: [SoundMAX] «C:Program FilesAnalog DevicesSoundMAXSmax4.exe» /tray
O4 — HKLM..Run: [JMB36X IDE Setup] C:WINDOWSJMJMInsIDE.exe
O4 — HKLM..Run: [36X Raid Configurer] C:WINDOWSsystem32JMRaidSetup.exe boot
O4 — HKLM..Run: [GrooveMonitor] «C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 — HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 — HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [Zone Labs Client] «C:Program FilesZone LabsZoneAlarmzlclient.exe»
O4 — HKLM..Run: [Monitor] C:WINDOWSPixArtPAC207Monitor.exe
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Вырезка экрана и программа запуска для OneNote 2007.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 — Global Startup: AutoCAD Startup Accelerator.lnk = C:Program FilesCommon FilesAutodesk Sharedacstart16.exe
O4 — Global Startup: Монитор АПС-Печать.lnk = C:Program FilesRSPrintPrintMon.exe
O8 — Extra context menu item: Поиск@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0_10binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0_10binssv.dll
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: PokerStars.net — {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} — C:Program FilesPokerStars.NETPokerStarsUpdate.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:PROGRA~1MICROS~2Office12GR99D3~1.DLL
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Autodesk Licensing Service — Autodesk — C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: CA ISafe (CAISafe) — Computer Associates International, Inc. — C:WINDOWSsystem32ZoneLabsisafe.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Firebird Guardian — DefaultInstance (FirebirdGuardianDefaultInstance) — The Firebird Project — C:Program FilesFirebirdbinfbguard.exe
O23 — Service: Firebird Server — DefaultInstance (FirebirdServerDefaultInstance) — The Firebird Project — C:Program FilesFirebirdbinfbserver.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) — Unknown owner — C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe (file missing)
O23 — Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) — Unknown owner — C:Program FilesMicrosoft SQL ServerMSSQL.2MSSQLBinnsqlservr.exe (file missing)
O23 — Service: Guardant network service (NNKSrv32) — Aktiv Co. — C:Program FilesKctSWnd5NNKSRV32.EXE
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: SQL Server Browser (SQLBrowser) — Unknown owner — C:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe (file missing)
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: TrueVector Internet Monitor (vsmon) — Zone Labs Inc. — C:WINDOWSsystem32ZoneLabsvsmon.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 10111 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-04-16 37808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-27 2210608][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.5.0_10binssv.dll [2006-11-09 440056][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-01-12 676704][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2008-04-24 2427968][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2008-04-24 2427968]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-01-12 676704][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMAX»=C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2006-07-13 729088]
«JMB36X IDE Setup»=C:WINDOWSJMJMInsIDE.exe [2006-10-30 36864]
«36X Raid Configurer»=C:WINDOWSsystem32JMRaidSetup.exe [2006-11-16 1953792]
«GrooveMonitor»=C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2006-10-27 31016]
«IgfxTray»=C:WINDOWSsystem32igfxtray.exe [2006-08-14 98304]
«HotKeysCmds»=C:WINDOWSsystem32hkcmd.exe [2006-08-14 114688]
«Persistence»=C:WINDOWSsystem32igfxpers.exe [2006-08-14 94208]
«SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2006-12-18 868352]
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2008-11-26 81000]
«Zone Labs Client»=C:Program FilesZone LabsZoneAlarmzlclient.exe [2004-07-26 705808]
«Monitor»=C:WINDOWSPixArtPAC207Monitor.exe [2006-11-03 319488]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-01-12 5598392][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
AutoCAD Startup Accelerator.lnk — C:Program FilesCommon FilesAutodesk Sharedacstart16.exe
Монитор АПС-Печать.lnk — C:Program FilesRSPrintPrintMon.exeC:Documents and SettingsАдминистратор.ELENAГлавное менюПрограммыАвтозагрузка
Вырезка экрана и программа запуска для OneNote 2007.lnk — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSSYSTEM32igfxdev.dll [2006-08-14 155648][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-27 2210608][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableLUA»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE»=»C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove»
«C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE»=»C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote»
«C:WINDOWSsystem32CNAB4RPK.EXE»=»C:WINDOWSsystem32CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process»
«C:WINDOWSSYSTEM32yjua472.exe»=»C:WINDOWSSYSTEM32yjua472.exe:*:Enabled:ipsec»
«C:WINDOWSlibor.exe»=»C:WINDOWSlibor.exe:*:Enabled:enable»
«C:WINDOWSJMJMInsIDE.exe»=»C:WINDOWSJMJMInsIDE.exe:*:Enabled:ipsec»
«C:WINDOWSExplorer.EXE»=»C:WINDOWSExplorer.EXE:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempw7f068.exe»=»C:DOCUME~19335~1LOCALS~1Tempw7f068.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempw2a0456.exe»=»C:DOCUME~19335~1LOCALS~1Tempw2a0456.exe:*:Enabled:ipsec»
«C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»=»C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempw95a22.exe»=»C:DOCUME~19335~1LOCALS~1Tempw95a22.exe:*:Enabled:ipsec»
«C:Program FilesAnalog DevicesSoundMAXSmax4.exe»=»C:Program FilesAnalog DevicesSoundMAXSmax4.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwc6da4.exe»=»C:DOCUME~19335~1LOCALS~1Tempwc6da4.exe:*:Enabled:ipsec»
«C:PROGRA~1ALWILS~1Avast4ashDisp.exe»=»C:PROGRA~1ALWILS~1Avast4ashDisp.exe:*:Enabled:ipsec»
«C:WINDOWSTEMPwb4242.exe»=»C:WINDOWSTEMPwb4242.exe:*:Enabled:ipsec»
«C:WINDOWSTEMPw49df1.exe»=»C:WINDOWSTEMPw49df1.exe:*:Enabled:ipsec»
«C:Program FilesZone LabsZoneAlarmzlclient.exe»=»C:Program FilesZone LabsZoneAlarmzlclient.exe:*:Enabled:ipsec»
«C:DOCUME~166FD~1.ELELOCALS~1Tempw2cc7340.exe»=»C:DOCUME~166FD~1.ELELOCALS~1Tempw2cc7340.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32hkcmd.exe»=»C:WINDOWSsystem32hkcmd.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32ctfmon.exe»=»C:WINDOWSsystem32ctfmon.exe:*:Enabled:ipsec»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======File associations======
.scr — open — «C:WINDOWSsystem32notepad.exe» «%1»
.scr — install —
.scr — config —======List of files/folders created in the last 1 months======
2009-04-02 08:11:53 —-D—- C:_OTMoveIt
2009-04-02 08:01:55 —-RASHD—- C:autorun.inf
2009-03-30 20:18:50 —-D—- C:Documents and SettingsАдминистратор.ELENAApplication DataMalwarebytes
2009-03-30 20:18:47 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-30 20:18:47 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-03-22 21:35:58 —-D—- C:Program FilesИгры
2009-03-22 10:36:55 —-A—- C:avexport.bat
2009-03-21 22:34:15 —-A—- C:zip.exe
2009-03-21 22:34:15 —-A—- C:cleanup.bat
2009-03-20 09:14:24 —-D—- C:skin
2009-03-20 08:41:45 —-D—- C:graphics
2009-03-17 07:43:55 —-D—- C:Program Filestrend micro
2009-03-17 07:43:36 —-D—- C:rsit
2009-03-15 18:31:23 —-HD—- C:WINDOWSPIF
2009-03-03 08:55:31 —-D—- C:Program FilesСтатФорм======List of files/folders modified in the last 1 months======
2009-04-02 08:16:56 —-D—- C:WINDOWSPrefetch
2009-04-02 08:14:25 —-D—- C:WINDOWSTemp
2009-04-02 08:13:32 —-D—- C:WINDOWSsystem32CatRoot2
2009-04-02 08:13:17 —-D—- C:WINDOWSMicrosoft.NET
2009-04-02 08:12:19 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-02 07:56:55 —-D—- C:WINDOWSCAVTemp
2009-04-01 21:41:31 —-D—- C:Documents and SettingsАдминистратор.ELENAApplication DataMra
2009-04-01 19:59:52 —-D—- C:WINDOWSInternet Logs
2009-04-01 03:54:13 —-D—- C:Program FilesPokerStars.NET
2009-03-30 20:53:26 —-D—- C:WINDOWSsystem32drivers
2009-03-30 20:53:26 —-D—- C:WINDOWS
2009-03-30 20:51:06 —-D—- C:WINDOWSsystem32
2009-03-30 20:51:06 —-D—- C:Program FilesGamesBar
2009-03-30 20:18:47 —-D—- C:Program Files
2009-03-29 08:43:35 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-22 11:30:36 —-D—- C:Program FilesQUIK======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2008-11-26 50864]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R1 NVKEYNT;NVKEYNT; ??C:WINDOWSsystem32DRIVERSNVKEYNT.SYS []
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:WINDOWSsystem32driversVETFDDNT.sys [2008-07-04 114856]
R1 VET-FILT;VET File System Filter; C:WINDOWSsystem32driversVET-FILT.sys [2004-05-28 21605]
R1 VETMONNT;VET File and Macro Monitor; C:WINDOWSsystem32driversVETMONNT.sys [2008-07-04 896472]
R1 VET-REC;VET File System Recognizer; C:WINDOWSsystem32driversVET-REC.sys [2004-05-28 15668]
R1 vsdatant;vsdatant; C:WINDOWSSystem32vsdatant.sys [2004-07-26 271216]
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2008-11-26 94032]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:WINDOWSsystem32driversAEAudio.sys [2006-08-07 93952]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-17 60800]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2008-11-26 23152]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:WINDOWSsystem32DRIVERSe1e5132.sys [2006-06-05 230400]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSigxpmp32.sys [2006-08-14 1109568]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-17 61824]
R3 NVKEYUSB;Guardant Stealth I/II USB Key; C:WINDOWSsystem32DRIVERSNVKEYUSB.SYS [2005-10-21 38400]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-21 5888]
R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2006-03-17 392960]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S2 hardlock;hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
S3 aksusb;Aladdin USB Key; C:WINDOWSsystem32DRIVERSaksusb.sys [2008-05-05 18944]
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 PAC207;Look 110; C:WINDOWSsystem32DRIVERSPFC027.SYS [2007-03-01 507264]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-10-21 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2008-11-26 155160]
R2 CAISafe;CA ISafe; C:WINDOWSsystem32ZoneLabsisafe.exe [2004-05-28 184320]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian — DefaultInstance; C:Program FilesFirebirdbinfbguard.exe [2004-07-14 65536]
R2 NNKSrv32;Guardant network service; C:Program FilesKctSWnd5NNKSRV32.EXE [2005-12-26 208384]
R2 vsmon;TrueVector Internet Monitor; C:WINDOWSsystem32ZoneLabsvsmon.exe [2004-07-26 918792]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2008-11-26 352920]
R3 FirebirdServerDefaultInstance;Firebird Server — DefaultInstance; C:Program FilesFirebirdbinfbserver.exe [2004-07-14 1527887]
S2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe -sSQLEXPRESS []
S2 MSSQLSERVER;SQL Server (MSSQLSERVER); C:Program FilesMicrosoft SQL ServerMSSQL.2MSSQLBinnsqlservr.exe -sMSSQLSERVER []
S2 SQLBrowser;SQL Server Browser; C:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe []
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2008-03-21 77944]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-04-24 138168]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-03 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:Program FilesMicrosoft SQL Server90Sharedsqladhlp90.exe []
EOF
Мда, не хило так нашло заражений в компе. Странно. почему только аваст не показывал их и зона аларм….. Огромное спасибо, Вам, Валерий! Вот результаты логов- думаете вирусы убиты?
Malwarebytes’ Anti-Malware 1.35
Версия базы данных: 1918
Windows 5.1.2600 Service Pack 230.03.2009 20:51:06
mbam-log-2009-03-30 (20-51-06).txtТип проверки: Полная (C:|)
Проверено объектов: 157648
Прошло времени: 19 minute(s), 40 second(s)Заражено процессов в памяти: 0
Заражено модулей в памяти: 0
Заражено ключей реестра: 13
Заражено значений реестра: 2
Заражено параметров реестра: 4
Заражено папок: 0
Заражено файлов: 63Заражено процессов в памяти:
(Вредоносные программы не обнаружены)Заражено модулей в памяти:
(Вредоносные программы не обнаружены)Заражено ключей реестра:
HKEY_CLASSES_ROOToberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypeLib{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{ec1a2105-5621-440f-987d-27ef428131d9} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOToberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{b5ac49a2-94f2-42bd-f434-2604812c897d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{b5ac49a2-94f2-42bd-f434-2604812c897d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{b5ac49a2-94f2-42bd-f434-2604812c897d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesGoogle Online Services (Trojan.Agent) -> Quarantined and deleted successfully.Заражено значений реестра:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunadvap32 (Trojan.Agent) -> Quarantined and deleted successfully.Заражено параметров реестра:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALLCheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterAntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterFirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterUpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Заражено папок:
(Вредоносные программы не обнаружены)Заражено файлов:
C:Program FilesGamesBaroberontb.dll (Adware.Gamesbar) -> Quarantined and deleted successfully.
C:cleanup.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:Documents and SettingsАдминистратор.ELENALocal SettingsTempRar$EX00.125avenger.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:Documents and SettingsАдминистратор.ELENALocal SettingsTempRar$EX00.625avenger.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:Documents and SettingsАдминистратор.ELENALocal SettingsTempRar$EX00.640avenger.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:Documents and SettingsАдминистратор.ELENAРабочий столavenger.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0066986.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0067157.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0067028.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0067049.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0067071.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0067092.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0067113.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0067134.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0067166.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0067188.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0067225.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0068246.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0068268.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0068288.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0068311.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0068333.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0068354.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0068376.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0068399.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0068444.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0068465.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP342A0068422.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP343A0069488.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP343A0069512.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP343A0069535.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP343A0069559.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP343A0069566.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP343A0069606.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP343A0069646.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP343A0069654.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0069683.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0069723.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0069745.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0070811.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0070764.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0070789.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0070832.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0070859.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0070882.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0070909.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0070933.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0070953.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0070977.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0071003.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0071024.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0071046.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0071070.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0071095.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0071121.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0071152.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0071173.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0072198.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:System Volume Information_restore{3B45AC2A-6EF5-43B0-8BEB-086483AF03B3}RP344A0072220.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:WINDOWSsystem32clbinit.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32winsub.xml (Malware.Trace) -> Quarantined and deleted successfully.
C:WINDOWSsystem32svcp.csv (Malware.Trace) -> Quarantined and deleted successfully.
C:WINDOWSsystem32svchost.t__ (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.Logfile of random’s system information tool 1.05 (written by random/random)
Run by Администратор at 2009-03-30 20:58:15
Microsoft Windows XP Professional Service Pack 2
System drive C: has 82 GB (82%) free of 100 GB
Total RAM: 1007 MB (62% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:42, on 30.03.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAnalog DevicesSoundMAXSmax4.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:WINDOWSPixArtPAC207Monitor.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesRSPrintPrintMon.exe
C:WINDOWSsystem32CNAB4RPK.EXE
C:WINDOWSsystem32ZoneLabsisafe.exe
C:Program FilesFirebirdbinfbguard.exe
C:Program FilesKctSWnd5NNKSRV32.EXE
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesFirebirdbinfbserver.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsАдминистратор.ELENAРабочий столОкна_2009RSIT.exe
C:Program Filestrend microАдминистратор.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.5.0_10binssv.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O4 — HKLM..Run: [SoundMAX] «C:Program FilesAnalog DevicesSoundMAXSmax4.exe» /tray
O4 — HKLM..Run: [JMB36X IDE Setup] C:WINDOWSJMJMInsIDE.exe
O4 — HKLM..Run: [36X Raid Configurer] C:WINDOWSsystem32JMRaidSetup.exe boot
O4 — HKLM..Run: [GrooveMonitor] «C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 — HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 — HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [Zone Labs Client] «C:Program FilesZone LabsZoneAlarmzlclient.exe»
O4 — HKLM..Run: [Monitor] C:WINDOWSPixArtPAC207Monitor.exe
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Вырезка экрана и программа запуска для OneNote 2007.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 — Global Startup: AutoCAD Startup Accelerator.lnk = C:Program FilesCommon FilesAutodesk Sharedacstart16.exe
O4 — Global Startup: Монитор АПС-Печать.lnk = C:Program FilesRSPrintPrintMon.exe
O8 — Extra context menu item: Поиск@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0_10binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0_10binssv.dll
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: PokerStars.net — {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} — C:Program FilesPokerStars.NETPokerStarsUpdate.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:PROGRA~1MICROS~2Office12GR99D3~1.DLL
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Autodesk Licensing Service — Autodesk — C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: CA ISafe (CAISafe) — Computer Associates International, Inc. — C:WINDOWSsystem32ZoneLabsisafe.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Firebird Guardian — DefaultInstance (FirebirdGuardianDefaultInstance) — The Firebird Project — C:Program FilesFirebirdbinfbguard.exe
O23 — Service: Firebird Server — DefaultInstance (FirebirdServerDefaultInstance) — The Firebird Project — C:Program FilesFirebirdbinfbserver.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) — Unknown owner — C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe (file missing)
O23 — Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) — Unknown owner — C:Program FilesMicrosoft SQL ServerMSSQL.2MSSQLBinnsqlservr.exe (file missing)
O23 — Service: Guardant network service (NNKSrv32) — Aktiv Co. — C:Program FilesKctSWnd5NNKSRV32.EXE
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: SQL Server Browser (SQLBrowser) — Unknown owner — C:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe (file missing)
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: TrueVector Internet Monitor (vsmon) — Zone Labs Inc. — C:WINDOWSsystem32ZoneLabsvsmon.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 10069 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-04-16 37808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-27 2210608][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.5.0_10binssv.dll [2006-11-09 440056][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-01-12 676704][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2008-04-24 2427968][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2008-04-24 2427968]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-01-12 676704][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMAX»=C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2006-07-13 729088]
«JMB36X IDE Setup»=C:WINDOWSJMJMInsIDE.exe [2006-10-30 36864]
«36X Raid Configurer»=C:WINDOWSsystem32JMRaidSetup.exe [2006-11-16 1953792]
«GrooveMonitor»=C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2006-10-27 31016]
«IgfxTray»=C:WINDOWSsystem32igfxtray.exe [2006-08-14 98304]
«HotKeysCmds»=C:WINDOWSsystem32hkcmd.exe [2006-08-14 114688]
«Persistence»=C:WINDOWSsystem32igfxpers.exe [2006-08-14 94208]
«SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2006-12-18 868352]
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2008-11-26 81000]
«Zone Labs Client»=C:Program FilesZone LabsZoneAlarmzlclient.exe [2004-07-26 705808]
«Monitor»=C:WINDOWSPixArtPAC207Monitor.exe [2006-11-03 319488]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-01-12 5598392][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
AutoCAD Startup Accelerator.lnk — C:Program FilesCommon FilesAutodesk Sharedacstart16.exe
Монитор АПС-Печать.lnk — C:Program FilesRSPrintPrintMon.exeC:Documents and SettingsАдминистратор.ELENAГлавное менюПрограммыАвтозагрузка
Вырезка экрана и программа запуска для OneNote 2007.lnk — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSSYSTEM32igfxdev.dll [2006-08-14 155648][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-27 2210608][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableLUA»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE»=»C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove»
«C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE»=»C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote»
«C:WINDOWSsystem32CNAB4RPK.EXE»=»C:WINDOWSsystem32CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process»
«C:WINDOWSSYSTEM32yjua472.exe»=»C:WINDOWSSYSTEM32yjua472.exe:*:Enabled:ipsec»
«C:WINDOWSlibor.exe»=»C:WINDOWSlibor.exe:*:Enabled:enable»
«C:WINDOWSJMJMInsIDE.exe»=»C:WINDOWSJMJMInsIDE.exe:*:Enabled:ipsec»
«C:WINDOWSExplorer.EXE»=»C:WINDOWSExplorer.EXE:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempw7f068.exe»=»C:DOCUME~19335~1LOCALS~1Tempw7f068.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempw2a0456.exe»=»C:DOCUME~19335~1LOCALS~1Tempw2a0456.exe:*:Enabled:ipsec»
«C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»=»C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempw95a22.exe»=»C:DOCUME~19335~1LOCALS~1Tempw95a22.exe:*:Enabled:ipsec»
«C:Program FilesAnalog DevicesSoundMAXSmax4.exe»=»C:Program FilesAnalog DevicesSoundMAXSmax4.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwc6da4.exe»=»C:DOCUME~19335~1LOCALS~1Tempwc6da4.exe:*:Enabled:ipsec»
«C:PROGRA~1ALWILS~1Avast4ashDisp.exe»=»C:PROGRA~1ALWILS~1Avast4ashDisp.exe:*:Enabled:ipsec»
«C:WINDOWSTEMPwb4242.exe»=»C:WINDOWSTEMPwb4242.exe:*:Enabled:ipsec»
«C:WINDOWSTEMPw49df1.exe»=»C:WINDOWSTEMPw49df1.exe:*:Enabled:ipsec»
«C:Program FilesZone LabsZoneAlarmzlclient.exe»=»C:Program FilesZone LabsZoneAlarmzlclient.exe:*:Enabled:ipsec»
«C:DOCUME~166FD~1.ELELOCALS~1Tempw2cc7340.exe»=»C:DOCUME~166FD~1.ELELOCALS~1Tempw2cc7340.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32hkcmd.exe»=»C:WINDOWSsystem32hkcmd.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32ctfmon.exe»=»C:WINDOWSsystem32ctfmon.exe:*:Enabled:ipsec»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{151475ae-266c-11dd-8aec-001d603f6aa8}]
shellAutoRuncommand — E:ta2.cmd
shellexplorecommand — E:ta2.cmd
shellopencommand — E:ta2.cmd[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{5676968b-ad4f-11dc-8a3b-001d603f6aa8}]
shellAutoRuncommand — E:
shellopencommand — rundll32.exe .\rdosys.dll,InstallM======File associations======
.scr — open — «C:WINDOWSsystem32notepad.exe» «%1»
.scr — install —
.scr — config —======List of files/folders created in the last 1 months======
2009-03-30 20:18:50 —-D—- C:Documents and SettingsАдминистратор.ELENAApplication DataMalwarebytes
2009-03-30 20:18:47 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-30 20:18:47 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-03-22 21:35:58 —-D—- C:Program FilesИгры
2009-03-22 10:36:55 —-A—- C:avexport.bat
2009-03-21 22:34:15 —-A—- C:zip.exe
2009-03-21 22:34:15 —-A—- C:cleanup.bat
2009-03-20 09:14:24 —-D—- C:skin
2009-03-20 08:41:45 —-D—- C:graphics
2009-03-17 07:43:55 —-D—- C:Program Filestrend micro
2009-03-17 07:43:36 —-D—- C:rsit
2009-03-15 18:31:23 —-HD—- C:WINDOWSPIF
2009-03-03 08:55:31 —-D—- C:Program FilesСтатФорм======List of files/folders modified in the last 1 months======
2009-03-30 20:55:09 —-D—- C:WINDOWSTemp
2009-03-30 20:54:41 —-D—- C:WINDOWSPrefetch
2009-03-30 20:54:16 —-D—- C:WINDOWSsystem32CatRoot2
2009-03-30 20:54:02 —-D—- C:WINDOWSMicrosoft.NET
2009-03-30 20:53:26 —-D—- C:WINDOWSsystem32drivers
2009-03-30 20:53:26 —-D—- C:WINDOWS
2009-03-30 20:53:00 —-A—- C:WINDOWSSchedLgU.Txt
2009-03-30 20:51:06 —-D—- C:WINDOWSsystem32
2009-03-30 20:51:06 —-D—- C:Program FilesGamesBar
2009-03-30 20:18:47 —-D—- C:Program Files
2009-03-30 20:16:16 —-D—- C:WINDOWSCAVTemp
2009-03-30 20:03:40 —-D—- C:WINDOWSInternet Logs
2009-03-29 20:42:10 —-D—- C:Documents and SettingsАдминистратор.ELENAApplication DataMra
2009-03-29 14:00:52 —-D—- C:Program FilesPokerStars.NET
2009-03-29 08:43:35 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-22 11:30:36 —-D—- C:Program FilesQUIK======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2008-11-26 50864]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R1 NVKEYNT;NVKEYNT; ??C:WINDOWSsystem32DRIVERSNVKEYNT.SYS []
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:WINDOWSsystem32driversVETFDDNT.sys [2008-07-04 114856]
R1 VET-FILT;VET File System Filter; C:WINDOWSsystem32driversVET-FILT.sys [2004-05-28 21605]
R1 VETMONNT;VET File and Macro Monitor; C:WINDOWSsystem32driversVETMONNT.sys [2008-07-04 896472]
R1 VET-REC;VET File System Recognizer; C:WINDOWSsystem32driversVET-REC.sys [2004-05-28 15668]
R1 vsdatant;vsdatant; C:WINDOWSSystem32vsdatant.sys [2004-07-26 271216]
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2008-11-26 94032]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:WINDOWSsystem32driversAEAudio.sys [2006-08-07 93952]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-17 60800]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2008-11-26 23152]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:WINDOWSsystem32DRIVERSe1e5132.sys [2006-06-05 230400]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSigxpmp32.sys [2006-08-14 1109568]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-17 61824]
R3 NVKEYUSB;Guardant Stealth I/II USB Key; C:WINDOWSsystem32DRIVERSNVKEYUSB.SYS [2005-10-21 38400]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-21 5888]
R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2006-03-17 392960]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S2 hardlock;hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
S3 aksusb;Aladdin USB Key; C:WINDOWSsystem32DRIVERSaksusb.sys [2008-05-05 18944]
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 PAC207;Look 110; C:WINDOWSsystem32DRIVERSPFC027.SYS [2007-03-01 507264]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-10-21 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2008-11-26 155160]
R2 CAISafe;CA ISafe; C:WINDOWSsystem32ZoneLabsisafe.exe [2004-05-28 184320]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian — DefaultInstance; C:Program FilesFirebirdbinfbguard.exe [2004-07-14 65536]
R2 NNKSrv32;Guardant network service; C:Program FilesKctSWnd5NNKSRV32.EXE [2005-12-26 208384]
R2 vsmon;TrueVector Internet Monitor; C:WINDOWSsystem32ZoneLabsvsmon.exe [2004-07-26 918792]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2008-11-26 352920]
R3 FirebirdServerDefaultInstance;Firebird Server — DefaultInstance; C:Program FilesFirebirdbinfbserver.exe [2004-07-14 1527887]
S2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe -sSQLEXPRESS []
S2 MSSQLSERVER;SQL Server (MSSQLSERVER); C:Program FilesMicrosoft SQL ServerMSSQL.2MSSQLBinnsqlservr.exe -sMSSQLSERVER []
S2 SQLBrowser;SQL Server Browser; C:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe []
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2008-03-21 77944]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-04-24 138168]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-03 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:Program FilesMicrosoft SQL Server90Sharedsqladhlp90.exe []
EOF
Нет, загрузки в безопасный режим вообще не дает. Пишет выбор с чего загружать-потом ноль загрузка. Что делать? все полностью грохать? Очень много рабочих программ, не хотелось бы…(((
