alexdvit
2007-02-20, 07:13
Hello.
I have a problem during win xp sp2 booting. It doesn't reach the end and goes to reboot. But it possible to boot it in safe mode. Finally I ordered disk scan and it helps. Unfortunatly this had happened not for the first time and I haven't any idea what the reason for that all. In Your forum I found tool HijackThis.exe which gathers necessary statistics of active services. Please help me understand, if there are any spyes in OS and how to get rid off them. The log of HijackThis.exe is here:
Logfile of HijackThis v1.99.1
Scan saved at 8:39:22, on 20.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
H:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
H:\WINDOWS\system32\PGPserv.exe
H:\WINDOWS\system32\HPZipm12.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Network Associates\VirusScan\VsStat.exe
H:\Program Files\Network Associates\VirusScan\Vshwin32.exe
H:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
H:\Program Files\Network Associates\VirusScan\Avconsol.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\ABBYY Lingvo 8.0\Lvagent.exe
H:\Program Files\Common Files\Real\Update_OB\realsched.exe
H:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
H:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
H:\Program Files\Messenger\msmsgs.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
H:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
H:\Wincmd6.5\TOTALCMD.EXE
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
H:\WINDOWS\system32\rundll32.exe
H:\PROGRA~1\FREEDO~1\fdm.exe
H:\Distr\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: No description - {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} - H:\WINDOWS\DOWNLO~1\tbmon.dll (file missing)
O2 - BHO: VENGOBAR - {4E7BD74F-2B8D-469E-C0FF-FD63B39BBF2B} - H:\WINDOWS\DOWNLO~1\vengobar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - H:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: VENGOBAR - {4E7BD74F-2B8D-469E-C0FF-FD63B39BBF2B} - H:\WINDOWS\DOWNLO~1\vengobar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lingvo Launcher] "H:\Program Files\ABBYY Lingvo 8.0\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [ANIWZCS2Service] H:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Быстрый запуск HP Photosmart Premier.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://H:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate - http://lingvo.yandex.ru/ie5trans.htm
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download all with Free Download Manager - file://H:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://H:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://H:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Yandex &Search - http://lingvo.yandex.ru/ie5search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Mail.Ru Agent - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - H:\Program Files\Mail.Ru\Agent\MAgent.exe
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} (No description) - http://205.209.177.231/catalog/tbmon.cab
O16 - DPF: {78E61E52-0E57-4456-A2F2-517492BCBF8F} (Store Class) - http://www.payment.ru/capicom.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nvisiongroup.ru,nvision.ru
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nvisiongroup.ru,nvision.ru
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - H:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: outline3d - {D0F6E6CD-666D-4578-87A5-26A015436CA2} - H:\Program Files\Common Files\ParallelGraphics\Outline3D\Outline3dProtocol.dll
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - H:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - H:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: CA-License Client (CA_LIC_CLNT) - Unknown owner - H:\WINDOWS\Lic98Rmt.exe
O23 - Service: CA-License Server (CA_LIC_SRVR) - Unknown owner - H:\WINDOWS\Lic98RmtD.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - H:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - H:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - H:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - H:\WINDOWS\LogWatNT.exe
O23 - Service: McShield - Unknown owner - H:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - H:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: OracleDes6iClientCache80 - Unknown owner - H:\Des6i\BIN\ONRSD80.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - H:\Ora92\bin\omtsreco.exe
O23 - Service: OracleOra92Agent - Oracle Corporation - H:\Ora92\bin\agntsrvc.exe
O23 - Service: OracleOra92ClientCache - Unknown owner - H:\Ora92\BIN\ONRSD.EXE
O23 - Service: OracleOra92SNMPPeerEncapsulator - Unknown owner - H:\Ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOra92SNMPPeerMasterAgent - Unknown owner - H:\Ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOra92TNSListener - Unknown owner - H:\Ora92\BIN\TNSLSNR.exe
O23 - Service: OracleOra9ias_homeAgent - Oracle Corporation - H:\ora9ias\bin\agntsrvc.exe
O23 - Service: OracleOra9ias_homeEMWebsite - Unknown owner - H:\ora9ias\bin\nmentsrvc.exe
O23 - Service: OracleOra9ias_homeProcessManager - Unknown owner - H:\ora9ias\opmn\bin\opmn.exe
O23 - Service: OracleOra9ias_homeWebCache - Unknown owner - H:\ora9ias\bin\webcached.exe
O23 - Service: OracleOra9ias_homeWebCacheAdmin - Unknown owner - H:\ora9ias\bin\webcached.exe
O23 - Service: OracleOra9ias_homeWebCacheMon - Unknown owner - H:\ora9ias\bin\webcachemon.exe
O23 - Service: OracleServiceHOME - Oracle Corporation - h:\ora92\bin\ORACLE.EXE
O23 - Service: PGPserv - PGP Corporation - H:\WINDOWS\system32\PGPserv.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - H:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - H:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - H:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - H:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - H:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - H:\WINDOWS\system32\wbem\wmiapsrv.exe
I have a problem during win xp sp2 booting. It doesn't reach the end and goes to reboot. But it possible to boot it in safe mode. Finally I ordered disk scan and it helps. Unfortunatly this had happened not for the first time and I haven't any idea what the reason for that all. In Your forum I found tool HijackThis.exe which gathers necessary statistics of active services. Please help me understand, if there are any spyes in OS and how to get rid off them. The log of HijackThis.exe is here:
Logfile of HijackThis v1.99.1
Scan saved at 8:39:22, on 20.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
H:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
H:\WINDOWS\system32\PGPserv.exe
H:\WINDOWS\system32\HPZipm12.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Network Associates\VirusScan\VsStat.exe
H:\Program Files\Network Associates\VirusScan\Vshwin32.exe
H:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
H:\Program Files\Network Associates\VirusScan\Avconsol.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\ABBYY Lingvo 8.0\Lvagent.exe
H:\Program Files\Common Files\Real\Update_OB\realsched.exe
H:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
H:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
H:\Program Files\Messenger\msmsgs.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
H:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
H:\Wincmd6.5\TOTALCMD.EXE
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
H:\WINDOWS\system32\rundll32.exe
H:\PROGRA~1\FREEDO~1\fdm.exe
H:\Distr\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: No description - {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} - H:\WINDOWS\DOWNLO~1\tbmon.dll (file missing)
O2 - BHO: VENGOBAR - {4E7BD74F-2B8D-469E-C0FF-FD63B39BBF2B} - H:\WINDOWS\DOWNLO~1\vengobar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - H:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: VENGOBAR - {4E7BD74F-2B8D-469E-C0FF-FD63B39BBF2B} - H:\WINDOWS\DOWNLO~1\vengobar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lingvo Launcher] "H:\Program Files\ABBYY Lingvo 8.0\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [ANIWZCS2Service] H:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Быстрый запуск HP Photosmart Premier.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://H:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate - http://lingvo.yandex.ru/ie5trans.htm
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download all with Free Download Manager - file://H:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://H:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://H:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Yandex &Search - http://lingvo.yandex.ru/ie5search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Mail.Ru Agent - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - H:\Program Files\Mail.Ru\Agent\MAgent.exe
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} (No description) - http://205.209.177.231/catalog/tbmon.cab
O16 - DPF: {78E61E52-0E57-4456-A2F2-517492BCBF8F} (Store Class) - http://www.payment.ru/capicom.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nvisiongroup.ru,nvision.ru
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nvisiongroup.ru,nvision.ru
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - H:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: outline3d - {D0F6E6CD-666D-4578-87A5-26A015436CA2} - H:\Program Files\Common Files\ParallelGraphics\Outline3D\Outline3dProtocol.dll
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - H:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - H:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: CA-License Client (CA_LIC_CLNT) - Unknown owner - H:\WINDOWS\Lic98Rmt.exe
O23 - Service: CA-License Server (CA_LIC_SRVR) - Unknown owner - H:\WINDOWS\Lic98RmtD.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - H:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - H:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - H:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - H:\WINDOWS\LogWatNT.exe
O23 - Service: McShield - Unknown owner - H:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - H:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: OracleDes6iClientCache80 - Unknown owner - H:\Des6i\BIN\ONRSD80.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - H:\Ora92\bin\omtsreco.exe
O23 - Service: OracleOra92Agent - Oracle Corporation - H:\Ora92\bin\agntsrvc.exe
O23 - Service: OracleOra92ClientCache - Unknown owner - H:\Ora92\BIN\ONRSD.EXE
O23 - Service: OracleOra92SNMPPeerEncapsulator - Unknown owner - H:\Ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOra92SNMPPeerMasterAgent - Unknown owner - H:\Ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOra92TNSListener - Unknown owner - H:\Ora92\BIN\TNSLSNR.exe
O23 - Service: OracleOra9ias_homeAgent - Oracle Corporation - H:\ora9ias\bin\agntsrvc.exe
O23 - Service: OracleOra9ias_homeEMWebsite - Unknown owner - H:\ora9ias\bin\nmentsrvc.exe
O23 - Service: OracleOra9ias_homeProcessManager - Unknown owner - H:\ora9ias\opmn\bin\opmn.exe
O23 - Service: OracleOra9ias_homeWebCache - Unknown owner - H:\ora9ias\bin\webcached.exe
O23 - Service: OracleOra9ias_homeWebCacheAdmin - Unknown owner - H:\ora9ias\bin\webcached.exe
O23 - Service: OracleOra9ias_homeWebCacheMon - Unknown owner - H:\ora9ias\bin\webcachemon.exe
O23 - Service: OracleServiceHOME - Oracle Corporation - h:\ora92\bin\ORACLE.EXE
O23 - Service: PGPserv - PGP Corporation - H:\WINDOWS\system32\PGPserv.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - H:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - H:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - H:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - H:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - H:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - H:\WINDOWS\system32\wbem\wmiapsrv.exe