Невидимый вирус

illznn · Отправлено: **10:24, 16-01-2009** | #9

OTListIt 1\2

Код:

OTListIt logfile created on: 16.01.2009 8:31:57 - Run 
OTListIt2 by OldTimer - Version 1.0.3.0     Folder = C:\Documents and Settings\$Uzername$\Рабочий стол\SCAN
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000422 | Country: Украина | Language: UKR | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,42% Memory free
3,36 Gb Paging File | 2,03 Gb Available in Paging File | 60,54% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 6,22 Gb Free Space | 31,83% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 36,60 Gb Free Space | 31,23% Space Free | Partition Type: NTFS
Drive E: | 68,36 Gb Total Space | 47,98 Gb Free Space | 70,19% Space Free | Partition Type: NTFS
Drive F: | 58,60 Gb Total Space | 19,40 Gb Free Space | 33,10% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive S: | 232,76 Gb Total Space | 16,51 Gb Free Space | 7,10% Space Free | Partition Type: NTFS
Drive X: | 68,36 Gb Total Space | 47,98 Gb Free Space | 70,19% Space Free | Partition Type: NTFS
Drive Y: | 68,36 Gb Total Space | 47,98 Gb Free Space | 70,19% Space Free | Partition Type: NTFS
 
Computer Name: MAINSRV
Current User Name: sysadmin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 60 Days
Company Name Whitelist: On
 
========== Processes (SafeList) ==========
 
[2004.06.11 14:03:34 | 00,045,133 | ---- | M] (APC) -- C:\Program Files\APC\PowerChute Business Edition\server\pbeserver.exe
[2009.01.15 17:07:15 | 00,231,952 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\avp.exe
[2007.02.17 18:07:03 | 00,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe
[2008.06.21 15:57:32 | 00,450,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
[2003.05.01 13:35:20 | 00,225,280 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\nhsrvice.exe
[2007.02.17 18:07:14 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
[2007.02.17 18:07:14 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ismserv.exe
[2005.04.22 18:37:08 | 00,098,304 | ---- | M] (ITV Ltd.) -- C:\Program Files\ITV\Golden Gate 2002\ItvdbNotifier.exe
[2008.08.29 19:23:24 | 00,777,728 | ---- | M] (ITV Ltd.) -- C:\Program Files\ITV\Golden Gate 2002\Packet Manager\ItvPMngr.exe
[2005.10.14 02:51:46 | 28,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
[2002.12.17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
[2006.07.19 19:46:54 | 04,075,520 | ---- | M] () -- D:\MySqlServer\Ver41\bin\mysqld-max-nt.exe
[2007.02.17 18:07:32 | 00,792,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe
[2005.10.14 02:51:14 | 00,239,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
[2005.08.02 01:01:00 | 01,380,418 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\bin\smhstart.exe
[2005.08.02 01:01:00 | 00,024,631 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\bin\hpsmhd.exe
[2003.05.12 14:00:00 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tftpd.exe
[2004.11.19 17:20:00 | 00,022,016 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqRcmc.exe
[2005.08.02 01:01:00 | 00,041,027 | ---- | M] (Apache Software Foundation) -- C:\hp\hpsmh\bin\rotatelogs.exe
[2005.08.02 01:01:00 | 00,041,027 | ---- | M] (Apache Software Foundation) -- C:\hp\hpsmh\bin\rotatelogs.exe
[2003.05.12 14:00:00 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
[2005.08.02 01:01:00 | 00,024,631 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\bin\hpsmhd.exe
[2005.07.01 16:14:54 | 00,031,744 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\sysdown.exe
[2005.08.02 01:01:00 | 00,041,027 | ---- | M] (Apache Software Foundation) -- C:\hp\hpsmh\bin\rotatelogs.exe
[2005.08.02 01:01:00 | 00,041,027 | ---- | M] (Apache Software Foundation) -- C:\hp\hpsmh\bin\rotatelogs.exe
[2009.01.15 17:07:15 | 00,231,952 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\avp.exe
[2002.04.12 11:00:00 | 00,061,224 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CAP2RSK.EXE
[2007.02.17 18:07:57 | 00,207,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008.11.18 19:03:00 | 00,567,808 | ---- | M] () -- D:\Liga70\ligasrv.exe
[2007.02.17 18:07:35 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
[2005.07.07 10:46:50 | 00,086,118 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\cpqteam.exe
[2009.01.15 17:07:15 | 00,231,952 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\avp.exe
[2004.11.13 23:18:28 | 00,205,824 | ---- | M] (Punto.Ru) -- C:\Program Files\Punto Switcher\ps.exe
[2002.12.17 17:23:32 | 00,074,308 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
[2005.05.31 22:00:00 | 00,837,156 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\Total Commander\Totalcmd.exe
[2007.02.17 18:07:21 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
[2005.07.07 10:46:50 | 00,086,118 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\cpqteam.exe
[2009.01.15 17:07:15 | 00,231,952 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\avp.exe
[2004.11.13 23:18:28 | 00,205,824 | ---- | M] (Punto.Ru) -- C:\Program Files\Punto Switcher\ps.exe
[2002.12.17 17:23:32 | 00,074,308 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
[2009.01.15 08:23:03 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sysadmin\Рабочий стол\SCAN\OTListIt2.exe
 
========== (O23) Win32 Services (SafeList) ==========
 
File not found --  -- (Apache [Disabled | Stopped])
[2004.06.11 14:03:34 | 00,045,133 | ---- | M] (APC) -- C:\Program Files\APC\PowerChute Business Edition\server\pbeserver.exe -- (APCPBEServer [Auto | Running])
[2007.10.24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2009.01.15 17:07:15 | 00,231,952 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\avp.exe -- (AVP [Auto | Running])
[2003.05.12 14:00:00 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (BINLSVC [On_Demand | Stopped])
[2007.10.24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2004.11.19 17:20:00 | 00,022,016 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqRcmc.exe -- (CpqRcmc [Auto | Running])
[2007.02.17 18:07:03 | 00,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs [Auto | Running])
[2003.05.12 14:00:00 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (DHCPServer [Auto | Running])
[2008.06.21 15:57:32 | 00,450,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe -- (DNS [Auto | Running])
[2006.07.27 15:01:27 | 00,023,040 | ---- | M] (HP) -- C:\Program Files\HP\Data Protector Express\v3.10-sp1a\win\x86\dpwinsdr.exe -- (DPXpress [On_Demand | Stopped])
[2008.09.11 20:46:08 | 01,055,232 | ---- | M] (ITV Ltd) -- C:\Program Files\ITV\Golden Gate 2002\GGService.exe -- (GoldenGateService [Auto | Stopped])
[2007.02.17 18:07:11 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\grovel.exe -- (Groveler [On_Demand | Stopped])
[2003.05.01 13:35:20 | 00,225,280 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\nhsrvice.exe -- (HASP Loader [Auto | Running])
[2005.04.03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007.02.17 18:07:14 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
[2007.02.17 18:07:14 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ [Auto | Running])
[2005.04.22 18:37:08 | 00,098,304 | ---- | M] (ITV Ltd.) -- C:\Program Files\ITV\Golden Gate 2002\ItvdbNotifier.exe -- (ItvdbNotifier [Auto | Running])
[2008.08.29 19:23:24 | 00,777,728 | ---- | M] (ITV Ltd.) -- C:\Program Files\ITV\Golden Gate 2002\Packet Manager\ItvPMngr.exe -- (ItvPacketManager [Auto | Running])
[2007.02.17 18:07:15 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService [Disabled | Stopped])
[2008.11.18 19:03:00 | 00,567,808 | ---- | M] () -- D:\Liga70\ligasrv.exe -- (LigaServer [Auto | Running])
[2007.02.17 18:07:22 | 00,032,768 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc [Disabled | Stopped])
[2005.10.14 02:51:46 | 28,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])
[2002.12.17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto | Running])
[2005.10.14 02:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
[2006.07.19 19:46:54 | 04,075,520 | ---- | M] () -- D:\MySqlServer\Ver41\bin\mysqld-max-nt.exe -- (MySQL [Auto | Running])
[2007.02.17 18:07:32 | 00,792,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs [Auto | Running])
[2007.02.17 18:07:38 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv [On_Demand | Stopped])
[2005.10.14 02:51:14 | 00,239,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
[2002.12.17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand | Stopped])
[2005.10.14 02:53:50 | 00,087,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
[2005.07.01 16:14:54 | 00,031,744 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\sysdown.exe -- (sysdown [Auto | Running])
[2005.08.02 01:01:00 | 01,380,418 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\bin\smhstart.exe -- (SysMgmtHp [Auto | Running])
[2003.05.12 14:00:00 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tftpd.exe -- (TFTPD [Auto | Running])
[2007.02.17 18:07:52 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis [Disabled | Stopped])
[2007.02.17 18:07:54 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
[2006.10.30 11:59:33 | 02,642,432 | ---- | M] () -- C:\Program Files\UnikardEngine\UnikardEngine.exe -- (UnikardService [Disabled | Stopped])
[2007.02.17 18:07:53 | 00,353,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vds.exe -- (vds [On_Demand | Stopped])
File not found --  -- (WTware Wizard [Disabled | Stopped])
 
========== Driver Services (SafeList) ==========
 
[2004.04.28 10:03:08 | 00,328,448 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp [On_Demand | Running])
[2004.05.11 19:11:02 | 00,099,968 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb [On_Demand | Running])
[2003.05.09 17:24:10 | 00,343,552 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mpad.sys -- (ati2mpad [On_Demand | Running])
[2007.02.17 08:02:56 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk [Disabled | Stopped])
[2005.07.01 16:14:52 | 00,262,144 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\drivers\cpqasm2.sys -- (cpqasm2 [On_Demand | Running])
[2005.06.24 23:11:16 | 00,025,856 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\cpqcidrv.sys -- (CpqCiDrv [On_Demand | Running])
[2005.05.20 16:15:56 | 00,056,576 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\CPQCISSE.SYS -- (CPQCISSE [On_Demand | Running])
[2005.05.20 16:16:06 | 00,016,512 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\cpqcissm.sys -- (cpqcissm [Boot | Running])
[2005.07.13 04:30:54 | 00,218,624 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\cpqteam.sys -- (CPQTeam [On_Demand | Stopped])
[2007.02.17 08:09:51 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2007.02.17 07:51:18 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver [Boot | Running])
[2003.05.09 17:25:02 | 00,103,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000 [On_Demand | Stopped])
[2004.10.15 18:49:22 | 00,029,292 | R--- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\FTD2XX.sys -- (FTD2XX [On_Demand | Stopped])
[2006.05.18 03:48:50 | 00,047,249 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS [On_Demand | Stopped])
[2006.05.18 03:49:02 | 00,061,067 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K [On_Demand | Stopped])
[2004.07.14 12:54:42 | 00,676,864 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock [Auto | Running])
[2008.12.22 15:14:12 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt [Auto | Running])
[2009.01.15 17:07:15 | 00,194,320 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (klif [System | Running])
[2007.02.17 08:08:11 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ltotape.sys -- (ltotape [On_Demand | Running])
[2005.07.10 23:16:18 | 00,162,816 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\n1000325.sys -- (N1000 [On_Demand | Stopped])
[2005.01.17 15:16:20 | 00,071,616 | ---- | M] (Aktiv Co.) -- C:\WINDOWS\system32\drivers\NVKEYNT.SYS -- (NVKEYNT [System | Running])
[2005.01.17 15:19:38 | 00,038,032 | ---- | M] (Aktiv Co.) -- C:\WINDOWS\system32\drivers\NVKEYUSB.SYS -- (NVKEYUSB [On_Demand | Running])
[2007.02.17 08:06:39 | 00,020,480 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005.07.21 16:12:46 | 00,134,272 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\q57xp32.sys -- (q57w2k [On_Demand | Running])
[2002.04.12 11:00:00 | 00,023,232 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\drivers\CAP2LPT.SYS -- (RapidPort2 [Auto | Stopped])
[2007.11.13 11:32:28 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007.02.17 07:51:03 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sis.sys -- (SIS [Boot | Running])
[2005.03.24 16:58:06 | 00,049,664 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symmpi.sys -- (symmpi [Boot | Running])
[2005.07.01 16:14:54 | 00,005,120 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\drivers\sysmgmt.sys -- (sysmgmt [On_Demand | Running])
[2007.02.17 08:12:27 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2007.02.17 17:13:49 | 00,172,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS [On_Demand | Stopped])