SPYWARE-RU.COM

Созданные ответы форума

Просмотр 7 сообщений - с 1 по 7 (из 7 всего)

Автор

Сообщения
1 июля, 2009 в 8:34 пп в ответ на: Глючит реестр под Windows Server 2003. Неуловимый вирус #24309
starcat
Participant
- Темы:1
- Сообщений:8
Компьютер работает нормально. Спасибо за помощь!
27 июня, 2009 в 9:19 дп в ответ на: Глючит реестр под Windows Server 2003. Неуловимый вирус #24306
starcat
Participant
- Темы:1
- Сообщений:8
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBoot]
«AlternateShell»=»cmd.exe»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalAppMgmt]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalBase]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalBoot Bus Extender]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalBoot file system]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalCryptSvc]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalDcomLaunch]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldmadmin]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldmboot.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldmio.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldmload.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldmserver]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalEventLog]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalFile system]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalFilter]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHelpSvc]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalNetlogon]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPCI Configuration]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPlugPlay]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPNP Filter]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPrimary disk]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalRpcSs]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsacsvr]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSCSI Class]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsermouse.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSystem Bus Extender]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvds]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvga.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvgasave.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalwd.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinMgmt]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{36FC9E60-C465-11CF-8056-444553540000}]
@=»Universal Serial Bus controllers»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E965-E325-11CE-BFC1-08002BE10318}]
@=»CD-ROM Drive»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E967-E325-11CE-BFC1-08002BE10318}]
@=»DiskDrive»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E969-E325-11CE-BFC1-08002BE10318}]
@=»Standard floppy disk controller»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@=»Hdc»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@=»Keyboard»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@=»Mouse»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E977-E325-11CE-BFC1-08002BE10318}]
@=»PCMCIA Adapters»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@=»SCSIAdapter»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@=»System»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E980-E325-11CE-BFC1-08002BE10318}]
@=»Floppy disk drive»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=»Volume shadow copy»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@=»Volume»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@=»Human Interface Devices»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkAFD]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkAppMgmt]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkBase]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkBoot Bus Extender]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkBoot file system]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkBrowser]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkCryptSvc]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkDcomLaunch]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkDhcp]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkdmadmin]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkdmboot.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkdmio.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkdmload.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkdmserver]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkDnsCache]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkEventLog]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkFile system]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkFilter]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkHelpSvc]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkip6fw.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkipnat.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkLanmanServer]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkLanmanWorkstation]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkLmHosts]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkMessenger]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNDIS]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNDIS Wrapper]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNdisuio]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNetBIOS]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNetBIOSGroup]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNetBT]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNetDDEGroup]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNetlogon]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNetMan]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNetwork]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNetworkProvider]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworknm]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworknm.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNtLmSsp]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkPCI Configuration]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkPlugPlay]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkPNP Filter]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkPNP_TDI]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkPrimary disk]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkrdpcdd.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkrdpdd.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkrdpwd.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkrdsessmgr]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkRpcSs]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworksacsvr]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkSCSI Class]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworksermouse.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkSharedAccess]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkStreams Drivers]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkSystem Bus Extender]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkTcpip]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkTDI]
@=»Driver Group»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworktdpipe.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworktdtcp.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworktermservice]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkUploadMgr]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkvds]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkvga.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkvgasave.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkWinMgmt]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkWZCSVC]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{36FC9E60-C465-11CF-8056-444553540000}]
@=»Universal Serial Bus controllers»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E965-E325-11CE-BFC1-08002BE10318}]
@=»CD-ROM Drive»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E967-E325-11CE-BFC1-08002BE10318}]
@=»DiskDrive»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E969-E325-11CE-BFC1-08002BE10318}]
@=»Standard floppy disk controller»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@=»Hdc»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@=»Keyboard»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@=»Mouse»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}]
@=»Net»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E973-E325-11CE-BFC1-08002BE10318}]
@=»NetClient»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E974-E325-11CE-BFC1-08002BE10318}]
@=»NetService»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E975-E325-11CE-BFC1-08002BE10318}]
@=»NetTrans»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E977-E325-11CE-BFC1-08002BE10318}]
@=»PCMCIA Adapters»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@=»SCSIAdapter»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@=»System»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E980-E325-11CE-BFC1-08002BE10318}]
@=»Floppy disk drive»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=»Volume shadow copy»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@=»Volume»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@=»Human Interface Devices»
23 июня, 2009 в 1:03 пп в ответ на: Глючит реестр под Windows Server 2003. Неуловимый вирус #24304
starcat
Participant
- Темы:1
- Сообщений:8
Запустил программу OTL, успешно, логи опубликовал выше.
В дополнение к логам хочу сделать заметку:
Позавчера я запустил сканер CureIt с последними обновлениями и он отловил вирус в файле ilfhake.drk в папке Windows.
После физического удаления данного файла и перезагрузки компа доступ к реестру разблокировался!
Я не уверен, что вывел вирус полностью, возможно это одна из составных частей. Возможно, теперь нужно почистить реестр.
Подскаждите, пожалуйста, по результатам анализа логов как почистить, в каких ключах.
23 июня, 2009 в 12:52 пп в ответ на: Глючит реестр под Windows Server 2003. Неуловимый вирус #24303
starcat
Participant
- Темы:1
- Сообщений:8
OTL Extras logfile created on: 23.06.2009 16:38:27 — Run 1
OTL by OldTimer — Version 3.0.5.1 Folder = C:Documents and SettingsАдминистраторРабочий стол
Windows Server 2003 Enterprise Edition Service Pack 2 (Version = 5.2.3790) — Type = NTServer
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

1022,07 Mb Total Physical Memory | 87,91 Mb Available Physical Memory | 8,60% Memory free
2,41 Gb Paging File | 1,45 Gb Available in Paging File | 59,99% Paging File free
Paging file location(s): C:pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 97,65 Gb Total Space | 11,95 Gb Free Space | 12,24% Space Free | Partition Type: NTFS
Drive D: | 135,23 Gb Total Space | 8,52 Gb Free Space | 6,30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOSS
Current User Name: Администратор
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINESOFTWAREClasses]
.chm [@ = chm.file] — C:WINDOWShh.exe (Microsoft Corporation)
.html [@ = htmlfile] — C:Program FilesInternet ExplorerIEXPLORE.EXE (Microsoft Corporation)
.txt [@ = txtfile] — C:Program FilesJGsoftEditPadPro6EditPadPro.exe (JGsoft — Just Great Software)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]
«EnableFirewall» = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileGloballyOpenPortsList]
«139:TCP» = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
«445:TCP» = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
«137:UDP» = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
«138:UDP» = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
«EnableFirewall» = 1
«DoNotAllowExceptions» = 0
«DisableNotifications» = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]
«139:TCP» = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
«445:TCP» = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
«137:UDP» = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
«138:UDP» = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
[2007.02.17 20:07:24 | 00,006,144 | —- | M] (Microsoft Corporation) — C:WINDOWSsystem32mqsvc.exe:*:Enabled:Message Queuing

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
[2007.02.17 20:07:24 | 00,006,144 | —- | M] (Microsoft Corporation) — C:WINDOWSsystem32mqsvc.exe:*:Enabled:Message Queuing
File not found — C:Documents and SettingsАдминистраторLocal SettingsTemp$wceMule0.49bemule.exe:*:Enabled:eMule
[2008.08.01 20:41:24 | 05,480,448 | —- | M] (http://www.emule-project.net) — C:softemuleemule.exe:*:Enabled:eMule
[2009.04.21 22:34:24 | 12,314,456 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft OfficeOFFICE11WINWORD.EXE:*:Enabled:Microsoft Office Word
[2009.04.25 08:58:23 | 00,636,088 | —- | M] (Microsoft Corporation) — C:Program FilesInternet Exploreriexplore.exe:*:Enabled:Internet Explorer
[2009.01.22 16:40:48 | 01,292,800 | —- | M] (MailUtilities.Com) — C:Program FilesMailUtilitiesAdvanced Email Extractor ProEmex.exe:*:Enabled:Advanced Email Extractor Pro
[2008.08.29 11:18:44 | 00,238,888 | —- | M] (Apple Inc.) — C:Program FilesBonjourmDNSResponder.exe:*:Disabled:Bonjour
[2008.12.18 13:52:48 | 00,677,412 | —- | M] (C. Ghisler & Co.) — C:totalcmdTOTALCMD.EXE:*:Disabled:Total Commander 32 bit international version, file manager replacement for Windows
File not found — C:Program FilesGrisoftAVGADMIN7avgadmin.exe:*:Enabled:AVGADMIN Application
[2009.06.10 10:08:33 | 00,833,304 | —- | M] (AVG Technologies CZ, s.r.o.) — C:Program FilesAVGAVG8avgam.exe:*:Enabled:avgam.exe
[2009.06.10 10:08:39 | 00,840,984 | —- | M] (AVG Technologies CZ, s.r.o.) — C:Program FilesAVGAVG8avgdiag.exe:*:Enabled:avgdiag.exe
[2009.06.10 10:08:39 | 02,314,496 | —- | M] (AVG Technologies CZ, s.r.o.) — C:Program FilesAVGAVG8avgdiagex.exe:*:Enabled:avgdiagex.exe
[2009.06.17 03:56:27 | 01,085,208 | —- | M] (AVG Technologies CZ, s.r.o.) — C:Program FilesAVGAVG8avgupd.exe:*:Enabled:avgupd.exe
[2009.04.28 01:49:24 | 07,310,848 | —- | M] (FileZilla Project) — C:Program FilesFileZilla FTP Clientfilezilla.exe:*:Enabled:FileZilla FTP Client
[2009.02.22 23:15:14 | 05,668,864 | —- | M] (http://www.emule-project.net) — C:Program FileseMuleemule.exe:*:Enabled:eMule
[2009.04.21 14:39:16 | 24,264,488 | R— | M] (Skype Technologies S.A.) — C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«{01B93B3A-283F-411B-A648-69CABCACC986}» = Драйверы Canon MF
«{01C5A10F-AD9B-405B-853A-6659841A1242}» = Microsoft SQL Server 2008 Policies
«{05EC21B8-4593-3037-A781-A6B5AFFCB19D}» = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools — enu
«{06A7EA72-0F00-4D53-A81C-A5D925711141}» = Microsoft SQL Server 2008 Full text search
«{07A540AB-D785-11D5-8E89-0090275862A0}» = Corel Graphics Suite 11
«{0DF3AE91-E533-3960-8516-B23737F8B7A2}» = Visual C++ 2008 x64 Runtime — (v9.0.30729)
«{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01» = Visual C++ 2008 x64 Runtime — v9.0.30729.01
«{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}» = Canon MF Toolbox 4.7.0.0.mf02
«{13F3917B56CD4C25848BDC69916971BB}» = DivX Converter
«{18D10072035C4515918F7E37EAFAACFC}» = AutoUpdate
«{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}» = Microsoft SQL Server 2008 Common Files
«{2020045B-8DCF-4449-8D5C-EB5BA37440F1}» = Microsoft SQL Server 2008 Management Studio
«{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}» = QuickTime
«{22E23C71-C27A-3F30-8849-BB6129E50679}» = Visual C++ 2008 IA64 Runtime — (v9.0.30729)
«{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01» = Visual C++ 2008 IA64 Runtime — v9.0.30729.01
«{22FD5ACF-9151-483E-8E8F-41B1DC28E671}» = UDDI Database Installer
«{23F70562-02F4-4805-ACF5-6E52BAD167C2}» = Microsoft SQL Server 2008 Reporting Services
«{247F4CC0-723C-40A5-9A38-E2E2C24DEB46}» = КриптоПро CSP
«{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}» = Skype™ 4.0
«{26A24AE4-039D-4CA4-87B4-2F83216011FF}» = Java(TM) 6 Update 11
«{2744791F-4E7C-32F5-AB40-AEC6A6C86DBF}» = Microsoft .NET Framework 3.5 Language Pack SP1 — rus
«{275ABBA2-4817-4443-9AB8-ED43CA9AAA17}» = Microsoft SQL Server 2008 BI Development Studio
«{291B3A3B-F808-45B8-8113-DF232FCB6C82}» = Microsoft .NET Compact Framework 3.5
«{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}» = SQL Server System CLR Types
«{3431A7A3-6287-46B0-8AF1-BE2452A1FE62}» = Microsoft SQL Server 2008 Books Online (English)
«{386B6902-74AD-4579-B0BF-8841E886F041}» = ATI Catalyst Control Center
«{388E4B09-3E71-4649-8921-F44A3A2954A7}» = Microsoft Visual Studio 2005 Tools for Office Runtime
«{38E0C491-5230-4373-B62E-F1A6E94B1049}» = Nero 7 Premium
«{3A762A82-618D-3CAA-B847-D074ABFA0B2E}» = MSDN Library for Visual Studio 2008 — ENU
«{3FC7CBBC4C1E11DCA1A752EA55D89593}» = DivX Version Checker
«{40F34A1C-65A2-4163-98CE-A0D0646CABEF}» = Microsoft SQL Server 2008 Integration Services
«{4815BD99-96A4-49FE-A885-DCF06E9E4E78}» = Microsoft SQL Server 2008 Database Engine Shared
«{49E98741-B7A4-4A44-A536-6AFCA23106FE}» = Microsoft SQL Server 2008 Reporting Services
«{4A6F34E2-09E5-4616-B227-4A26A488A6F9}» = Microsoft SQL Server 2008 Common Files
«{4D28EFCF-5999-44D2-8D4E-AC643E76C33F}» = Microsoft SQL Server 2008 Client Tools
«{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}» = VBA (2627.01)
«{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}» = Microsoft SQL Server 2008 Database Engine Services
«{60D46DEE-5221-47AA-B978-BA25C5D9F560}» = Microsoft SQL Server 2008 Client Tools
«{6249567F-65C3-4EE7-B023-E4FA035B0520}» = Microsoft SQL Server 2008 Analysis Services
«{64c5b887-b5ee-42b8-8596-78905a6b5f1f}» = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
«{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}» = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
«{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}» = Microsoft Document Explorer 2008
«{6956856F-B6B3-4BE0-BA0B-8F495BE32033}» = Apple Software Update
«{6C9F6D23-E9AD-43C9-B43A-011562AAF876}» = Windows Mobile 5.0 SDK R2 for Pocket PC
«{6CF6A814-CE65-39FC-BBBC-6CB340A4028B}» = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack — RUS
«{71D6F81F-9C43-4B7C-8ADF-C63DB32ECBBD}» = Rutoken support modules for CryptoPro CSP
«{72263053-50D1-4598-9502-51ED64E54C51}» = Borland Delphi 7
«{7299052b-02a4-4627-81f2-1818da5d550d}» = Microsoft Visual C++ 2005 Redistributable
«{736D8DEB-66C6-3655-9D59-DF6493A81F77}» = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack — RUS
«{767CC44C-9BBC-438D-BAD3-FD4595DD148B}» = VC80CRTRedist — 8.0.50727.762
«{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}» = OmniPage SE 2.0
«{7B63B2922B174135AFC0E1377DD81EC2}» = DivX Codec
«{80C06CCD-7D07-3DB6-86CD-B57B3F0614D8}» = Microsoft Visual Studio Team System 2008 Team Suite — ENU
«{842FAF7C-50EF-4463-9B8F-6222E1384D7D}» = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
«{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}» = Bonjour
«{8ADFC4160D694100B5B8A22DE9DCABD9}» = DivX Player
«{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}» = ATI Parental Control & Encoder
«{8FB53850-246A-3507-8ADE-0060093FFEA6}» = Visual Studio Tools for the Office system 3.0 Runtime
«{90110419-6000-11D3-8CFE-0150048383C9}» = Microsoft Office — профессиональный выпуск версии 2003
«{90120000-0021-0000-0000-0000000FF1CE}» = Microsoft Office Visual Web Developer 2007
«{90120000-0021-0409-0000-0000000FF1CE}» = Microsoft Office Visual Web Developer MUI (English) 2007
«{90120000-006E-0409-0000-0000000FF1CE}» = Microsoft Office Shared MUI (English) 2007
«{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{FAD8A83E-9BAC-4179-9268-A35948034D85}» = 2007 Microsoft Office Suite Service Pack 1 (SP1)
«{90120000-00A4-0409-0000-0000000FF1CE}» = Microsoft Office 2003 Web Components
«{90120000-0115-0409-0000-0000000FF1CE}» = Microsoft Office Shared Setup Metadata MUI (English) 2007
«{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{FAD8A83E-9BAC-4179-9268-A35948034D85}» = 2007 Microsoft Office Suite Service Pack 1 (SP1)
«{90170419-6000-11D3-8CFE-0150048383C9}» = Microsoft Office FrontPage 2003
«{90510409-6000-11D3-8CFE-0150048383C9}» = Microsoft Office Visio Professional 2003
«{93775E2E-3C01-41EE-A817-1022D518D719}» = Rutoken Drivers
«{94FB906A-CF42-4128-A509-D353026A607E}» = REALTEK Gigabit and Fast Ethernet NIC Driver
«{95120000-00B9-0409-0000-0000000FF1CE}» = Microsoft Application Error Reporting
«{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}» = Windows Mobile 5.0 SDK R2 for Smartphone
«{9806BFBB-F566-4654-94DE-CB1F85B5CDDD}» = WinPoET v6.6
«{98F055D3-99CF-4BBB-BC35-3672F9A297C1}» = UDDI Administration
«{9D6D76A6-4328-49E8-97A7-531A74841DA5}» = Microsoft SQL Server 2008 Setup Support Files (English)
«{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}» = Microsoft .NET Framework 3.0 Service Pack 2
«{A4F8313B-0E21-478B-B289-BFB7736CA7AA}» = Remote Administration Tools
«{A8BD5A60-E843-46DC-8271-ABF20756BE0F}» = Microsoft Sync Framework Runtime v1.0 (x86)
«{A96E97134CA649888820BCDE5E300BBD}» = H.264 Decoder
«{AA467959-A1D6-4F45-90CD-11DC57733F32}» = Crystal Reports Basic for Visual Studio 2008
«{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}» = Microsoft Visual Studio Tools for Applications 2.0 — ENU
«{AAC389499AEF40428987B3D30CFC76C9}» = MKV Splitter
«{AC54DC1F-EDA7-448C-BA4C-218A92F5E985}» = Microsoft SQL Server 2008 BI Development Studio
«{AC76BA86-7AD7-1049-7B44-A70000000000}» = Adobe Reader 7.0 — Russian
«{AD64B516-E107-4557-8576-EF1024E81DB0}» = Контур-Экстерн
«{AEB03FAF-90EB-4B4F-BA32-9C4DDE2C9804}» = Microsoft SQL Server 2008 Integration Services
«{AEF9DC35ADDF4825B049ACBFD1C6EB37}» = AAC Decoder
«{B13A7C41581B411290FBC0395694E2A9}» = DivX Converter
«{B268E9A1-04A9-40D0-9866-846BE2B74BA7}» = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
«{B32E7732-B2FB-3FD0-81AC-6025B1104C66}» = Microsoft Device Emulator version 3.0 — ENU
«{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}» = Microsoft SQL Server 2008 Database Engine Services
«{B7050CBDB2504B34BC2A9CA0A692CC29}» = DivX Web Player
«{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}» = Microsoft SQL Server VSS Writer
«{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}» = Microsoft Visual Studio 2008 Shell (integrated mode) — ENU
«{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}» = Microsoft .NET Framework 2.0 Service Pack 2
«{C688457E-03FD-4941-923B-A27F4D42A7DD}» = Microsoft SQL Server 2008 Browser
«{C89B00A2-B72A-4935-96FC-38796E9554EC}» = Microsoft Sync Services for ADO.NET v2.0 (x86)
«{C965F01C-76EA-4BD7-973E-46236AE312D7}» = Sql Server Customer Experience Improvement Program
«{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}» = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
«{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}» = Microsoft .NET Framework 3.5 SP1
«{D9D937B0-E842-4130-9588-B948E876904A}» = Microsoft SQL Server 2008 Native Client
«{DAA8590D-D93E-4697-9CBE-D96A7590A8E3}» = Microsoft SQL Server 2008 Analysis Services
«{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}» = Microsoft SQL Server Compact 3.5 SP1 English
«{EB3F5C2A-0754-38B8-8722-7B537006BF46}» = Microsoft Visual Studio 2008 Performance Collection Tools — ENU
«{EC4455AB-F155-4CC1-A4C5-88F3777F9886}» = Apple Mobile Device Support
«{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}» = Microsoft .NET Compact Framework 2.0 SP2
«{EFB21DE7-8C19-4A88-BB28-A766E16493BC}» = Adobe Photoshop CS
«{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}» = Realtek High Definition Audio Driver
«{F1DC7648-8623-442F-92B7-E118DF61872E}» = Microsoft SQL Server 2008 RsFx Driver
«{F333A33D-125C-32A2-8DCE-5C5D14231E27}» = Visual C++ 2008 x86 Runtime — (v9.0.30729)
«{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01» = Visual C++ 2008 x86 Runtime — v9.0.30729.01
«{F3494AB6-6900-41C6-AF57-823626827ED8}» = Microsoft SQL Server 2008 Database Engine Shared
«{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}» = iTunes
«{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}» = Microsoft SQL Server 2008 Management Studio
«Adobe Flash Player ActiveX» = Adobe Flash Player 10 ActiveX
«Advanced Email Extractor Pro» = Advanced Email Extractor Pro
«All ATI Software» = ATI — Software Uninstall Utility
«ATI Display Driver» = ATI Display Driver
«Audacity_is1» = Audacity 1.2.6
«AVG8Uninstall» = AVG 8.5
«BlazeDVD 5.0 Professional_is1» = BlazeDVD 5.0 Professional
«DivX Plus DirectShow Filters» = DivX Plus DirectShow Filters
«EditPad Pro 6» = JGsoft EditPad Pro 6 v.6.0.3
«Emex 3» = Emex 3
«eMule» = eMule
«ERUNT_is1» = ERUNT 1.1j
«ESET Online Scanner» = ESET Online Scanner v3
«FileZilla Client» = FileZilla Client 3.2.4.1
«HijackThis» = HijackThis 2.0.2
«IDNMitigationAPIs» = Microsoft Internationalized Domain Names Mitigation APIs
«ie7» = Windows Internet Explorer 7
«InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}» = Corel Graphics Suite 11
«KLiteCodecPack_is1» = K-Lite Mega Codec Pack 4.5.3
«MetaProducts Offline Explorer» = MetaProducts Offline Explorer
«Microsoft .NET Framework 3.5 Language Pack SP1 — rus» = Языковой пакет Microsoft .NET Framework 3.5 SP1 — RUS
«Microsoft .NET Framework 3.5 SP1» = Microsoft .NET Framework 3.5 SP1
«Microsoft Document Explorer 2008» = Microsoft Document Explorer 2008
«Microsoft SQL Server 10» = Microsoft SQL Server 2008
«Microsoft SQL Server 10 Release» = Microsoft SQL Server 2008
«Microsoft Visual Studio 2005 Tools for Office Runtime» = еда выполнения Visual Studio 2005 Tools for Office, второй выпуск
«Microsoft Visual Studio Team System 2008 Team Suite — ENU» = Microsoft Visual Studio Team System 2008 Team Suite — ENU
«MovieSplitter2» = Movie Splitter (remove only)
«MSDN Library for Visual Studio 2008 — ENU» = MSDN Library for Visual Studio 2008 — ENU
«NLSDownlevelMapping» = Microsoft National Language Support Downlevel APIs
«NTREGOPT_is1» = NTREGOPT 1.1j
«QIP 2005_is1» = QIP 2005 8082
«RealPlayer 6.0» = RealPlayer
«SMSERIAL» = Motorola SM56 Data Fax Modem
«SynTPDeinstKey» = Synaptics Pointing Device Driver
«Teleport Pro» = Teleport Pro
«Totalcmd» = Total Commander (Remove or Repair)
«vbcpp40» = VisiBroker for Cpp 4.5
«Visual Studio Tools for the Office system 3.0 Runtime» = Visual Studio Tools for the Office system 3.0 Runtime
«VisualWebDeveloper» = Microsoft Visual Studio Web Authoring Component
«WebSite eXtractor» = WebSite eXtractor
«WIC» = Windows Imaging Component
«Windows Script» = Microsoft Windows Script 5.7
«Windows Server 2003 Service Pack» = Windows Server 2003 Service Pack 2
«WinPatrol» = WinPatrol 2007
«WoCa (Female calendar)_is1» = WoCa 1.3.2
«XpsEPSC» = XML Paper Specification Shared Components Pack 1.0
«XPSEPSCLP» = XML Paper Specification Shared Components Language Pack 1.0
«Дополнительный компонент ComTools_is1» = ComTools 1.2u

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«QIP 2005» = QIP 2005 8092

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error — 23.06.2009 5:54:59 | Computer Name = BOSS | Source = crypt32 | ID = 131083
Description = Ошибка извлечения стороннего корневого списка из CAB автоматического
обновления на:
с кодом ошибки: Недопустимые данные.

Error — 23.06.2009 5:54:59 | Computer Name = BOSS | Source = crypt32 | ID = 131083
Description = Ошибка извлечения стороннего корневого списка из CAB автоматического
обновления на:
с кодом ошибки: Недопустимые данные.

Error — 23.06.2009 5:54:59 | Computer Name = BOSS | Source = crypt32 | ID = 131083
Description = Ошибка извлечения стороннего корневого списка из CAB автоматического
обновления на:
с кодом ошибки: Недопустимые данные.

Error — 23.06.2009 5:54:59 | Computer Name = BOSS | Source = crypt32 | ID = 131083
Description = Ошибка извлечения стороннего корневого списка из CAB автоматического
обновления на:
с кодом ошибки: Недопустимые данные.

Error — 23.06.2009 5:54:59 | Computer Name = BOSS | Source = crypt32 | ID = 131083
Description = Ошибка извлечения стороннего корневого списка из CAB автоматического
обновления на:
с кодом ошибки: Недопустимые данные.

Error — 23.06.2009 7:20:55 | Computer Name = BOSS | Source = Userenv | ID = 1041
Description = Не удалось запросить элемент реестра DllName для {7B849a69-220F-451E-B3FE-2CB811AF94AE},
и он не будет загружен. Наиболее вероятная причина — ошибка при регистрации.

Error — 23.06.2009 7:20:55 | Computer Name = BOSS | Source = Userenv | ID = 1041
Description = Не удалось запросить элемент реестра DllName для {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D},
и он не будет загружен. Наиболее вероятная причина — ошибка при регистрации.

Error — 23.06.2009 7:34:42 | Computer Name = BOSS | Source = Userenv | ID = 1041
Description = Не удалось запросить элемент реестра DllName для {7B849a69-220F-451E-B3FE-2CB811AF94AE},
и он не будет загружен. Наиболее вероятная причина — ошибка при регистрации.

Error — 23.06.2009 7:34:42 | Computer Name = BOSS | Source = Userenv | ID = 1041
Description = Не удалось запросить элемент реестра DllName для {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D},
и он не будет загружен. Наиболее вероятная причина — ошибка при регистрации.

Error — 23.06.2009 8:22:09 | Computer Name = BOSS | Source = crypt32 | ID = 131083
Description = Ошибка извлечения стороннего корневого списка из CAB автоматического
обновления на:
с кодом ошибки: Недопустимые данные.

[ System Events ]
Error — 23.06.2009 5:56:52 | Computer Name = BOSS | Source = Service Control Manager | ID = 7023
Description = Служба «Служба IIS Admin» завершена из-за ошибки %%2

Error — 23.06.2009 5:57:22 | Computer Name = BOSS | Source = Service Control Manager | ID = 7023
Description = Служба «Служба IIS Admin» завершена из-за ошибки %%2

Error — 23.06.2009 5:57:52 | Computer Name = BOSS | Source = Service Control Manager | ID = 7023
Description = Служба «Служба IIS Admin» завершена из-за ошибки %%2

Error — 23.06.2009 5:58:22 | Computer Name = BOSS | Source = Service Control Manager | ID = 7023
Description = Служба «Служба IIS Admin» завершена из-за ошибки %%2

Error — 23.06.2009 5:58:53 | Computer Name = BOSS | Source = Service Control Manager | ID = 7023
Description = Служба «Служба IIS Admin» завершена из-за ошибки %%2

Error — 23.06.2009 5:59:23 | Computer Name = BOSS | Source = Service Control Manager | ID = 7023
Description = Служба «Служба IIS Admin» завершена из-за ошибки %%2

Error — 23.06.2009 5:59:53 | Computer Name = BOSS | Source = Service Control Manager | ID = 7023
Description = Служба «Служба IIS Admin» завершена из-за ошибки %%2

Error — 23.06.2009 6:00:23 | Computer Name = BOSS | Source = Service Control Manager | ID = 7023
Description = Служба «Служба IIS Admin» завершена из-за ошибки %%2

Error — 23.06.2009 6:00:53 | Computer Name = BOSS | Source = Service Control Manager | ID = 7023
Description = Служба «Служба IIS Admin» завершена из-за ошибки %%2

Error — 23.06.2009 6:01:23 | Computer Name = BOSS | Source = Service Control Manager | ID = 7023
Description = Служба «Служба IIS Admin» завершена из-за ошибки %%2
23 июня, 2009 в 12:50 пп в ответ на: Глючит реестр под Windows Server 2003. Неуловимый вирус #24302
starcat
Participant
- Темы:1
- Сообщений:8
OTL logfile created on: 23.06.2009 16:38:27 — Run 1
OTL by OldTimer — Version 3.0.5.1 Folder = C:Documents and SettingsАдминистраторРабочий стол
Windows Server 2003 Enterprise Edition Service Pack 2 (Version = 5.2.3790) — Type = NTServer
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

1022,07 Mb Total Physical Memory | 87,91 Mb Available Physical Memory | 8,60% Memory free
2,41 Gb Paging File | 1,45 Gb Available in Paging File | 59,99% Paging File free
Paging file location(s): C:pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 97,65 Gb Total Space | 11,95 Gb Free Space | 12,24% Space Free | Partition Type: NTFS
Drive D: | 135,23 Gb Total Space | 8,52 Gb Free Space | 6,30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOSS
Current User Name: Администратор
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC — [2006.05.23 22:59:38 | 00,409,600 | —- | M] (ATI Technologies Inc.) — C:WINDOWSSystem32Ati2evxx.exe
PRC — [2008.11.07 15:28:16 | 00,132,424 | —- | M] (Apple Inc.) — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
PRC — [2005.03.24 17:28:46 | 00,135,168 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32serverapplianceappmgr.exe
PRC — [2009.06.17 03:56:38 | 00,298,776 | —- | M] (AVG Technologies CZ, s.r.o.) — C:Program FilesAVGAVG8avgwdsvc.exe
PRC — [2008.08.29 11:18:44 | 00,238,888 | —- | M] (Apple Inc.) — C:Program FilesBonjourmDNSResponder.exe
PRC — [2005.03.24 17:28:46 | 00,079,360 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32serverapplianceelementmgr.exe
PRC — [2009.06.10 10:08:33 | 00,833,304 | —- | M] (AVG Technologies CZ, s.r.o.) — C:Program FilesAVGAVG8avgam.exe
PRC — [2009.06.17 03:56:39 | 00,486,680 | —- | M] (AVG Technologies CZ, s.r.o.) — C:Program FilesAVGAVG8avgrsx.exe
PRC — [2008.12.18 14:38:08 | 00,152,984 | —- | M] (Sun Microsystems, Inc.) — C:Program FilesJavajre6binjqs.exe
PRC — [2003.06.20 00:25:00 | 00,322,120 | —- | M] (Microsoft Corporation) — C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
PRC — [2008.07.10 01:22:36 | 00,218,136 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL Server100DTSBinnMsDtsSrvr.exe
PRC — [2008.07.10 13:49:38 | 40,999,448 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL ServerMSSQL10.MSSQLSERVERMSSQLBinnsqlservr.exe
PRC — [2008.07.10 01:22:40 | 21,945,368 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL ServerMSAS10.MSSQLSERVEROLAPbinmsmdsrv.exe
PRC — [2008.07.10 02:22:18 | 01,106,968 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL ServerMSRS10.MSSQLSERVERReporting ServicesReportServerbinReportingServicesService.exe
PRC — [2008.07.10 02:49:34 | 00,258,072 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe
PRC — [2008.07.10 02:49:44 | 00,098,840 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe
PRC — [2003.03.25 09:10:10 | 00,067,584 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32serverappliancesrvcsurg.exe
PRC — [2003.05.22 11:53:46 | 00,094,255 | —- | M] (iVasion, a Routerware Company) — C:Program FilesWinPoET Broadband ConnectionWrOS.EXE
PRC — [2007.02.17 20:07:24 | 00,006,144 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32mqsvc.exe
PRC — [2006.05.23 22:59:38 | 00,409,600 | —- | M] (ATI Technologies Inc.) — C:WINDOWSSystem32Ati2evxx.exe
PRC — [2007.02.17 20:07:09 | 01,054,208 | —- | M] (Microsoft Corporation) — C:WINDOWSExplorer.EXE
PRC — [2009.02.03 14:05:41 | 00,217,600 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32wbemwmiprvse.exe
PRC — [2008.07.10 13:49:34 | 00,369,688 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL ServerMSSQL10.MSSQLSERVERMSSQLBinnSQLAGENT.EXE
PRC — [2008.12.18 14:38:08 | 00,136,600 | —- | M] (Sun Microsystems, Inc.) — C:Program FilesJavajre6binjusched.exe
PRC — [2005.08.25 16:25:42 | 00,737,369 | —- | M] (Synaptics, Inc.) — C:Program FilesSynapticsSynTPSynTPEnh.exe
PRC — [2006.10.11 19:36:40 | 16,267,776 | —- | M] (Realtek Semiconductor Corp.) — C:WINDOWSRTHDCPL.EXE
PRC — [2009.06.10 10:08:34 | 01,948,440 | —- | M] (AVG Technologies CZ, s.r.o.) — C:Program FilesAVGAVG8avgtray.exe
PRC — [2007.08.06 21:06:00 | 00,292,152 | —- | M] (BillP Studios) — C:Program FilesBillP StudiosWinPatrolWinPatrol.exe
PRC — [2007.08.06 21:06:00 | 00,292,152 | —- | M] (BillP Studios) — C:Program FilesBillP StudiosWinPatrolwinpatrol.exe
PRC — [2008.04.23 15:09:50 | 00,199,688 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft OfficeOFFICE11OUTLOOK.EXE
PRC — [2009.04.25 08:58:23 | 00,636,088 | —- | M] (Microsoft Corporation) — C:Program FilesInternet Exploreriexplore.exe
PRC — [2009.06.17 03:56:37 | 00,692,504 | —- | M] (AVG Technologies CZ, s.r.o.) — C:Program FilesAVGAVG8avgcsrvx.exe
PRC — [2006.06.26 07:03:00 | 04,027,800 | —- | M] (JGsoft — Just Great Software) — C:Program FilesJGsoftEditPadPro6EditPadPro.exe
PRC — [2009.04.21 22:34:24 | 12,314,456 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft OfficeOFFICE11WINWORD.EXE
PRC — [2009.06.17 03:56:37 | 00,692,504 | —- | M] (AVG Technologies CZ, s.r.o.) — C:Program FilesAVGAVG8avgcsrvx.exe
PRC — [2009.04.21 14:39:16 | 24,264,488 | R— | M] (Skype Technologies S.A.) — C:Program FilesSkypePhoneSkype.exe
PRC — [2007.02.17 20:06:56 | 00,009,728 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32cidaemon.exe
PRC — [2007.02.17 20:06:56 | 00,009,728 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32cidaemon.exe
PRC — [2008.12.18 13:52:48 | 00,677,412 | —- | M] (C. Ghisler & Co.) — C:totalcmdTOTALCMD.EXE
PRC — [2007.02.17 20:06:56 | 00,009,728 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32cidaemon.exe
PRC — [2009.04.02 16:16:36 | 02,792,960 | —- | M] () — C:Program FilesEmEx 3Emex 3emex3.exe
PRC — [2003.01.19 05:37:08 | 02,335,232 | —- | M] (Nexus 6) — C:soft_mass sender 140308MassSender.exe
PRC — [2009.06.23 16:36:17 | 00,512,512 | —- | M] (OldTimer Tools) — C:Documents and SettingsАдминистраторРабочий столOTL.exe

========== Win32 Services (SafeList) ==========

SRV — [2007.02.17 20:01:45 | 00,099,840 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem326to4svc.dll — (6to4 [Auto | Running])
SRV — [2008.12.17 21:32:21 | 00,068,096 | —- | M] () — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe — (Adobe LM Service [On_Demand | Stopped])
SRV — [2008.11.07 15:28:16 | 00,132,424 | —- | M] (Apple Inc.) — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe — (Apple Mobile Device [Auto | Running])
SRV — [2005.03.24 17:28:46 | 00,135,168 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32serverapplianceappmgr.exe — (appmgr [Auto | Running])
SRV — [2008.07.25 11:16:40 | 00,034,312 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe — (aspnet_state [On_Demand | Stopped])
SRV — [2006.05.23 22:59:38 | 00,409,600 | —- | M] (ATI Technologies Inc.) — C:WINDOWSSystem32Ati2evxx.exe — (Ati HotKey Poller [Auto | Running])
SRV — [2009.06.17 03:56:38 | 00,298,776 | —- | M] (AVG Technologies CZ, s.r.o.) — C:Program FilesAVGAVG8avgwdsvc.exe — (avg8wd [Auto | Running])
SRV — [2008.08.29 11:18:44 | 00,238,888 | —- | M] (Apple Inc.) — C:Program FilesBonjourmDNSResponder.exe — (Bonjour Service [Auto | Running])
SRV — [2008.07.25 11:17:02 | 00,069,632 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe — (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV — [2007.02.17 20:07:03 | 00,164,864 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32Dfssvc.exe — (Dfs [On_Demand | Stopped])
SRV — [2005.03.24 17:28:46 | 00,079,360 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32serverapplianceelementmgr.exe — (elementmgr [Auto | Running])
SRV — [2008.07.29 21:10:04 | 00,046,104 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe — (FontCache3.0.0.0 [On_Demand | Stopped])
SRV — [2007.02.17 20:04:56 | 00,039,936 | —- | M] (Microsoft Corporation) — C:WINDOWSPCHealthHelpCtrBinariespchsvc.dll — (helpsvc [Auto | Running])
SRV — [2008.07.29 19:24:50 | 00,881,664 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe — (idsvc [Unknown | Stopped])
SRV — [2007.02.17 20:07:14 | 00,014,336 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32inetsrvinetinfo.exe — (IISADMIN [Auto | Stopped])
SRV — [2009.01.06 14:06:24 | 00,536,872 | —- | M] (Apple Inc.) — C:Program FilesiPodbiniPodService.exe — (iPod Service [On_Demand | Stopped])
SRV — [2007.02.17 20:07:14 | 00,040,448 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32ismserv.exe — (IsmServ [Disabled | Stopped])
SRV — [2008.12.18 14:38:08 | 00,152,984 | —- | M] (Sun Microsystems, Inc.) — C:Program FilesJavajre6binjqs.exe — (JavaQuickStarterService [Auto | Running])
SRV — [2007.02.17 20:07:15 | 00,094,720 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32llssrv.exe — (LicenseService [Disabled | Stopped])
SRV — [2003.06.20 00:25:00 | 00,322,120 | —- | M] (Microsoft Corporation) — C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE — (MDM [Auto | Running])
SRV — [2007.02.17 20:07:22 | 00,032,768 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32mnmsrvc.exe — (mnmsrvc [Disabled | Stopped])
SRV — [2008.07.10 01:22:36 | 00,218,136 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL Server100DTSBinnMsDtsSrvr.exe — (MsDtsServer100 [Auto | Running])
SRV — [2007.02.17 20:07:14 | 00,014,336 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32inetsrvinetinfo.exe — (MSFtpsvc [Auto | Stopped])
SRV — [2007.02.17 20:07:24 | 00,006,144 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32mqsvc.exe — (MSMQ [Auto | Running])
SRV — [2008.07.10 01:15:32 | 00,031,256 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL ServerMSSQL10.MSSQLSERVERMSSQLBinnfdlauncher.exe — (MSSQLFDLauncher [Disabled | Stopped])
SRV — [2008.07.10 13:49:38 | 40,999,448 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL ServerMSSQL10.MSSQLSERVERMSSQLBinnsqlservr.exe — (MSSQLSERVER [Auto | Running])
SRV — [2008.07.10 13:49:34 | 00,047,128 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL Server100SharedSQLADHLP.EXE — (MSSQLServerADHelper100 [Disabled | Stopped])
SRV — [2008.07.10 01:22:40 | 21,945,368 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL ServerMSAS10.MSSQLSERVEROLAPbinmsmdsrv.exe — (MSSQLServerOLAPService [Auto | Running])
SRV — [2008.07.29 13:10:46 | 03,201,024 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft Visual Studio 9.0Common7IDERemote Debuggerx86msvsmon.exe — (msvsmon90 [Disabled | Stopped])
SRV — [2006.08.08 22:15:50 | 00,208,896 | —- | M] (Nero AG) — C:Program FilesNeroNero 7Nero BackItUpNBService.exe — (NBService [On_Demand | Stopped])
SRV — [2008.07.29 19:16:38 | 00,132,096 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe — (NetTcpPortSharing [Disabled | Stopped])
SRV — [2007.02.17 20:07:14 | 00,014,336 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32inetsrvinetinfo.exe — (NntpSvc [Auto | Stopped])
SRV — [2007.02.17 20:07:32 | 00,792,576 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32ntfrs.exe — (NtFrs [On_Demand | Stopped])
SRV — [2006.10.26 15:03:08 | 00,145,184 | —- | M] (Microsoft Corporation) — C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE — (ose [On_Demand | Stopped])
SRV — [2008.07.10 02:22:18 | 01,106,968 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL ServerMSRS10.MSSQLSERVERReporting ServicesReportServerbinReportingServicesService.exe — (ReportServer [Auto | Running])
SRV — [2007.02.17 20:07:38 | 00,067,072 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32RSoPProv.exe — (RSoPProv [On_Demand | Stopped])
SRV — [2003.05.12 20:00:00 | 00,012,288 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32sacsvr.dll — (sacsvr [On_Demand | Stopped])
SRV — [2007.02.17 20:07:14 | 00,014,336 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32inetsrvinetinfo.exe — (SMTPSVC [Auto | Stopped])
SRV — [2008.07.10 02:49:34 | 00,258,072 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe — (SQLBrowser [Auto | Running])
SRV — [2008.07.10 13:49:34 | 00,369,688 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL ServerMSSQL10.MSSQLSERVERMSSQLBinnSQLAGENT.EXE — (SQLSERVERAGENT [Auto | Running])
SRV — [2008.07.10 02:49:44 | 00,098,840 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe — (SQLWriter [Auto | Running])
SRV — [2003.03.25 09:10:10 | 00,067,584 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32serverappliancesrvcsurg.exe — (srvcsurg [Auto | Running])
SRV — [2003.05.12 20:00:00 | 00,050,688 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32trksvr.dll — (TrkSvr [Disabled | Stopped])
SRV — [2007.02.17 20:07:52 | 00,070,656 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32tssdis.exe — (Tssdis [Disabled | Stopped])
SRV — [2007.02.17 20:07:54 | 00,039,424 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32wdfmgr.exe — (UMWdf [On_Demand | Stopped])
SRV — [2007.02.17 20:03:28 | 00,216,576 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32inetsrviisw3adm.dll — (W3SVC [Auto | Stopped])
SRV — [2003.05.22 11:53:46 | 00,094,255 | —- | M] (iVasion, a Routerware Company) — C:Program FilesWinPoET Broadband ConnectionWrOS.EXE — (WinPPPoverEthernet [Auto | Running])

========== Driver Services (SafeList) ==========

DRV — [2007.02.17 10:14:59 | 00,043,520 | —- | M] (Adaptec, Inc.) — C:WINDOWSSystem32driversarc.sys — (arc [Disabled | Stopped])
DRV — [2006.05.23 23:06:36 | 01,578,496 | —- | M] (ATI Technologies Inc.) — C:WINDOWSSystem32DRIVERSati2mtag.sys — (ati2mtag [On_Demand | Running])
DRV — [2009.06.10 10:08:53 | 00,327,688 | —- | M] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32Driversavgldx86.sys — (AvgLdx86 [System | Running])
DRV — [2009.06.17 03:56:39 | 00,027,784 | —- | M] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32Driversavgmfx86.sys — (AvgMfx86 [System | Running])
DRV — [2009.06.10 10:08:54 | 00,012,552 | —- | M] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32Driversavgrkx86.sys — (AvgRkx86 [Boot | Running])
DRV — [2007.02.17 10:02:56 | 00,069,120 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32DRIVERSClusDisk.sys — (ClusDisk [Disabled | Stopped])
DRV — [2004.11.30 15:46:30 | 00,046,080 | R— | M] (Компания Крипто-Про) — C:WINDOWSSystem32DRIVERSCProCtrl.sys — (CProCtrl [System | Running])
DRV — [2007.02.17 09:51:18 | 00,034,816 | —- | M] (Microsoft Corporation) — C:WINDOWSsystem32driversDfs.sys — (DfsDriver [Boot | Running])
DRV — [2005.03.24 18:56:24 | 00,153,600 | —- | M] (Windows (R) Server 2003 DDK provider) — C:WINDOWSSystem32driversHdAudio.sys — (HdAudAddService [On_Demand | Stopped])
DRV — [2005.07.08 18:56:32 | 00,144,384 | —- | M] (Windows (R) Server 2003 DDK provider) — C:WINDOWSSystem32DRIVERSHDAudBus.sys — (HDAudBus [On_Demand | Running])
DRV — [2007.02.17 10:14:58 | 00,023,552 | —- | M] (Hewlett-Packard Company) — C:WINDOWSSystem32drivershpcisss.sys — (hpcisss [Disabled | Stopped])
DRV — [2007.09.30 03:03:12 | 00,308,248 | —- | M] (Intel Corporation) — C:WINDOWSsystem32driversiaStor.sys — (iaStor [Boot | Running])
DRV — [2006.10.12 10:52:04 | 04,387,328 | —- | M] (Realtek Semiconductor Corp.) — C:WINDOWSSystem32driversRtkHDAud.sys — (IntcAzAudAddService [On_Demand | Running])
DRV — [2007.02.17 09:44:20 | 00,084,992 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32driversmqac.sys — (MQAC [On_Demand | Running])
DRV — [2006.09.27 01:00:00 | 01,709,696 | —- | M] (Intel® Corporation) — C:WINDOWSSystem32DRIVERSNETw3x32.sys — (NETw3x32 [On_Demand | Running])
DRV — [2007.02.17 10:06:39 | 00,020,480 | —- | M] (Parallel Technologies, Inc.) — C:WINDOWSSystem32DRIVERSptilink.sys — (Ptilink [On_Demand | Running])
DRV — [2008.11.22 01:47:48 | 00,043,528 | —- | M] (Sonic Solutions) — C:WINDOWSSystem32DriversPxHelp20.sys — (PxHelp20 [Boot | Running])
DRV — [2008.05.08 17:27:43 | 00,109,568 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32DRIVERSRMCAST.sys — (RMCAST [Auto | Running])
DRV — [2008.07.10 02:49:14 | 00,242,712 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32DRIVERSRsFx0102.sys — (RsFx0102 [System | Running])
DRV — [2007.10.02 11:13:04 | 00,013,056 | —- | M] (Компания «Актив») — C:WINDOWSSystem32DRIVERSrtIFDH.sys — (RTIFDH [On_Demand | Running])
DRV — [2005.09.30 12:11:42 | 00,078,720 | —- | M] (Realtek Semiconductor Corporation ) — C:WINDOWSSystem32DRIVERSRtnicxp.sys — (RTL8023xp [On_Demand | Running])
DRV — [2007.10.02 11:13:14 | 00,029,440 | —- | M] (Компания «Актив») — C:WINDOWSSystem32DRIVERSrtUSB.SYS — (RTUSB [On_Demand | Stopped])
DRV — [2007.11.13 13:32:28 | 00,020,480 | —- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) — C:WINDOWSSystem32DRIVERSsecdrv.sys — (Secdrv [On_Demand | Stopped])
DRV — [2005.09.16 15:09:02 | 00,846,792 | —- | M] (Motorola Inc.) — C:WINDOWSSystem32DRIVERSsmserial.sys — (smserial [On_Demand | Running])
DRV — [2009.04.15 14:27:43 | 00,717,296 | —- | M] () — C:WINDOWSSystem32Driverssptd.sys — (sptd [Boot | Running])
DRV — [2005.08.25 16:12:56 | 00,191,168 | —- | M] (Synaptics, Inc.) — C:WINDOWSSystem32DRIVERSSynTP.sys — (SynTP [On_Demand | Running])
DRV — [2008.06.20 17:55:15 | 00,234,368 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32DRIVERStcpip6.sys — (Tcpip6 [System | Running])
DRV — [2003.05.22 18:00:20 | 00,053,334 | —- | M] () — C:WINDOWSSystem32DRIVERSWrKPoET2000.sys — (TopWinPoETDriver [Auto | Running])
DRV — [2007.02.17 09:58:50 | 00,014,336 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32DRIVERSusb8023.sys — (USB_RNDIS_51 [On_Demand | Stopped])
DRV — [2007.09.04 17:53:34 | 00,055,664 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft Visual Studio 9.0Team ToolsPerformance ToolsVSPerfDrv90.sys — (VSPerfDrv90 [On_Demand | Stopped])
DRV — [2007.02.17 19:13:49 | 00,172,032 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32DRIVERSwlbs.sys — (WLBS [On_Demand | Stopped])
DRV — [2003.05.22 18:00:20 | 00,053,334 | —- | M] () — C:Program FilesWinPoET Broadband ConnectionWrKPoET2000.sys — (WrKPoET2000 [On_Demand | Running])
DRV — [2002.10.28 19:42:56 | 00,065,604 | —- | M] () — C:WINDOWSSystem32DRIVERSWrKPoETNic2000.sys — (WRSWanDD [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Secondary_Page_URL = [binary data]
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Extensions Off Page = about:NoAdd-ons
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = %SystemRoot%system32blank.htm
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Security Risk Page = about:SecurityRisk
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE — HKU.DEFAULT.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0

IE — HKUS-1-5-18S-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0

IE — HKUS-1-5-21-1575559806-2931686487-2101553159-500SOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE — HKUS-1-5-21-1575559806-2931686487-2101553159-500SOFTWAREMicrosoftInternet ExplorerMain,First Home Page = res://shdoclc.dll/hardAdmin.htm
IE — HKUS-1-5-21-1575559806-2931686487-2101553159-500SOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsystem32blank.htm
IE — HKUS-1-5-21-1575559806-2931686487-2101553159-500SOFTWAREMicrosoftInternet ExplorerMain,Page_Transitions = 1
IE — HKUS-1-5-21-1575559806-2931686487-2101553159-500SOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE — HKUS-1-5-21-1575559806-2931686487-2101553159-500SOFTWAREMicrosoftInternet ExplorerMain,Start Page = res://shdoclc.dll/hardAdmin.htm
IE — HKUS-1-5-21-1575559806-2931686487-2101553159-500S-1-5-21-1575559806-2931686487-2101553159-500SoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0
IE — HKUS-1-5-21-1575559806-2931686487-2101553159-500S-1-5-21-1575559806-2931686487-2101553159-500SoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyOverride» = *.local

FF — HKLMsoftwaremozillaFirefoxextensions\jqs@sun.com: C:Program FilesJavajre6libdeployjqsff [2008.12.18 14:38:08 | 00,000,000 | —D | M]
FF — HKLMsoftwaremozillaFirefoxextensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:Program FilesRealRealPlayerbrowserrecord [2009.01.08 07:46:08 | 00,000,000 | —D | M]
FF — HKLMsoftwaremozillaFirefoxextensions\{20a82645-c095-46ed-80e3-08825760534b}: C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension [2009.04.21 20:23:24 | 00,000,000 | —D | M]

[2009.04.15 14:33:25 | 00,000,000 | —D | M] — C:Documents and SettingsАдминистраторApplication DatamozillaFirefoxProfiles9vf96daw.defaultextensionsyasearch@yandex.ruchromeskinextensions-hacks

O1 HOSTS File: (769 bytes) — C:WINDOWSSystem32driversetcHosts
O1 — Hosts: 127.0.0.1 localhost
O2 — BHO: (Java(tm) Plug-In SSV Helper) — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.)
O2 — BHO: (Java(tm) Plug-In 2 SSV Helper) — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll (Sun Microsystems, Inc.)
O2 — BHO: (Microsoft Web Test Recorder 9.0 Helper) — {E31CE47F-C268-41ba-897B-B415E613947D} — C:Program FilesMicrosoft Visual Studio 9.0Common7IDEPrivateAssembliesMicrosoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O2 — BHO: (JQSIEStartDetectorImpl Class) — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll (Sun Microsystems, Inc.)
O3 — HKUS-1-5-21-1575559806-2931686487-2101553159-500..ToolbarShellBrowser: (&Адрес) — {01E04581-4EEE-11D0-BFE9-00AA005B4383} — C:WINDOWSSystem32browseui.dll (Корпорация Майкрософт)
O3 — HKUS-1-5-21-1575559806-2931686487-2101553159-500..ToolbarWebBrowser: (&Адрес) — {01E04581-4EEE-11D0-BFE9-00AA005B4383} — C:WINDOWSSystem32browseui.dll (Корпорация Майкрософт)
O4 — HKLM..Run: [AVG8_TRAY] C:Program FilesAVGAVG8avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 — HKLM..Run: [RTHDCPL] C:WINDOWSRTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 — HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre6binjusched.exe (Sun Microsystems, Inc.)
O4 — HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe (Synaptics, Inc.)
O4 — HKLM..Run: [WinPatrol] C:Program FilesBillP StudiosWinPatrolWinPatrol.exe (BillP Studios)
O4 — HKLM..Run: [WinPatrol Russian v.2] C:Program FilesBillP StudiosWinPatrolwinpatrol.exe (BillP Studios)
O4 — HKLM..Run: [Ярлык для страницы свойств High Definition Audio] C:WINDOWSSystem32HDAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 — HKU.DEFAULT..RunOnce: [tscuninstall] C:WINDOWSSystem32tscupgrd.exe (Microsoft Corporation)
O4 — HKUS-1-5-18..RunOnce: [tscuninstall] C:WINDOWSSystem32tscupgrd.exe (Microsoft Corporation)
O4 — HKUS-1-5-19..RunOnce: [tscuninstall] C:WINDOWSSystem32tscupgrd.exe (Microsoft Corporation)
O4 — HKUS-1-5-20..RunOnce: [tscuninstall] C:WINDOWSSystem32tscupgrd.exe (Microsoft Corporation)
O6 — HKLMSoftwarePoliciesMicrosoftInternet ExplorerLow Rights present
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: ShowSuperHidden = 1
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: disablecad = 0
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: dontdisplaylastusername = 0
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: legalnoticecaption =
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: legalnoticetext =
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: scforceoption = 0
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: shutdownwithoutlogon = 0
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: undockwithoutlogon = 1
O7 — HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 — HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 — HKUS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 — HKUS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 — HKUS-1-5-21-1575559806-2931686487-2101553159-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 67108863
O7 — HKUS-1-5-21-1575559806-2931686487-2101553159-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: disableregistrytools = 0
O10 — NameSpace_Catalog5Catalog_Entries00000000004 [] — C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)
O16 — DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229532347505 (WUWebControl Class)
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240335478625 (MUWebControl Class)
O16 — DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 — DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 — DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 — DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 — HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 10.7.1.3 10.2.2.26 10.2.2.27
O18 — ProtocolHandlerhttpx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} — C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
O18 — ProtocolHandlerhttpoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} — C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
O18 — ProtocolHandlerhttpsx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} — C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
O18 — ProtocolHandlerhttpsoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} — C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
O18 — ProtocolHandlermsdaipp — No CLSID value found
O18 — ProtocolHandlermsdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} — C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
O18 — ProtocolHandlermsdaippoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} — C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
O18 — ProtocolHandlerms-help {314111c7-a502-11d2-bbca-00c04f8ec294} — C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll (Microsoft Corporation)
O18 — ProtocolHandlerms-itss {0A9007C0-4076-11D3-8789-0000F8105754} — C:Program FilesCommon FilesMicrosoft SharedInformation RetrievalMSITSS.DLL (Microsoft Corporation)
O18 — ProtocolHandlermso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} — C:Program FilesCommon FilesMicrosoft SharedWeb Components10OWC10.DLL (Microsoft Corporation)
O18 — ProtocolHandlermso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} — C:Program FilesCommon FilesMicrosoft SharedWeb Components11OWC11.DLL (Microsoft Corporation)
O18 — ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:Program FilesCommon FilesSkypeSkype4COM.dll (Skype Technologies)
O18 — ProtocolFilter: — text/xml — C:Program FilesCommon FilesMicrosoft SharedOFFICE11MSOXMLMF.DLL (Microsoft Corporation)
O20 — HKLM Winlogon: Shell — (Explorer.exe) — C:WINDOWSExplorer.exe (Microsoft Corporation)
O20 — WinlogonNotifyAtiExtEvent: DllName — Ati2evxx.dll — C:WINDOWSSystem32Ati2evxx.dll (ATI Technologies Inc.)
O20 — WinlogonNotifyavgrsstarter: DllName — avgrsstx.dll — C:WINDOWSSystem32avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O22 — SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} — Предзагрузчик Browseui — C:WINDOWSSystem32browseui.dll (Корпорация Майкрософт)
O22 — SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} — Демон кэша категорий компонентов — C:WINDOWSSystem32browseui.dll (Корпорация Майкрософт)
O24 — Desktop Components:0 (Моя текущая домашняя страница) — About:Home
O29 — HKLM SecurityProviders — (cpssp.dll) — C:WINDOWSSystem32cpssp.dll (Компания Крипто-Про)
O31 — SafeBoot: AlternateShell — cmd.exe
O32 — HKLM CDRom: AutoRun — 1
O32 — AutoRun File — [2008.12.17 20:23:42 | 00,000,000 | —- | M] () — C:AUTOEXEC.BAT — [ NTFS ]
O33 — MountPoints2{09111472-3ad7-11de-b438-0015eb3e517a}ShellAutoRuncommand — «» = F:keygen.exe — File not found
O33 — MountPoints2{09111472-3ad7-11de-b438-0015eb3e517a}ShellopenCommand — «» = F:keygen.exe — File not found
O33 — MountPoints2{1ce8c3cb-4db8-11de-984e-00030d4ad98d}ShellAUtopLAYCOmMand — «» = F:dyjx.exe — File not found
O33 — MountPoints2{1ce8c3cb-4db8-11de-984e-00030d4ad98d}ShellAutoRuncommand — «» = F:dyjx.exe — File not found
O33 — MountPoints2{1ce8c3cb-4db8-11de-984e-00030d4ad98d}ShellexPLoReCOMMand — «» = F:dyjx.exe — File not found
O33 — MountPoints2{1ce8c3cb-4db8-11de-984e-00030d4ad98d}ShellOpENCOmMAnd — «» = F:dyjx.exe — File not found
O33 — MountPoints2{b380353b-2dab-11de-be4e-0015eb3e517a}ShellAUtopLAYCOmMand — «» = F:dyjx.exe — File not found
O33 — MountPoints2{b380353b-2dab-11de-be4e-0015eb3e517a}ShellAutoRuncommand — «» = F:dyjx.exe — File not found
O33 — MountPoints2{b380353b-2dab-11de-be4e-0015eb3e517a}ShellexPLoReCOMMand — «» = F:dyjx.exe — File not found
O33 — MountPoints2{b380353b-2dab-11de-be4e-0015eb3e517a}ShellOpENCOmMAnd — «» = F:dyjx.exe — File not found
O33 — MountPoints2{dc23d4e0-d024-11dd-ba98-00030d4ad98d}ShellAutoRuncommand — «» = F:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013win32.exe — File not found
O33 — MountPoints2{dc23d4e0-d024-11dd-ba98-00030d4ad98d}Shellopencommand — «» = F:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013win32.exe — File not found
O34 — HKLM BootExecute: (autocheck) — File not found
O34 — HKLM BootExecute: (autochk) — C:WINDOWSSystem32autochk.exe (Microsoft Corporation)
O34 — HKLM BootExecute: (*) — File not found

========== Files/Folders — Created Within 30 Days ==========

[7 C:WINDOWS*.tmp files]
[2009.06.23 16:36:10 | 00,512,512 | —- | C] (OldTimer Tools) — C:Documents and SettingsАдминистраторРабочий столOTL.exe
[2009.06.21 15:56:46 | 00,000,000 | —D | C] — C:Program FilesMovieToolbox
[2009.06.21 12:13:52 | 00,000,000 | —D | C] — C:Program FileseMule
[2009.06.18 19:32:14 | 00,359,893 | —- | C] () — C:Documents and SettingsАдминистраторРабочий столdds.scr
[2009.06.15 20:15:56 | 04,544,721 | —- | C] () — C:kuchin_ivan-tihij_okean_2.mp3
[2009.06.11 01:01:24 | 00,000,000 | —D | C] — C:Documents and SettingsАдминистраторМои документырыбалка кафтино
[2009.06.10 17:25:09 | 00,000,000 | —D | C] — C:rsit
[2009.06.10 14:35:49 | 00,000,000 | —D | C] — C:Program FilesNT Registry Optimizer
[2009.06.10 14:32:42 | 00,000,000 | —D | C] — C:WINDOWSERDNT
[2009.06.10 14:32:16 | 00,000,000 | —D | C] — C:Program FilesERUNT
[2009.06.10 14:21:27 | 00,000,000 | —D | C] — C:32788R22FWJFW
[2009.06.10 13:20:11 | 00,000,000 | —D | C] — C:Documents and SettingsАдминистраторApplication DataWinPatrol
[2009.06.10 13:19:38 | 00,000,000 | —D | C] — C:Program FilesBillP Studios
[2009.06.10 11:08:11 | 00,000,000 | -H-D | C] — C:$AVG8.VAULT$
[2009.06.10 10:08:56 | 00,001,507 | —- | C] () — C:Documents and SettingsAll UsersРабочий столAVG 8.5.lnk
[2009.06.10 10:08:54 | 00,012,552 | —- | C] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32driversavgrkx86.sys
[2009.06.10 10:08:54 | 00,011,952 | —- | C] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32avgrsstx.dll
[2009.06.10 10:08:53 | 00,327,688 | —- | C] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32driversavgldx86.sys
[2009.06.10 10:08:48 | 00,027,784 | —- | C] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32driversavgmfx86.sys
[2009.06.10 10:08:47 | 37,309,041 | —- | C] () — C:WINDOWSSystem32driversAvgincavi.avm
[2009.06.10 10:08:47 | 06,061,540 | —- | C] () — C:WINDOWSSystem32driversAvgavi7.avg
[2009.06.10 10:08:47 | 00,434,673 | —- | C] () — C:WINDOWSSystem32driversAvgminiavi.avg
[2009.06.10 10:08:47 | 00,085,931 | —- | C] () — C:WINDOWSSystem32driversAvgmicroavi.avg
[2009.06.10 10:08:47 | 00,000,000 | —D | C] — C:WINDOWSSystem32driversAvg
[2009.06.10 10:08:33 | 00,000,000 | —D | C] — C:Program FilesAVG
[2009.06.10 10:07:52 | 00,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication Dataavg8
[2009.06.10 10:04:53 | 00,000,000 | -HSD | C] — C:Config.Msi
[2009.06.09 21:01:12 | 00,000,000 | —D | C] — C:Program FilesTrend Micro
[2009.06.09 17:37:31 | 00,132,597 | —- | C] () — C:Documents and SettingsАдминистраторРабочий столFlash_Disinfector.exe
[2009.06.09 17:25:28 | 00,000,000 | —D | C] — C:Program FilesESET
[2009.06.09 16:53:59 | 00,000,000 | —D | C] — C:SDFix
[2009.06.09 16:52:10 | 00,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
[2009.05.26 16:53:58 | 00,000,587 | —- | C] () — C:Documents and SettingsАдминистраторРабочий столЯрлык для 15.exe.lnk
[2009.05.26 02:01:23 | 00,000,680 | —- | C] () — C:Documents and SettingsАдминистраторРабочий столФильтр доменов.lnk
[2009.05.24 22:05:20 | 00,000,000 | —D | C] — C:Documents and SettingsАдминистраторМои документыскан авто
[2009.04.15 14:27:43 | 00,717,296 | —- | C] () — C:WINDOWSSystem32driverssptd.sys
[2009.02.04 16:42:37 | 00,168,448 | —- | C] () — C:WINDOWSSystem32unrar.dll
[2009.02.04 16:42:32 | 00,795,648 | —- | C] () — C:WINDOWSSystem32xvidcore.dll
[2009.02.04 16:42:31 | 00,130,048 | —- | C] () — C:WINDOWSSystem32xvidvfw.dll
[2009.02.04 16:42:28 | 00,057,344 | —- | C] () — C:WINDOWSSystem32ff_vfw.dll
[2009.02.04 16:42:28 | 00,000,547 | —- | C] () — C:WINDOWSSystem32ff_vfw.dll.manifest
[2009.01.06 15:35:51 | 00,000,281 | —- | C] () — C:WINDOWSSystem32CNCMFP11.INI
[2009.01.06 15:31:15 | 00,000,532 | —- | C] () — C:WINDOWSMAXLINK.INI
[2009.01.03 18:57:27 | 00,000,069 | —- | C] () — C:WINDOWSNeroDigital.ini
[2009.01.03 18:57:16 | 00,000,014 | —- | C] () — C:WINDOWSSystem32SysEngineDrive1.sys
[2008.12.27 01:27:15 | 00,198,656 | —- | C] () — C:WINDOWSSystem32psisdecd.dll
[2008.12.22 23:25:38 | 00,065,604 | —- | C] () — C:WINDOWSSystem32driversWrKPoETNic2000.sys
[2008.12.22 23:25:38 | 00,053,334 | —- | C] () — C:WINDOWSSystem32driversWrKPoET2000.sys
[2008.12.18 17:23:01 | 00,002,765 | —- | C] () — C:WINDOWSwcx_ftp.ini
[2008.12.18 14:28:02 | 00,102,400 | —- | C] () — C:WINDOWSSystem32ibank2agava.dll
[2008.12.18 13:49:05 | 00,002,311 | —- | C] () — C:WINDOWSwincmd.ini
[2008.12.18 13:13:40 | 00,044,189 | —- | C] () — C:WINDOWSSystem32smtpctrs.ini
[2008.12.18 13:13:40 | 00,034,419 | —- | C] () — C:WINDOWSSystem32nntpctrs.ini
[2008.12.18 13:13:40 | 00,002,111 | —- | C] () — C:WINDOWSSystem32ntfsdrct.ini
[2008.12.18 13:13:33 | 00,011,966 | —- | C] () — C:WINDOWSSystem32ftpctrs.ini
[2008.12.18 13:13:32 | 00,077,877 | —- | C] () — C:WINDOWSSystem32w3ctrs.ini
[2008.12.18 13:13:32 | 00,015,758 | —- | C] () — C:WINDOWSSystem32axperf.ini
[2008.12.18 13:13:31 | 00,017,508 | —- | C] () — C:WINDOWSSystem32infoctrs.ini
[2008.12.17 21:05:05 | 00,000,902 | —- | C] () — C:WINDOWSODBC.INI
[2008.11.06 20:37:32 | 03,596,288 | —- | C] () — C:WINDOWSSystem32qt-dx331.dll
[2008.11.06 20:34:00 | 00,000,416 | —- | C] () — C:WINDOWSSystem32dtu100.dll.manifest
[2008.11.06 20:34:00 | 00,000,416 | —- | C] () — C:WINDOWSSystem32dpl100.dll.manifest
[2008.11.06 20:33:02 | 00,012,288 | —- | C] () — C:WINDOWSSystem32DivXWMPExtType.dll
[2005.09.16 15:01:04 | 00,053,248 | —- | C] () — C:WINDOWSsm56jpn.dll
[2005.09.16 15:01:04 | 00,049,152 | —- | C] () — C:WINDOWSsm56cht.dll
[2005.09.16 15:01:04 | 00,049,152 | —- | C] () — C:WINDOWSsm56chs.dll
[2005.09.16 15:01:02 | 00,069,632 | —- | C] () — C:WINDOWSsm56spn.dll
[2005.09.16 15:01:02 | 00,069,632 | —- | C] () — C:WINDOWSsm56itl.dll
[2005.09.16 15:01:02 | 00,069,632 | —- | C] () — C:WINDOWSsm56eng.dll
[2005.09.16 15:01:02 | 00,069,632 | —- | C] () — C:WINDOWSsm56brz.dll
[2005.09.16 15:01:02 | 00,061,440 | —- | C] () — C:WINDOWSsm56ger.dll
[2005.09.16 15:01:02 | 00,061,440 | —- | C] () — C:WINDOWSsm56fra.dll
[2005.03.24 18:46:50 | 00,179,577 | —- | C] () — C:WINDOWSSystem32schema.ini
[2003.05.12 20:00:00 | 00,050,891 | —- | C] () — C:WINDOWSSystem32ntdsctrs.ini
[2003.05.12 20:00:00 | 00,040,517 | —- | C] () — C:WINDOWSSystem32ntfrsrep.ini
[2003.05.12 20:00:00 | 00,023,212 | —- | C] () — C:WINDOWSSystem32iasperf.ini
[2003.05.12 20:00:00 | 00,022,095 | —- | C] () — C:WINDOWSSystem32ipsecprf.ini
[2003.05.12 20:00:00 | 00,010,626 | —- | C] () — C:WINDOWSSystem32ntfrscon.ini
[2003.05.12 20:00:00 | 00,000,686 | —- | C] () — C:WINDOWSwin.ini
[2003.05.12 20:00:00 | 00,000,231 | —- | C] () — C:WINDOWSsystem.ini
[2003.04.10 14:43:32 | 00,005,412 | —- | C] () — C:WINDOWSSystem32OUTLPERF.INI
[2002.08.09 19:00:00 | 00,375,296 | —- | C] () — C:WINDOWSSystem32WSIHK32.DLL
[2002.08.09 19:00:00 | 00,131,584 | —- | C] () — C:WINDOWSSystem32WSIWIN32.DLL

========== Files — Modified Within 30 Days ==========

[1 C:WINDOWSSystem32*.tmp files]
[7 C:WINDOWS*.tmp files]
[2009.06.23 16:40:19 | 00,000,460 | -H— | M] () — C:WINDOWStasksUser_Feed_Synchronization-{CC727C43-5288-434E-BA47-7CE2C0740D06}.job
[2009.06.23 16:36:17 | 00,512,512 | —- | M] (OldTimer Tools) — C:Documents and SettingsАдминистраторРабочий столOTL.exe
[2009.06.23 16:21:34 | 08,339,456 | —- | M] () — C:website_1.ldf
[2009.06.23 14:56:32 | 00,002,311 | —- | M] () — C:WINDOWSwincmd.ini
[2009.06.23 13:50:40 | 00,000,006 | -H— | M] () — C:WINDOWStasksSA.DAT
[2009.06.23 13:50:39 | 00,002,048 | —S- | M] () — C:WINDOWSbootstat.dat
[2009.06.22 17:53:56 | 62,914,560 | —- | M] () — C:aps2_1.ldf
[2009.06.22 17:53:56 | 14,942,208 | —- | M] () — C:aps2.mdf
[2009.06.22 17:53:55 | 32,243,712 | —- | M] () — C:website.mdf
[2009.06.22 17:53:55 | 09,306,112 | —- | M] () — C:sitecontent.mdf
[2009.06.22 17:53:55 | 07,831,552 | —- | M] () — C:sitecontent_1.ldf
[2009.06.22 17:53:46 | 00,000,686 | —- | M] () — C:WINDOWSwin.ini
[2009.06.21 19:01:25 | 00,000,069 | —- | M] () — C:WINDOWSNeroDigital.ini
[2009.06.21 17:15:01 | 37,309,041 | —- | M] () — C:WINDOWSSystem32driversAvgincavi.avm
[2009.06.21 17:14:35 | 00,085,931 | —- | M] () — C:WINDOWSSystem32driversAvgmicroavi.avg
[2009.06.19 23:13:29 | 00,002,206 | —- | M] () — C:WINDOWSSystem32wpa.dbl
[2009.06.18 19:32:19 | 00,359,893 | —- | M] () — C:Documents and SettingsАдминистраторРабочий столdds.scr
[2009.06.17 03:56:39 | 00,027,784 | —- | M] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32driversavgmfx86.sys
[2009.06.17 03:56:39 | 00,011,952 | —- | M] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32avgrsstx.dll
[2009.06.17 03:55:20 | 06,061,540 | —- | M] () — C:WINDOWSSystem32driversAvgavi7.avg
[2009.06.17 03:55:20 | 00,434,673 | —- | M] () — C:WINDOWSSystem32driversAvgminiavi.avg
[2009.06.15 20:15:56 | 04,544,721 | —- | M] () — C:kuchin_ivan-tihij_okean_2.mp3
[2009.06.10 14:21:32 | 00,396,288 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32cmd.execf
[2009.06.10 10:16:53 | 00,761,130 | —- | M] () — C:WINDOWSSystem32perfh019.dat
[2009.06.10 10:16:52 | 01,878,348 | —- | M] () — C:WINDOWSSystem32PerfStringBackup.INI
[2009.06.10 10:16:52 | 00,717,284 | —- | M] () — C:WINDOWSSystem32perfh009.dat
[2009.06.10 10:16:52 | 00,195,844 | —- | M] () — C:WINDOWSSystem32perfc019.dat
[2009.06.10 10:16:52 | 00,178,620 | —- | M] () — C:WINDOWSSystem32perfc009.dat
[2009.06.10 10:13:57 | 00,274,968 | —- | M] () — C:WINDOWSSystem32FNTCACHE.DAT
[2009.06.10 10:10:45 | 00,004,861 | —- | M] () — C:WINDOWSimsins.BAK
[2009.06.10 10:08:56 | 00,001,507 | —- | M] () — C:Documents and SettingsAll UsersРабочий столAVG 8.5.lnk
[2009.06.10 10:08:54 | 00,012,552 | —- | M] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32driversavgrkx86.sys
[2009.06.10 10:08:53 | 00,327,688 | —- | M] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32driversavgldx86.sys
[2009.06.10 02:58:06 | 00,525,312 | —- | M] () — C:спамеры.pst
[2009.06.09 17:37:32 | 00,132,597 | —- | M] () — C:Documents and SettingsАдминистраторРабочий столFlash_Disinfector.exe
[2009.06.01 20:51:12 | 23,635,392 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32MRT.exe
[2009.05.26 16:53:58 | 00,000,587 | —- | M] () — C:Documents and SettingsАдминистраторРабочий столЯрлык для 15.exe.lnk
[2009.05.26 02:01:23 | 00,000,680 | —- | M] () — C:Documents and SettingsАдминистраторРабочий столФильтр доменов.lnk
[2009.05.25 19:57:16 | 00,241,664 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32dllcachehttpext.dll
18 июня, 2009 в 3:44 пп в ответ на: Глючит реестр под Windows Server 2003. Неуловимый вирус #24300
starcat
Participant
- Темы:1
- Сообщений:8
Валерий,
сканер DDS не поддерживатеся моей ОС Win2003 Server,
впрочем как и подавляющее большинство других утилит.

Я вот что подумал, может быть мне подключить мой жесткий диск как slave к компьютеру с ХР? И тогда я смогу пройтись комбофиксом и другими антивирусами, котоыре сейчас в моей ОС не запускаются…

Какие рекомендации можете дать на счет такого варианта подключения?
15 июня, 2009 в 6:24 дп в ответ на: Глючит реестр под Windows Server 2003. Неуловимый вирус #24298
starcat
Participant
- Темы:1
- Сообщений:8
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:22, on 15.06.2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSsystem32serverapplianceappmgr.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSsystem32cisvc.exe
C:WINDOWSsystem32serverapplianceelementmgr.exe
C:PROGRA~1AVGAVG8avgam.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:WINDOWSsystem32inetsrvinetinfo.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe
C:WINDOWSsystem32serverappliancesrvcsurg.exe
C:Program FilesWinPoET Broadband ConnectionWrOS.EXE
C:WINDOWSsystem32mqsvc.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSRTHDCPL.EXE
C:PROGRA~1AVGAVG8avgtray.exe
C:Program FilesBillP StudiosWinPatrolWinPatrol.exe
C:Program FilesBillP StudiosWinPatrolwinpatrol.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32cidaemon.exe
C:WINDOWSsystem32cidaemon.exe
C:WINDOWSsystem32cidaemon.exe
C:Program FilesJGsoftEditPadPro6EditPadPro.exe
C:Program FilesAVGAVG8avgupd.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,First Home Page = res://shdoclc.dll/hardAdmin.htm
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://advex.ru/
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: Microsoft Web Test Recorder 9.0 Helper — {E31CE47F-C268-41ba-897B-B415E613947D} — C:Program FilesMicrosoft Visual Studio 9.0Common7IDEPrivateAssembliesMicrosoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O4 — HKLM..Run: [Ярлык для страницы свойств High Definition Audio] HDAShCut.exe
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 — HKLM..Run: [WinPatrol] C:Program FilesBillP StudiosWinPatrolWinPatrol.exe
O4 — HKLM..Run: [WinPatrol Russian v.2] C:Program FilesBillP StudiosWinPatrolwinpatrol.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘Default user’)
O15 — ESC Trusted Zone: http://runonce.msn.com
O15 — ESC Trusted Zone: http://*.windowsupdate.com
O15 — ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 — ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 — DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) — http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229532347505
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240335478625
O16 — DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) — http://download.eset.com/special/eos/OnlineScanner.cab
O17 — HKLMSystemCCSServicesTcpip..{99C5D131-9C84-4BA1-B0B1-4568E0A2CCED}: NameServer = 192.168.22.1
O17 — HKLMSystemCCSServicesTcpip..{E4D250C3-8530-4723-A2FA-6C7EF8A0CE79}: NameServer = 195.34.32.116 212.188.4.10
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — Winlogon Notify: avgrsstarter — C:WINDOWSSYSTEM32avgrsstx.dll
O23 — Service: Adobe LM Service — Unknown owner — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Apple Mobile Device — Apple Inc. — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: AVG8 WatchDog (avg8wd) — AVG Technologies CZ, s.r.o. — C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 — Service: Bonjour Service — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Сервис iPod (iPod Service) — Apple Inc. — C:Program FilesiPodbiniPodService.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: WinPPPoverEthernet — iVasion, a Routerware Company — C:Program FilesWinPoET Broadband ConnectionWrOS.EXE

—
End of file — 7452 bytes
Автор

Сообщения