View Full Version : All Antivirus software disabled by malware!
I got a virus or rootkit and have no idea what to do.
All my antivirus software has been disabled, reinstallation is doesn't helps. I have Spybot, Kaspersky, Avast, AVG Anti-Rootkit. I got "This is not Win32 application" error when i try to run them. System Restore is disabled and i cannot boot on safe mode. When i try to run CureIt i got reboot.
Please help!!
I can run only IceSword and Hijackthis and this is hijackthis.log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:48:30, on 18.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\FRITZ!DSL\IGDCTRL.EXE
D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Ad Muncher\AdMunch.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\VM_STI.EXE
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\AutoText\AutoText.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Distr\The Bat\thebat.exe
D:\Program Files\FRITZ!DSL\StCenter.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
D:\WINDOWS\System32\svchost.exe
C:\totalcmd\TOTALCMD.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\system32\devldr32.exe
D:\Distr\Anti Virus programme\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: Poly HTML Filter BHO - {0140DF95-9128-4053-AE72-F43F0CFCA062} - D:\WINDOWS\system32\SiKernel.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\PROGRA~2\FLASHGET\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Помощник по входу в Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashSelectorObject Class - {E3705A11-9EDF-4149-B2FD-35347218273F} - D:\Program Files\FlashSelector\FlashSelector.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\PROGRA~2\FLASHGET\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~2\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll
O3 - Toolbar: FBFBar - {982E186D-7E13-45ac-9789-50B535246E28} - D:\Program Files\FRITZ!Box Monitor\fbfbar.dll
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Ad Muncher] D:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE Philips SPC 300NC PC Camera
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [avast!] C:\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [AutoText] "D:\Program Files\AutoText\AutoText.exe"
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ярлык для thebat.lnk = D:\Distr\The Bat\thebat.exe
O4 - Startup: FRITZ!DSL Startcenter.lnk = D:\Program Files\FRITZ!DSL\StCenter.exe
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://E:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=02V705V4&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=02V705V4&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=02V705V4&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=02V705V4&id=menu_ie_exclude
O8 - Extra context menu item: Download All Files by HiDownload - D:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - D:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=02V705V4&id=menu_ie_report
O8 - Extra context menu item: Semagic - E:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Закачать все при помощи FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Закачать при помощи FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Копировать в Semagic - E:\Program Files\Semagic\copy.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Cтатистика Веб-Антивируса - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Отправка в блог - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Отправка в блог Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Добавить в избранное мобильного устройства... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - D:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra 'Tools' menuitem: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - D:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~2\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~2\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - D:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\PROGRA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\PROGRA~1\FLASHD~1\iebt.dll (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/russian/partner/rus/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143718624250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183151353359
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://vkontakte.ru/uploader/ImageUploader4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - D:\Program Files\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - D:\Program Files\Common Files\AVM\de_serv.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - D:\WINDOWS\system32\services.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - D:\WINDOWS\system32\imapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - D:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - D:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - D:\WINDOWS\system32\sessmgr.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - D:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - D:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - D:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - D:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 13001 bytes
Rorschach112
2008-01-19, 04:05
Hello
Please download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) and save it to your Desktop.
Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Please download and unzip Icesword (http://mail.ustc.edu.cn/~jfpan/download/IceSword122en.zip)to its own folder on your desktop
If you get a lot of "red entries" in an IceSword log, don't panic.
Step 1 : Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.
Step 2 : Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on LOG. It will prompt you to save the log, call this Services and save it to your desktop.
Step 3 : Now, click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.
Now post all of the data collected under the headings for :
Processes
Win32 Services
SSDT
Hey man, i just followed the instructions you gave to Guillerme in another thread and i killed the viruses! (hldrrr.exe, srosa.sys and wintems.exe.) Now i can run antivirus and i scanned my system, everething is ok! Thank you for your work! :)
Rorschach112
2008-01-19, 16:54
I would recommend that you run these scans anyway as this infection comes back
ok, this is DSS log, main:
Deckard's System Scanner v20071014.68
Run by nadishana on 2008-01-19 16:34:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
8: 2008-01-19 15:34:54 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2008-01-19 15:25:25 UTC - RP7 - GhostWriter wird entfernt
6: 2008-01-19 15:21:36 UTC - RP6 - Uninstall Syncrosoft's License Control
5: 2008-01-18 18:25:46 UTC - RP5 - Installed ESET NOD32 Antivirus
4: 2008-01-18 18:23:55 UTC - RP4 - Installed ESET NOD32 Antivirus
-- First Restore Point --
1: 2008-01-18 16:18:01 UTC - RP1 - Системная контрольная точка
Backed up registry hives.
Performed disk cleanup.
System Drive D: has 3.04 GiB (less than 15%) free.
-- HijackThis (run as nadishana.exe) -------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38, on 2008-01-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Avast4\aswUpdSv.exe
D:\Program Files\Avast4\ashServ.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\Explorer.EXE
D:\Program Files\FRITZ!DSL\IGDCTRL.EXE
D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Ad Muncher\AdMunch.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\VM_STI.EXE
D:\PROGRA~1\Avast4\ashDisp.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\AutoText\AutoText.exe
D:\Program Files\Rainlendar2\Rainlendar2.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
D:\Program Files\Avast4\ashMaiSv.exe
D:\Program Files\Avast4\ashWebSv.exe
D:\Distr\The Bat\thebat.exe
D:\Program Files\FRITZ!DSL\StCenter.exe
D:\WINDOWS\System32\svchost.exe
C:\totalcmd\TOTALCMD.EXE
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Distr\Anti Virus programme\DSS\dss.exe
D:\Distr\ANTIVI~1\HIJACK~1\nadishana.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\PROGRA~2\FLASHGET\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Помощник по входу в Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashSelectorObject Class - {E3705A11-9EDF-4149-B2FD-35347218273F} - D:\Program Files\FlashSelector\FlashSelector.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\PROGRA~2\FLASHGET\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~2\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll
O3 - Toolbar: FBFBar - {982E186D-7E13-45ac-9789-50B535246E28} - D:\Program Files\FRITZ!Box Monitor\fbfbar.dll
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Ad Muncher] D:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE Philips SPC 300NC PC Camera
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Remove H2O driver] cmd.exe /c rd /q /s "D:\Program Files\SyncroSoft\Pos\H2O"
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AutoText] "D:\Program Files\AutoText\AutoText.exe"
O4 - HKCU\..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ярлык для thebat.lnk = D:\Distr\The Bat\thebat.exe
O4 - Startup: FRITZ!DSL Startcenter.lnk = D:\Program Files\FRITZ!DSL\StCenter.exe
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://E:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=02V705V4&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=02V705V4&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=02V705V4&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=02V705V4&id=menu_ie_exclude
O8 - Extra context menu item: Download All Files by HiDownload - D:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - D:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=02V705V4&id=menu_ie_report
O8 - Extra context menu item: Semagic - E:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Закачать все при помощи FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Закачать при помощи FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Копировать в Semagic - E:\Program Files\Semagic\copy.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Cтатистика Веб-Антивируса - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Отправка в блог - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Отправка в блог Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Добавить в избранное мобильного устройства... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~2\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~2\FLASHGET\flashget.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - D:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\PROGRA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\PROGRA~1\FLASHD~1\iebt.dll (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143718624250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183151353359
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://vkontakte.ru/uploader/ImageUploader4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Avast4\ashWebSv.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - D:\Program Files\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - D:\Program Files\Common Files\AVM\de_serv.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - D:\WINDOWS\system32\services.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - D:\WINDOWS\system32\imapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - D:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - D:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - D:\WINDOWS\system32\sessmgr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - D:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - D:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - D:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - D:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 11763 bytes
-- HijackThis Fixed Entries (D:\Distr\ANTIVI~1\HIJACK~1\backups\) --------------
backup-20080119-013350-158 O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
backup-20080119-013350-314 O4 - HKCU\..\Run: [drvsyskit] D:\WINDOWS\system32\drivers\hldrrr.exe
backup-20080119-013350-489 O4 - HKCU\..\Run: [german.exe] D:\WINDOWS\system32\wintems.exe
backup-20080119-013350-303 O9 - Extra button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - D:\Program Files\Mail.Ru\Agent\magent.exe
backup-20080119-013350-358 O9 - Extra 'Tools' menuitem: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - D:\Program Files\Mail.Ru\Agent\magent.exe
backup-20080119-013350-329 O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 MCSTRM - d:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 Nsynas32 - d:\windows\system32\drivers\nsynas32.sys <Not Verified; Syncrosoft Hard- und Software GmbH; Internet Protection Hardware Driver>
R3 echo24 (Mia Service) - d:\windows\system32\drivers\echo24.sys <Not Verified; Echo Digital Audio Corp.; WDM driver for Gina24, Layla24, Mona, and Mia>
R3 pfc (Padus ASPI Shell) - d:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S0 BTHidMgr (Bluetooth HID Manager Service) - d:\windows\system32\drivers\bthidmgr.sys (file missing)
S3 BlueletAudio (Bluetooth Audio Service) - d:\windows\system32\drivers\blueletaudio.sys (file missing)
S3 BlueletSCOAudio (Bluetooth SCO Audio Service) - d:\windows\system32\drivers\blueletscoaudio.sys (file missing)
S3 BT (Bluetooth PAN Network Adapter) - d:\windows\system32\drivers\btnetdrv.sys (file missing)
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - d:\windows\system32\drivers\btcusb.sys (file missing)
S3 BTHidEnum (Bluetooth HID Enumerator) - d:\windows\system32\drivers\vbtenum.sys (file missing)
S3 CSQ200 (CSQ driver) - d:\windows\system32\drivers\csq200.sys
S3 emupia (E-mu Plug-in Architecture Driver) - d:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
S3 ggsemc (Sony Ericsson USB Flash Driver) - d:\windows\system32\drivers\ggsemc.sys <Not Verified; Sony Ericsson Mobile Communications; Gordon's Gate>
S3 KLIF - d:\windows\system32\drivers\klif.sys (file missing)
S3 MA_CMIDI (M-Audio USB Driver) - d:\windows\system32\drivers\ma_cmidi.sys <Not Verified; M-Audio; M-Audio USB MIDI Keyboard Interface>
S3 VComm (Virtual Serial port driver) - d:\windows\system32\drivers\vcomm.sys (file missing)
S3 VcommMgr (Bluetooth VComm Manager Service) - d:\windows\system32\drivers\vcommmgr.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AVM IGD CTRL Service - d:\program files\fritz!dsl\igdctrl.exe <Not Verified; AVM Berlin; AVM IGD Service>
R2 MA_CMIDI_InstallerService (M-Audio Series II MIDI Installer) - d:\program files\m-audio\m-audio series ii midi\ma_cmidi_inst.exe <Not Verified; ; MA_CMIDI USB MIDI Installer Service>
S3 de_serv (AVM FRITZ!web Routing Service) - d:\program files\common files\avm\de_serv.exe <Not Verified; AVM Berlin; AVM Rocky>
S3 WLSetupSvc (Windows Live Setup Service) - "d:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>
S4 Apple Mobile Device - "d:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 RichVideo (Cyberlink RichVideo Service(CRVS)) - "d:\program files\cyberlink\shared files\richvideo.exe" (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Мультимедиа аудиоконтроллер
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_97391849&REV_02\3&267A616A&0&FD
Manufacturer:
Name: Мультимедиа аудиоконтроллер
PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_97391849&REV_02\3&267A616A&0&FD
Service:
-- Files created between 2007-12-19 and 2008-01-19 -----------------------------
2008-01-19 13:38:30 0 d--hs---- D:\FOUND.000
2008-01-19 03:30:01 0 d-------- D:\Program Files\Avast4
2008-01-19 02:55:57 0 d-------- D:\Documents and Settings\nadishana.NADISHAN.000\DoctorWeb
2008-01-18 18:49:59 82258 --a------ D:\WINDOWS\system32\drivers\klin.dat
2008-01-18 18:49:59 82258 --a------ D:\WINDOWS\system32\drivers\klick.dat
2008-01-18 18:49:07 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-01-18 18:49:04 288 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-18 18:49:04 2080 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
2008-01-18 18:48:24 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-01-18 17:46:03 0 --a------ D:\WINDOWS\system32\CheckReboot_Kaspersky Anti-Virus Personal
2008-01-18 17:42:58 0 d-------- D:\Program Files\Registrar Registry Manager
2008-01-18 17:16:33 0 d-------- D:\WINDOWS\Prefetch
2008-01-18 16:16:40 0 d-------- D:\xp serial
2008-01-06 18:52:38 0 d-------- D:\Program Files\Microsoft Portrait
2008-01-06 05:10:56 0 d-------- D:\Program Files\Microsoft
2008-01-06 02:32:12 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-01-06 02:32:05 0 d-------- D:\Program Files\AoA Audio Extractor
2008-01-06 01:39:09 0 d-------- D:\Program Files\iPod
2008-01-06 01:31:39 0 d-------- D:\Program Files\Apple Software Update
2008-01-06 01:31:04 0 d-------- D:\Program Files\Common Files\Apple
2008-01-06 01:31:03 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2007-12-26 00:51:02 0 d-------- D:\Program Files\AutoText
2007-12-26 00:51:02 0 d-------- D:\Documents and Settings\nadishana.NADISHAN.000\Application Data\AutoText
-- Find3M Report ---------------------------------------------------------------
2008-01-19 02:26:18 460162 --a------ D:\WINDOWS\system32\perfh019.dat
2008-01-19 02:26:16 82354 --a------ D:\WINDOWS\system32\perfc019.dat
2008-01-18 17:04:54 24444 --a------ D:\WINDOWS\system32\emptyregdb.dat
2008-01-18 17:01:48 24 --a------ D:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000003-00001102-00000002-00201102}.dat
2008-01-18 17:01:48 24 --a------ D:\WINDOWS\system32\DVCState-{00000001-00000000-00000003-00001102-00000002-00201102}.dat
2008-01-18 05:36:18 664 --a------ D:\WINDOWS\system32\d3d9caps.dat
2007-12-07 18:55:38 0 d-------- D:\Program Files\Ableton
2007-12-03 15:24:28 0 d--hs---- D:\Program Files\Common Files\WindowsLiveInstaller
2007-11-28 02:52:02 0 d-------- D:\Documents and Settings\nadishana.NADISHAN.000\Application Data\PPLive
2007-11-28 02:51:50 0 d-------- D:\Program Files\PPLive
2007-11-28 02:34:02 0 d-------- D:\Program Files\P2PTVRecorder
2007-11-27 23:59:56 0 d-------- D:\Program Files\WinPcap
2007-11-20 20:04:48 0 d-------- D:\Program Files\My Friends Manager
2007-11-20 19:40:36 0 d-------- D:\Program Files\Open Adder
2007-11-19 02:23:52 0 d-------- D:\Program Files\Movica
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3705A11-9EDF-4149-B2FD-35347218273F}]
2006-03-06 04:33 114688 --a------ D:\Program Files\FlashSelector\FlashSelector.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="D:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"Ad Muncher"="D:\Program Files\Ad Muncher\AdMunch.exe" [2007-01-18 12:50]
"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2003-11-18 00:24]
"HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2003-11-18 00:11]
"BigDogPath"="D:\WINDOWS\VM_STI.exe" [2004-06-09 15:37]
"AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-01-19 00:17]
"avast!"="D:\PROGRA~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 17:21]
"AutoText"="D:\Program Files\AutoText\AutoText.exe" [2007-11-20 16:53]
"Rainlendar2"="D:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-04-15 07:31]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Remove H2O driver"=cmd.exe /c rd /q /s "D:\Program Files\SyncroSoft\Pos\H2O"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=D:\Program Files\MySpace\IM\MySpaceIM.exe
D:\Documents and Settings\nadishana.NADISHAN.000\ѓ« ў*®Ґ ¬Ґ*о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \
џа«лЄ ¤«п thebat.lnk - D:\Distr\The Bat\thebat.exe [2005-08-19 14:14:08]
FRITZ!DSL Startcenter.lnk - D:\Program Files\FRITZ!DSL\StCenter.exe [2007-10-02 08:56:28]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Главное меню^Программы^Автозагрузка^Adobe Acrobat Speed Launcher.lnk]
path=D:\Documents and Settings\All Users.WINDOWS\Главное меню\Программы\Автозагрузка\Adobe Acrobat Speed Launcher.lnk
backup=D:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Главное меню^Программы^Автозагрузка^BlueSoleil.lnk]
path=D:\Documents and Settings\All Users.WINDOWS\Главное меню\Программы\Автозагрузка\BlueSoleil.lnk
backup=D:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Главное меню^Программы^Автозагрузка^Microsoft Office.lnk]
path=D:\Documents and Settings\All Users.WINDOWS\Главное меню\Программы\Автозагрузка\Microsoft Office.lnk
backup=D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Главное меню^Программы^Автозагрузка^Privoxy.lnk]
path=D:\Documents and Settings\All Users.WINDOWS\Главное меню\Программы\Автозагрузка\Privoxy.lnk
backup=D:\WINDOWS\pss\Privoxy.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Главное меню^Программы^Автозагрузка^TrayMin300.exe.lnk]
path=D:\Documents and Settings\All Users.WINDOWS\Главное меню\Программы\Автозагрузка\TrayMin300.exe.lnk
backup=D:\WINDOWS\pss\TrayMin300.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^nadishana.NADISHAN.000^Главное меню^Программы^Автозагрузка^BuddyWave.lnk]
path=D:\Documents and Settings\nadishana.NADISHAN.000\Главное меню\Программы\Автозагрузка\BuddyWave.lnk
backup=D:\WINDOWS\pss\BuddyWave.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
D:\WINDOWS\VM_STI.EXE Philips SPC 300NC PC Camera
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
D:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmLoop]
"D:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
D:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
e:\Program Files\ICQLite\ICQLite.exe -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
D:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"D:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAgent]
D:\Program Files\Mail.Ru\Agent\MAgent.exe -LM
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
D:\PROGRA~1\ICQ\ICQNet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"D:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"D:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
D:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
D:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetAppel]
"E:\Program Files\NetAppel\NetAppel.exe" -nosplash -minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"D:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"E:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SparVoip]
"E:\Program Files\SparVoip\SparVoip.exe" -nosplash -minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
"e:\Program Files\TotalRecorder\TotRecSched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZeroPoint Search]
"D:\Program Files\ZeroPoint Search\search.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"CTStartup"=D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262c59b2-97e7-11da-a825-000b6a5bbbda}]
AutoRun\command- J:\preinst.exe
-- Hosts -----------------------------------------------------------------------
127.0.0.1 http://81.222.64.90/
127.0.0.1 www.business.lbn.ru
127.0.0.1 vissarion.fastbb.ru/index.pl?99
127.0.0.1 81.222.64.90
127.0.0.1 http://vissarion.fastbb.ru/gif/sm/
127.0.0.1 http://servedby.advertising.com/
127.0.0.1 http://content.cpxinteractive.com/
127.0.0.1 http://81.222.64.90/banners/
127.0.0.1 http://81.222.64.90/banners/0000231/0000231062/
127.0.0.1 http://content.yieldmanager.com/
-- End of Deckard's System Scanner: finished at 2008-01-19 16:41:02 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Other (0419) - see http://preview.tinyurl.com/mhhp6
CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 2038.8 MiB / 1566 MiB
Pagefile Memory (total/avail): 3935.26 MiB / 3622.78 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.1 MiB
A: is Removable (No Media)
C: is Fixed (FAT32) - 3.11 GiB total, 1.32 GiB free.
D: is Fixed (FAT32) - 74.54 GiB total, 3.03 GiB free.
E: is Fixed (FAT32) - 175.36 GiB total, 17.99 GiB free.
F: is Fixed (NTFS) - 7.79 GiB total, 2.43 GiB free.
G: is CDROM (No Media)
H: is CDROM (No Media)
\\.\PHYSICALDRIVE1 - SAMSUNG SP0802N - 74.56 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 74.56 GiB - D:
\\.\PHYSICALDRIVE0 - SAMSUNG SP2014N - 186.31 GiB - 3 partitions
\PARTITION0 (bootable) - Unknown - 3.12 GiB - C:
\PARTITION1 - Расшир. Win95/98 c расшир. IRQ13 - 183.19 GiB - E: - F:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FirewallOverride is set.
AV: avast! antivirus 4.7.1098 [VPS 080118-0] v4.7.1098 (ALWIL Software)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"D:\\Program Files\\MSN Messenger\\msncall.exe"="D:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="D:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="D:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="D:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\FRITZ!DSL\\FBOXUPD.EXE"="D:\\Program Files\\FRITZ!DSL\\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update"
"D:\\Program Files\\Google\\Google Talk\\googletalk.exe"="D:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"D:\\Program Files\\Messenger\\msmsgs.exe"="D:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\\Program Files\\SparVoip\\SparVoip.exe"="E:\\Program Files\\SparVoip\\SparVoip.exe:*:Enabled:SparVoip"
"E:\\Program Files\\NetAppel\\NetAppel.exe"="E:\\Program Files\\NetAppel\\NetAppel.exe:*:Enabled:NetAppel"
"D:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"="D:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe:*:Enabled:InternetCalls"
"E:\\Program Files\\Miranda LEM Pack\\miranda32.exe"="E:\\Program Files\\Miranda LEM Pack\\miranda32.exe:*:Enabled:Miranda IM"
"D:\\Distr\\Total Commander\\Totalcmd.exe"="D:\\Distr\\Total Commander\\Totalcmd.exe:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\\Program Files\\Real\\RealPlayer\\realplay.exe"="D:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"D:\\Program Files\\MSN Messenger\\msncall.exe"="D:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"G:\\fsetup.exe"="G:\\fsetup.exe:*:Enabled:AVM FSetup Application"
"D:\\Program Files\\Gizmo Project for LJ Talk\\mDNSResponder.exe"="D:\\Program Files\\Gizmo Project for LJ Talk\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\Program Files\\Gizmo Project for LJ Talk\\Gizmo-LJ.exe"="D:\\Program Files\\Gizmo Project for LJ Talk\\Gizmo-LJ.exe:*:Enabled:Gizmo Project for LJ Talk"
"D:\\Program Files\\Winamp\\winamp.exe"="D:\\Program Files\\Winamp\\winamp.exe:*:Enabled:Winamp"
"D:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"="D:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe:*:Enabled:VoipDiscount"
"D:\\Program Files\\Soulseek\\slsk.exe"="D:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"E:\\Program Files\\Soulseek\\slsk.exe"="E:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"D:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="D:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
"D:\\Distr\\HTTP File Server\\hfs.exe"="D:\\Distr\\HTTP File Server\\hfs.exe:*:Enabled:hfs"
"D:\\Distr\\HTTP File Server\\hfs.new.exe"="D:\\Distr\\HTTP File Server\\hfs.new.exe:*:Disabled:hfs.new"
"D:\\Program Files\\ZeroPoint Search\\search.exe"="D:\\Program Files\\ZeroPoint Search\\search.exe:*:Enabled:ZeroPointSearch"
"D:\\Program Files\\ZeroPoint Search\\zp.exe"="D:\\Program Files\\ZeroPoint Search\\zp.exe:*:Enabled:ZeroPointSearch2"
"D:\\Program Files\\FRITZ!Box Monitor\\FRITZBoxMonitor.exe"="D:\\Program Files\\FRITZ!Box Monitor\\FRITZBoxMonitor.exe:*:Enabled:FRITZ!Box Monitor"
"D:\\Program Files\\Miranda IM\\miranda32.exe"="D:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"D:\\Program Files\\GizmoPlugin\\GizmoPlugin.exe"="D:\\Program Files\\GizmoPlugin\\GizmoPlugin.exe:*:Enabled:GizmoPlugin"
"D:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"="D:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe:*:Enabled:JustVoip"
"D:\\Program Files\\TalQer\\TalQer.exe"="D:\\Program Files\\TalQer\\TalQer.exe:*:Enabled:TalQer"
"C:\\totalcmd\\TOTALCMD.EXE"="C:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="D:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="D:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="D:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"D:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"="D:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe:*:Enabled:VoipCheapCom"
"D:\\Program Files\\eMule\\emule.exe"="D:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\Program Files\\Jeyo Mobile Companion\\JeyoMobileCompanion.exe"="D:\\Program Files\\Jeyo Mobile Companion\\JeyoMobileCompanion.exe:*:Enabled:Jeyo Mobile Companion"
"D:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="D:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"D:\\Program Files\\ooVoo\\ooVoo.exe"="D:\\Program Files\\ooVoo\\ooVoo.exe:*:Enabled:ooVoo"
"I:\\Portable JustVoip 4\\Idefisk 2 Free\\Idefisk 2 Free.exe"="I:\\Portable JustVoip 4\\Idefisk 2 Free\\Idefisk 2 Free.exe:*:Enabled:Idefisk 2 Free"
"I:\\Portable JustVoip 4\\PhonerLite\\PhonerLite.exe"="I:\\Portable JustVoip 4\\PhonerLite\\PhonerLite.exe:*:Enabled:VoIP Softphone"
"D:\\Documents and Settings\\nadishana.NADISHAN.000\\Application Data\\Thinstall\\JustVoip\\40000070d00002h\\JustVoip.exe"="D:\\Documents and Settings\\nadishana.NADISHAN.000\\Application Data\\Thinstall\\JustVoip\\40000070d00002h\\JustVoip.exe:*:Enabled:JustVoip"
"I:\\voipcheap\\VoipCheapCom.exe"="I:\\voipcheap\\VoipCheapCom.exe:*:Enabled:VoipCheapCom"
"I:\\Portable JustVoip 4\\JustVoip\\JustVoip.exe"="I:\\Portable JustVoip 4\\JustVoip\\JustVoip.exe:*:Enabled:JustVoip"
"I:\\Portable JustVoip 4\\voipcheap\\VoipCheapCom.exe"="I:\\Portable JustVoip 4\\voipcheap\\VoipCheapCom.exe:*:Enabled:VoipCheapCom"
"D:\\Distr\\Tytn\\Multimedia\\CoolCameraXP_115\\CoolCameraXP.exe"="D:\\Distr\\Tytn\\Multimedia\\CoolCameraXP_115\\CoolCameraXP.exe:*:Enabled:CoolCameraXP"
"D:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"="D:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE:*:Enabled:Firefox"
"J:\\skype\\Skype.exe"="J:\\skype\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"D:\\Documents and Settings\\nadishana.NADISHAN.000\\Local Settings\\Temp\\RarSFX0\\TOTALCMD.EXE"="D:\\Documents and Settings\\nadishana.NADISHAN.000\\Local Settings\\Temp\\RarSFX0\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\\Program Files\\Nimbuzz\\Nimbuzz.exe"="D:\\Program Files\\Nimbuzz\\Nimbuzz.exe:*:Enabled:Nimbuzz"
"D:\\Program Files\\PoivY.com\\PoivY\\PoivY.exe"="D:\\Program Files\\PoivY.com\\PoivY\\PoivY.exe:*:Enabled:PoivY"
"D:\\Program Files\\Jeyo\\JMC_WindowsMobile\\JMC_WM.exe"="D:\\Program Files\\Jeyo\\JMC_WindowsMobile\\JMC_WM.exe:*:Enabled:Jeyo Mobile Companion"
"H:\\fsetup.exe"="H:\\fsetup.exe:*:Enabled:AVM FSetup Application"
"D:\\Distr\\FRITZ[1].Box_Fon_WLAN.03.91.recover\\Freenet\\FRITZ.Box_Fon_WLAN_7170.04.22.recover-image.exe"="D:\\Distr\\FRITZ[1].Box_Fon_WLAN.03.91.recover\\Freenet\\FRITZ.Box_Fon_WLAN_7170.04.22.recover-image.exe:*:Enabled:AvmRecover"
"D:\\Program Files\\FRITZ!fax\\igd_finder.exe"="D:\\Program Files\\FRITZ!fax\\igd_finder.exe:*:Enabled:igd_finder"
"D:\\Program Files\\FRITZ!DSL\\IGDCTRL.EXE"="D:\\Program Files\\FRITZ!DSL\\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe"
"D:\\Program Files\\MultimediaFeed.com\\MultimediaFeed MP3 Tagger\\MultimediaFeed MP3 Tagger.exe"="D:\\Program Files\\MultimediaFeed.com\\MultimediaFeed MP3 Tagger\\MultimediaFeed MP3 Tagger.exe:*:Enabled:MultimediaFeed MP3 Tagger"
"D:\\Program Files\\PPLive\\PPLive.exe"="D:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\Pando Networks\\Pando\\pando.exe"="D:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:Pando Application"
"D:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="D:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"E:\\Program Files\\Skype\\Phone\\Skype.exe"="E:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=D:\Documents and Settings\All Users.WINDOWS
APPDATA=D:\Documents and Settings\nadishana.NADISHAN.000\Application Data
CLASSPATH=.;D:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
COMMANDER_DRIVE=C:
COMMANDER_INI=C:\totalcmd\wincmd.ini
COMMANDER_PATH=C:\totalcmd
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=NADISHAN
ComSpec=D:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\nadishana.NADISHAN.000
LOGONSERVER=\\NADISHAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\system32\WBEM;D:\Program Files\Common Files\Adobe\AGL;D:\Program Files\Common Files\Teleca Shared;D:\Program Files\Microsoft SQL Server\80\Tools\Binn\;E:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=D:\Program Files
PROMPT=$P$G
QTJAVA=D:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\NADISH~1.000\LOCALS~1\Temp
TMP=D:\DOCUME~1\NADISH~1.000\LOCALS~1\Temp
USERDOMAIN=NADISHAN
USERNAME=nadishana
USERPROFILE=D:\Documents and Settings\nadishana.NADISHAN.000
windir=D:\WINDOWS
-- User Profiles ---------------------------------------------------------------
nadishana.NADISHAN.000 (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> "D:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
--> D:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
Антивирус Касперского 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Антивирус Касперского 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Помощник по входу в Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ABBYY FineReader 8.0 Professional Edition --> MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}
Ableton Live v7.0.1 --> "D:\Program Files\Ableton\Live 7.0.1\unins000.exe"
AC3Filter (remove only) --> D:\Program Files\AC3Filter\uninstall.exe
ACDSee 6.0 PowerPack --> MsiExec.exe /I{38A0BB97-772D-422E-BCCA-4BA2A5D81F42}
Ad Muncher --> D:\Program Files\Ad Muncher\AM-Install.exe /die
Adam's Vegas Edge Detection Plug-in --> D:\Program Files\Sony\Vegas 6.0\Video Plug-Ins\Uninstal.exe
Adobe Acrobat 7.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe GoLive CS2 English --> msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> D:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fD:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Antares Autotune DX v4.15 --> E:\PROGRA~2\ANTARES\AUTOTU~1\ANTARE~1\UNWISE.EXE E:\PROGRA~2\ANTARES\AUTOTU~1\ANTARE~1\INSTALL.LOG
ANWIDA Soft DX Reverb 1.1 --> C:\PROGRA~1\ANWIDA~1\DXREVE~1.1\UNWISE.EXE C:\PROGRA~1\ANWIDA~1\DXREVE~1.1\INSTALL.LOG
AoA Audio Extractor 1.0 --> "D:\Program Files\AoA Audio Extractor\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Auto Tuner Demo --> D:\WINDOWS\IsUninst.exe -f"D:\Program Files\4Pockets\4Pockets Auto Tuner Demo\Uninst.isu"
AutoText --> MsiExec.exe /I{E5A09A16-A9B6-41F7-A0A7-1ECC6AFB0E4B}
avast! Antivirus --> rundll32 D:\PROGRA~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Rootkit Free --> D:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVM FRITZ!Box Monitor --> "D:\Program Files\FRITZ!Box Monitor\install.exe" -d
AVM FRITZ!DSL --> D:\WINDOWS\IsUn0407.exe -f"D:\Program Files\FRITZ!DSL\WebUnins.isu" -c"D:\Program Files\FRITZ!DSL\Webunins.dll"
Awave Studio v8.0 --> C:\Program Files\Awave Studio 8.0\Uninstall.bat "C:\Program Files\Awave Studio 8.0\"
BuddyWave --> "D:\Program Files\BuddyWave\unins000.exe"
Canon Camera Window DS for ZoomBrowser EX --> D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon Camera Window DVC for ZoomBrowser EX --> D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}
Canon CanoScan Toolbox 5.0 --> "D:\Program Files\Canon\CanoScan Toolbox Ver5.0\Maint.exe" /UninstallRemove D:\Program Files\Canon\CanoScan Toolbox Ver5.0\uninst.ini
Canopus ProCoder --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FD5FDBC9-1EB4-4752-9AEC-C552DB69DFFC}\setup.exe" -l0x9
CanoScan LiDE 70 --> "D:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411 /L0x0019
CD-DVD Printer Application --> MsiExec.exe /I{9D94EB3B-6209-4A8D-A723-582CF3DEFCD9}
CD - DVD Publishing Service --> D:\Distr\Kunaki\Kunaki_CD-DVD_Publishing_Service.exe "-uninstall" -CD - DVD Publishing Service
Celemony Melodyne v3.0.1.5 Studio Edition --> E:\PROGRA~2\CELEMONY\MELODY~1.0\UNWISE.EXE E:\PROGRA~2\CELEMONY\MELODY~1.0\INSTALL.LOG
Clean My Registry v2.1 --> "D:\Program Files\Clean My Registry\unins000.exe"
Clean Ram 1.20 - Free --> "D:\Program Files\Clean Ram\unins000.exe"
Creative Vienna SoundFont Studio --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9 /remove
CuteZIP --> D:\PROGRA~1\GLOBAL~1\CUTEZIP\UNWISE32.EXE D:\PROGRA~1\GLOBAL~1\CUTEZIP\INSTALL.LOG
Dash Signature EMM Knagalis VSTi v1.28 --> E:\PROGRA~2\STEINB~1\VSTPLU~1\EMMKNA~1\EMMKNA~1\UNWISE.EXE E:\PROGRA~2\STEINB~1\VSTPLU~1\EMMKNA~1\EMMKNA~1\INSTALL.LOG
DasTelefonbuch. Alles in einem. Berlin 2007 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{3863FC48-9AA2-40A0-8883-C737E348F341}\setup.exe"
dBpowerAMP Music Converter --> "D:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>D:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
DebugMode FrameServer --> "D:\Program Files\DebugMode\FrameServer\fsuninst.exe"
DivX --> D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> D:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player --> D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EasySetOwner --> D:\Program Files\Microsoft ActiveSync\EasySetOwner\Uninstall.exe EasySetOwner
Echo24 Windows Driver --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BD8178CF-A294-4485-8BF6-129DFE3550B2}
eMule --> "D:\Program Files\eMule\Uninstall.exe"
Extensis pxl SmartScale 1.0 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FBFAA3B4-CCF0-40CA-9E82-3D0B9162A1ED}\Setup.exe" -l0x9 -uninst
Flash Decompiler --> "D:\Program Files\Flash Decompiler\unins000.exe"
FlashGet(JetCar) --> E:\PROGRA~2\FLASHGET\UNWISE.EXE E:\PROGRA~2\FLASHGET\INSTALL.LOG
FlashSelector 0.93b - Internet Explorer Add-In --> D:\Program Files\FlashSelector\uninstall.exe
floAt's Mobile Agent 2 --> "D:\Program Files\FMA 2\unins000.exe"
FLV Player 1.3.3 --> "D:\Program Files\FLVPlayer\uninstall.exe"
FriendBlasterPro --> "D:\Program Files\FriendBlasterPro\unins000.exe"
fring --> D:\Program Files\Microsoft ActiveSync\fring\Uninstall.exe fring
GarishKernels Egress v3.3.3 --> "D:\Program Files\Microsoft ActiveSync\GarishKernels Egress v3.3.3\unins000.exe"
GelbeSeiten Fьr Berlin 2004/2005 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{E45402BA-EA4D-4F4D-8F81-530F88A5800E}\setup.exe"
Google Talk (remove only) --> "D:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "d:\program files\google\googletoolbar4.dll"
GPS Information --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{219BB7DF-83BA-44C6-A362-D17981FBD285}\Setup.exe"
Guitar Tuner --> D:\WINDOWS\IsUninst.exe -f"D:\Program Files\4Pockets\4Pockets Guitar Tuner\Uninst.isu"
Hide IP Platinum 3.43 --> "D:\Program Files\Hide IP Platinum\unins000.exe"
HiDownload --> "D:\Program Files\HiDownload\unins000.exe"
HijackThis 2.0.2 --> "D:\Distr\Anti Virus programme\HijackThis\HijackThis.exe" /uninstall
Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE D:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
InternetCalls --> "D:\Program Files\InternetCalls.com\InternetCalls\unins000.exe"
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.1_01 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{1666FA7C-CB5F-11D6-A78C-00B0D079AF64}\setup.exe" Anytext
Java 2 Runtime Environment, SE v1.4.1_02 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java Web Start --> "D:\Program Files\Java Web Start\uninst-javaws.exe"
Jeyo Mobile Companion 1.1 --> "D:\Program Files\Jeyo Mobile Companion\unins000.exe"
Jeyo Mobile Companion 2.0 --> "D:\Program Files\Jeyo\JMC_WindowsMobile\unins000.exe"
JFritz 0.6.0 --> "D:\Program Files\JFritz\unins000.exe"
JustVoip --> "D:\Program Files\JustVoip.com\JustVoip\unins000.exe"
K-Lite Codec Pack 2.35 Full --> "D:\Program Files\K-Lite Codec Pack\unins000.exe"
K-metronome v1.8 - SyMBiAN --> D:\Program Files\Microsoft ActiveSync\K-metronome v1.8 - SyMBiAN\Uninstall.exe K-metronome v1.8 - SyMBiAN
Knzaudio Midifier v1.1 --> E:\PROGRA~2\VSTPLU~1\MIDIFI~1\UNINST~1\UNWISE.EXE E:\PROGRA~2\VSTPLU~1\MIDIFI~1\UNINST~1\INSTALL.LOG
Lame ACM MP3 Codec --> D:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 D:\WINDOWS\INF\LameACM.inf
Lexmark Z600 Series --> D:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
Light Alloy 3.4 --> D:\Program Files\Light Alloy\uninst.exe
Live 5.0.1 --> E:\PROGRA~2\ABLETON\LIVE50~1.1\INSTALL\UNWISE.EXE E:\PROGRA~2\ABLETON\LIVE50~1.1\INSTALL\INSTALL.LOG
LivePvrSync --> MsiExec.exe /I{A0229D5A-CA5A-498E-8DB1-611802A09306}
M-Audio Series II MIDI --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{379BD39E-F13E-458F-96D8-56BD7F2CC516}\setup.exe" -l0x9 -removeonly
Macromedia Dreamweaver 4 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{ABDA9912-5D00-11D4-BAE7-9367CA097955}\Setup.exe" mmUninstall
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Extension Manager --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" mmUninstall
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /I{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Magic Button --> D:\Program Files\Microsoft ActiveSync\Magic Button\Uninstall.exe Magic Button
Mail.Ru Агент 4.10 (сборка 1952, для всех пользователей) --> D:\Program Files\Mail.Ru\Agent\magentsetup.exe -uninstalllm
Mailing List Deluxe --> D:\Program Files\Mailing List Deluxe\uninstall.exe
MainConcept MPEG Encoder --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{DB10AF3B-E30E-49F9-84AC-26785D689E13} /l1033
Microsoft .NET Compact Framework 1.0 SP3 --> MsiExec.exe /I{12F7033F-3B47-4C9E-AB20-2EC556C40287}
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Outlook 2002 --> MsiExec.exe /I{911A0409-6000-11D3-8CFE-0050048383C9}
Microsoft Portrait --> MsiExec.exe /I{B8AC915C-64C5-4240-A7F3-25995740028E}
Microsoft Portrait 3.1 Beta --> MsiExec.exe /I{EADA46CF-7404-43BA-879A-4322F470928E}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Miranda IM --> D:\Program Files\Miranda IM\uninstall.exe
Movica --> MsiExec.exe /I{0C0B7766-DC95-4FD9-8CA5-7CD54CEDC61E}
Mozilla Firefox (2.0.0.8) --> D:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.9) --> I:\Programs\Firefox\App\firefox\uninstall\helper.exe
MPEG Video Wizard --> E:\PROGRA~2\WOMBLE~1\MPEGVI~1\UNWISE.EXE E:\PROGRA~2\WOMBLE~1\MPEGVI~1\INSTALL.LOG
MultimediaFeed MP3 Tagger v2.85 --> "D:\Program Files\MultimediaFeed.com\MultimediaFeed MP3 Tagger\unins000.exe"
My Friends Manager --> "D:\Program Files\My Friends Manager\unins000.exe"
MySpaceIM --> D:\Program Files\MySpace\IM\Uninstall.exe
Nero 6 Ultra Edition --> D:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetFront v3.3 for Pocket PC (PPC3ARENR106JV) --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A533F43A-2171-401F-91A3-223C5DE38434}\Setup.exe" -l0x9
Nimbuzz 0.14.12 --> D:\Program Files\Nimbuzz\Uninstall.exe
ooVoo --> D:\Program Files\InstallShield Installation Information\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\setup.exe -runfromtemp -l0x0009 -removeonly
Open Adder --> "D:\Program Files\Open Adder\unins000.exe"
Opera 9.23 --> MsiExec.exe /X{45A54FAD-AADB-4CD2-9E56-2507A15F013D}
P2P TV Recorder --> "D:\Program Files\P2PTVRecorder\unins000.exe"
Page Promoter --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{6D9C83CB-07E8-11D5-B189-00E07D8B90C2}\setup.exe"
PayPal Flash Button Creator 1.7 --> "D:\Program Files\PayPal Flash Button Creator 1-7\unins000.exe"
Philips SPC 300NC PC Camera --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{E12A328A-7F9C-48FB-9E98-F51549FEC2B6}\setup.exe" -l0x9
PhonerLite 1.32 --> "I:\Portable JustVoip 4\PhonerLite\unins000.exe"
PhonTunerInstall --> D:\Program Files\Microsoft ActiveSync\PhonTunerInstall\Uninstall.exe PhonTunerInstall
Photo Contacts PRO --> D:\PROGRA~1\PHOTOC~1\SetupCE.exe /U
Porta --> "D:\Program Files\Porta\uninstall.exe"
PPLive 1.6.28 --> D:\Program Files\PPLive\uninst.exe
Privoxy 3.0.6 --> "D:\Program Files\Vidalia Bundle\Uninstall.exe"
QuickLink Plugin for Windows Live Writer --> MsiExec.exe /I{70E70686-F43C-4802-84E7-EFA95194DD77}
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Rainlendar2 (remove only) --> "D:\Program Files\Rainlendar2\uninst.exe"
RapidSeek .NET Pro 2007 --> MsiExec.exe /I{9C56C07E-E230-4B9B-AA3B-0BAB1D9628CA}
RealPlayer --> D:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registrar Registry Manager 5.62 --> "D:\Program Files\Registrar Registry Manager\unins000.exe"
Registrar Registry Manager 5.62 (Lite Edition) --> "D:\Program Files\Registrar Registry Manager\unwise.exe"
Resco Audio Recorder --> D:\WINDOWS\RSetupCE.exe -uninstD:\Program Files\Resco\Audio Recorder\_Install.log
RTC Client API v1.2 --> MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
RTLSetup for Realtek RTL8139/810x Family NIC 3.00 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE
Semagic (remove only) --> "e:\Program Files\Semagic\uninstall.exe"
SKTools Lite --> D:\Program Files\Microsoft ActiveSync\SKTools Lite\Uninstall.exe SKTools Lite
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Softick Card Export II for Pocket PC --> D:\PROGRA~1\SOFTIC~1\SetupCE.exe /U
Softick Card Export II PPC 3.01 (remove only) --> "D:\Program Files\Softick\CardExportPPC\uninstall.exe"
Sonic Foundry Noise Reduction DX v2.0 --> D:\WINDOWS\UNWISE.EXE C:\AUDIO\SONICF~1\NOISEDX\INSTALL.LOG
Sony DVD Architect 3.0c --> MsiExec.exe /X{19024EBA-7B29-4491-BB4E-ECF9446819E4}
Sony Ericsson Communications Suite --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B8BC806D-0703-11D4-BB23-006008676AF8}\Setup.exe" -l0x9 -l0009 --remove=y
Sony Ericsson PC Suite 1.20.237 --> MsiExec.exe /I{D21635EA-7A89-4881-86A9-0C1DCBCD1317}
Sony Media Manager 2.2 --> MsiExec.exe /X{878D2EB2-2D55-42A9-955E-1E08F28529FD}
Sony Vegas 6.0 --> MsiExec.exe /X{5FCE0BF9-A1AA-4FA3-A28C-F62431CD52C4}
Sony Vegas 7.0 --> MsiExec.exe /X{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}
Sothink DHTMLMenu --> "D:\Program Files\Sothink DHTMLMenu\unins000.exe"
Sothink SWF Decompiler --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{87ECFEA1-7882-4FC7-A2E2-2AC0CC262EBC}\Setup.exe" -l0x9
SoulSeek Client 156c --> "e:\Program Files\Soulseek\uninstall.exe"
Sound Blaster Live! --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\Setup.exe" -l0x9
SparVoip --> "e:\Program Files\SparVoip\unins000.exe"
Speereo Voice Translator 3.7 --> "D:\Program Files\Speereo Voice Translator\unins000.exe"
SpiceFilters Plugins for Vegas Video --> D:\WINDOWS\IsUninst.exe -f"d:\program files\sony\vegas 6.0\video plug-ins\UninstPSMX.isu"
SpiceMaster Plugin for Vegas Video --> D:\WINDOWS\IsUninst.exe -f"d:\program files\sony\vegas 6.0\video plug-ins\UninstPSMV.isu"
Stadtplan --> D:\Program Files\Microsoft ActiveSync\Stadtplan\Uninstall.exe Stadtplan
Steinberg Cubase VST 32 5.1r1 --> E:\PROGRA~2\STEINB~1\CUBASE~1\UNWISE.EXE E:\PROGRA~2\STEINB~1\CUBASE~1\INSTALL.LOG
Steinberg MultiPlugInSetup --> D:\PROGRA~1\STEINB~1\WAVELAB\SYSTEM\PLUGINS\UNWISE.EXE D:\PROGRA~1\STEINB~1\WAVELAB\SYSTEM\PLUGINS\INSTALL.LOG
Steinberg WaveLab 5.01a --> E:\PROGRA~2\STEINB~1\WAVELAB\UNWISE.EXE E:\PROGRA~2\STEINB~1\WAVELAB\INSTALL.LOG
Swar Systems SwarPlug v1.0 --> D:\PROGRA~1\SWARPLUG\UNINST~1\UNWISE.EXE D:\PROGRA~1\SWARPLUG\UNINST~1\INSTALL.LOG
TaalMala --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{2C445F01-537A-4A7F-B27D-1BBBEFA45E03}\setup.exe" -uninst
TheBat! Sync WM --> "D:\Program Files\ArtelPlus\TheBatSyncWM\uninstall.exe"
Theme Generator --> MsiExec.exe /I{C36D65FB-ADC5-401F-AF0F-B374889B6354}
Tor 0.2.0.7-alpha --> "D:\Program Files\Vidalia Bundle\Uninstall.exe"
Total Commander (Remove or Repair) --> c:\totalcmd\tcuninst.exe
Tube 2 --> D:\Program Files\Microsoft ActiveSync\Tube 2\Uninstall.exe Tube 2
Ultra Fractal 4.01 --> D:\Program Files\Ultra Fractal 4\Uninst.exe
Ultrafunk Sonitus FX Pack v2.0a --> C:\AUDIO\SONITU~1\UNWISE.EXE C:\AUDIO\SONITU~1\INSTALL.LOG
Update Service --> "D:\Program Files\Sony Ericsson\Update Service\Uninstall Update Service\Uninstall Update Service.exe"
URL Helper --> "D:\Program Files\URLHelper\unins000.exe"
URL Helper --> D:\PROGRA~1\URLHEL~1\UNWISE.EXE D:\PROGRA~1\URLHEL~1\INSTALL.LOG
Vidalia 0.0.14 --> "D:\Program Files\Vidalia Bundle\Uninstall.exe"
Visual C++ 8.0 CRT (x86) WinSXS MSM Beta2 --> MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM Beta2 --> MsiExec.exe /I{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 MFC (x86) WinSXS MSM Beta2 --> MsiExec.exe /I{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM Beta2 --> MsiExec.exe /I{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}
VoipCheapCom --> "D:\Program Files\VoipCheapCom\unins000.exe"
VoipDiscount --> "D:\Program Files\VoipDiscount.com\VoipDiscount\unins000.exe"
VoipStunt --> "D:\Program Files\VoipStunt.com\VoipStunt\unins000.exe"
Waves Diamond Bundle v5.2 --> E:\PROGRA~2\WAVES\DIAMON~1\UNWISE.EXE E:\PROGRA~2\WAVES\DIAMON~1\INSTALL.LOG
Waves IR1 v5.0 --> E:\PROGRA~2\WAVES\UNINST~2\UNWISE.EXE E:\PROGRA~2\WAVES\UNINST~2\INSTALL.LOG
Weather Services --> D:\WINDOWS\system32\control.exe D:\WINDOWS\system32\wxfw.cpl,4
WebCamera Plus 1.05 --> "D:\Program Files\Ateksoft\WebCamera Plus\unins000.exe"
WiFiFoFum --> MsiExec.exe /I{F5A7052F-2AF4-4CBA-8951-26B91476BDAB}
Winamp (remove only) --> "D:\Program Files\Winamp\UninstWA.exe"
WinAVIVideoConverter --> "D:\Program Files\WinAVIVideoConverter\unins000.exe"
Windows Live installer --> MsiExec.exe /X{61C981F9-FF8A-46EC-B6FE-FF8B293F36D3}
Windows Live Messenger --> MsiExec.exe /I{5EF03FE3-40FD-457E-B67E-698BA2FD889F}
Windows Live Writer --> MsiExec.exe /X{EBAF5243-A9A7-4AB6-92FC-0E77436EEA76}
WinPcap 4.0 --> D:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> e:\Program Files\WinRAR\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type2827 / Error
Event Submitted/Written: 01/19/2008 04:32:13 AM
Event ID/Source: 1000 / Application Error
Event Description:
Ошибка приложения rainlendar2.exe, версия 2.1.0.0, модуль rainlendar2.exe, версия 2.1.0.0, адрес 0x00004141.
Выполняется специальное событие для [rainlendar2.exe!ws!]
Event Record #/Type2826 / Error
Event Submitted/Written: 01/19/2008 04:31:33 AM
Event ID/Source: 1000 / Application Error
Event Description:
Ошибка приложения rainlendar2.exe, версия 2.1.0.0, модуль rainlendar2.exe, версия 2.1.0.0, адрес 0x00004141.
Выполняется специальное событие для [rainlendar2.exe!ws!]
Event Record #/Type2817 / Error
Event Submitted/Written: 01/18/2008 08:26:08 PM
Event ID/Source: 1000 / Application Error
Event Description:
Ошибка приложения IGDCTRL.EXE, версия 1.0.1.2004, модуль AVMIGD.DLL, версия 1.0.0.2004, адрес 0x000155f2.
Выполняется специальное событие для [IGDCTRL.EXE!ws!]
Event Record #/Type2813 / Error
Event Submitted/Written: 01/18/2008 07:25:43 PM
Event ID/Source: 11923 / MsiInstaller
Event Description:
Product: ESET NOD32 Antivirus -- Error 1923. Service 'Eset Service' (ekrn) could not be installed. Verify that you have sufficient privileges to install system services.
Event Record #/Type2812 / Error
Event Submitted/Written: 01/18/2008 07:25:41 PM
Event ID/Source: 11923 / MsiInstaller
Event Description:
Product: ESET NOD32 Antivirus -- Error 1923. Service 'Eset Service' (ekrn) could not be installed. Verify that you have sufficient privileges to install system services.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type28789 / Error
Event Submitted/Written: 01/19/2008 04:18:06 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Сбой при загрузке драйвера(ов) перезагрузки или запуска системы:
AVG Anti-Rootkit
sptd
Event Record #/Type28788 / Error
Event Submitted/Written: 01/19/2008 04:18:06 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Служба "Беспроводная настройка" является зависимой от службы "NDIS-протокол ввода/вывода пользовательского режима", которую не удалось запустить из-за ошибки
%%1058
Event Record #/Type28787 / Error
Event Submitted/Written: 01/19/2008 04:17:24 PM
Event ID/Source: 30013 / ipnathlp
Event Description:
DHCP-распределитель отключил себя по IP-адресу 192.168.178.21, поскольку
этот IP-адрес лежит вне области 192.168.0.0/255.255.255.0,
из которой выбираются адреса, распределяемые DHCP-клиентам.
Чтобы включить DHCP-распределитель по этому IP-адресу,
измените область, включающую IP-адрес,или измените
IP-адрес так, чтобы он попал в эту область.
Event Record #/Type28783 / Error
Event Submitted/Written: 01/19/2008 04:16:06 PM / 01/19/2008 04:17:06 PM
Event ID/Source: 4 / sptd
Event Description:
Обнаружена внутренняя ошибка в структуре данных драйвера для .
Event Record #/Type28769 / Error
Event Submitted/Written: 01/19/2008 02:03:16 PM
Event ID/Source: 10010 / DCOM
Event Description:
Регистрация сервера {4991D34B-80A1-4291-83B6-3328366B9097} DCOM не прошла за отведенное время ожидания.
-- End of Deckard's System Scanner: finished at 2008-01-19 16:41:02 ------------
IceSword process:
Process:
System Idle Process
System
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\SMSS.EXE
D:\Program Files\FRITZ!DSL\IGDCTRL.EXE
D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Ad Muncher\AdMunch.exe
D:\Program Files\Avast4\ashMaiSv.exe
D:\Program Files\Avast4\ashWebSv.exe
D:\Program Files\Avast4\ashDisp.exe
D:\WINDOWS\system32\csrss.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\VM_STI.EXE
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\alg.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Avast4\aswUpdSv.exe
D:\Program Files\Avast4\ashServ.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\Program Files\AutoText\AutoText.exe
E:\Program Files\Opera\Opera.exe
D:\Distr\Anti Virus programme\IceSword\IceSword122en\IceSword.exe
D:\Program Files\Rainlendar2\Rainlendar2.exe
D:\Program Files\Microsoft ActiveSync\rapimgr.exe
D:\Distr\The Bat\thebat.exe
D:\Program Files\FRITZ!DSL\StCenter.exe
D:\WINDOWS\system32\svchost.exe
C:\totalcmd\TOTALCMD.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\devldr32.exe
IceSword Service:
Started Service:
Service Name:ALG Display Name:Служба шлюза уровня приложения
Service Name:aswUpdSv Display Name:avast! iAVS4 Control Service
Service Name:AudioSrv Display Name:Windows Audio
Service Name:avast! Antivirus Display Name:avast! Antivirus
Service Name:avast! Mail Scanner Display Name:avast! Mail Scanner
Service Name:avast! Web Scanner Display Name:avast! Web Scanner
Service Name:AVM IGD CTRL Service Display Name:AVM IGD CTRL Service
Service Name:Browser Display Name:Обозреватель компьютеров
Service Name:CryptSvc Display Name:Службы криптографии
Service Name:DcomLaunch Display Name:Запуск серверных процессов DCOM
Service Name:Dhcp Display Name:DHCP-клиент
Service Name:dmserver Display Name:Диспетчер логических дисков
Service Name:Dnscache Display Name:DNS-клиент
Service Name:ERSvc Display Name:Служба регистрации ошибок
Service Name:Eventlog Display Name:Журнал событий
Service Name:EventSystem Display Name:Система событий COM+
Service Name:FastUserSwitchingCompatibility Display Name:Совместимость быстрого переключения пользователей
Service Name:helpsvc Display Name:Справка и поддержка
Service Name:HTTPFilter Display Name:Протокол HTTP SSL
Service Name:lanmanserver Display Name:Сервер
Service Name:lanmanworkstation Display Name:Рабочая станция
Service Name:LexBceS Display Name:LexBce Server
Service Name:LmHosts Display Name:Модуль поддержки NetBIOS через TCP/IP
Service Name:MA_CMIDI_InstallerService Display Name:M-Audio Series II MIDI Installer
Service Name:Netman Display Name:Сетевые подключения
Service Name:Nla Display Name:Служба сетевого расположения (NLA)
Service Name:PlugPlay Display Name:Plug and Play
Service Name:PolicyAgent Display Name:Службы IPSEC
Service Name:ProtectedStorage Display Name:Защищенное хранилище
Service Name:RasAuto Display Name:Диспетчер авто-подключений удаленного доступа
Service Name:RasMan Display Name:Диспетчер подключений удаленного доступа
Service Name:RemoteRegistry Display Name:Удаленный реестр
Service Name:RpcSs Display Name:Удаленный вызов процедур (RPC)
Service Name:SamSs Display Name:Диспетчер учетных записей безопасности
Service Name:Schedule Display Name:Планировщик заданий
Service Name:seclogon Display Name:Вторичный вход в систему
Service Name:SENS Display Name:Уведомление о системных событиях
Service Name:SharedAccess Display Name:Брандмауэр Windows/Общий доступ к Интернету (ICS)
Service Name:ShellHWDetection Display Name:Определение оборудования оболочки
Service Name:Spooler Display Name:Диспетчер очереди печати
Service Name:srservice Display Name:Служба восстановления системы
Service Name:SSDPSRV Display Name:Служба обнаружения SSDP
Service Name:stisvc Display Name:Служба загрузки изображений (WIA)
Service Name:TapiSrv Display Name:Телефония
Service Name:TermService Display Name:Службы терминалов
Service Name:Themes Display Name:Темы
Service Name:TrkWks Display Name:Клиент отслеживания изменившихся связей
Service Name:upnphost Display Name:Узел универсальных PnP-устройств
Service Name:W32Time Display Name:Служба времени Windows
Service Name:WebClient Display Name:Веб-клиент
Service Name:winmgmt Display Name:Инструментарий управления Windows
Service Name:wuauserv Display Name:Автоматическое обновление
sorry, i have russian winXP. and Icesword don't want to give me the log for SSDT, however i don't see any red lines in any logs there.
Rorschach112
2008-01-19, 19:49
Seems you have got rid of it :)
Few small things to do
You have two anti-viruses, Kaspersky and Avast, so you need to remove one of these
Are you having any visible problems ?
Yes, i'll uninstall kaspersky. No visible problems now!
Thanks for your help!
Rorschach112
2008-01-19, 20:11
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
I want to delete the logs of my system if possible. How can i do this?
Rorschach112
2008-01-19, 20:25
There should be a folder called C:\Deckards System Scanner
Delete that
Then delete your IceSword folder and any logs you have saved to your desktop.
That should get rid of everything. Let me know if you have any more problems
No, i mean i want to delete my logs from this forum, but i can't find EDIT or DELETE button
Rorschach112
2008-01-19, 20:34
Neither one of us can do that :)
I will have to ask the boss here. One of us will let you know about it.
These logs don't show any information that can get used against you in any way so you don't have to worry.
i'd be glad to delete them anyway, so please ask the boss :)
Hello.
No, i mean i want to delete my logs from this forum, but i can't find EDIT or DELETE button
Deleting a topic would cause a 404 error as it is already in search engines and cached.
What reason would you have for removal please. You may sent me a PM (personal message).
Best regards.