Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Infected By Bagle


  • This topic is locked This topic is locked
2 replies to this topic

#1 jarnix

jarnix

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 25 May 2008 - 12:20 PM

Hello,
my PC is infected by Bagle (detected by Malware Bytes Anti Malware), maybe something else ?

I tried everything I know...

Finally, starting Windows in normal mode, I succeeded in getting a "main.txt" from DSS (no "extra"). I can get the extra in no failure mode.

I'm posting here the main.txt log from DSS :

Deckard's System Scanner v20071014.68
Run by Roland Mackie on 2008-05-25 19:08:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Roland Mackie.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09, on 2008-05-25
Platform: Windows Vista SP1, v.744 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.17128)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\PKR\pkrpal.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\GetRight\getright.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Opera 9.5 beta\opera.exe
C:\Users\Roland Mackie\Desktop\dss22.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ROLAND~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PD0870 STISvc] RunDLL32.exe P0870Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DU Meter] C:\Windows\system32\DUMeter.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211716605537
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC4602D7-8C94-4BD5-A796-FEE12F0F117A}: NameServer = 212.27.32.5,212.27.32.6
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9956 bytes

-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-06-26 19:53:06 0 d-------- C:\Program Files\AtomixMP3
2008-06-25 01:30:03 0 d-------- C:\Windows\system32\RTCOM
2008-05-25 19:05:38 0 d-------- C:\Windows\system32\drivers\downld
2008-05-25 18:59:26 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-05-25 18:55:14 68096 --a------ C:\Windows\zip.exe
2008-05-25 18:55:14 49152 --a------ C:\Windows\VFind.exe
2008-05-25 18:55:14 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-25 18:55:14 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-25 18:55:14 98816 --a------ C:\Windows\sed.exe
2008-05-25 18:55:14 80412 --a------ C:\Windows\grep.exe
2008-05-25 18:55:14 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-25 18:55:06 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-25 18:04:04 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-05-25 17:51:58 0 d-------- C:\Program Files\Trend Micro
2008-05-21 01:40:29 39380 --a------ C:\Windows\system32\drivers\lgcoromdm.sys <Not Verified; LG Electronics Inc.; LG KS20 USB Modem Driver>
2008-05-21 01:40:29 37788 --a------ C:\Windows\system32\drivers\lgcorodiag.sys <Not Verified; LG Electronics Inc.; LG KS20 USB Diagnostics Driver>
2008-05-21 01:40:29 21440 --a------ C:\Windows\system32\drivers\lgcorobus.sys <Not Verified; LG Electronics Inc.; LG KS20 USB Multi function Driver>
2008-05-21 01:40:29 0 d-------- C:\Program Files\LG Electronics
2008-05-19 01:03:39 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-11 23:51:10 0 d-------- C:\Program Files\PKR
2008-05-11 21:58:54 0 d-------- C:\Users\Roland Mackie\TaoUSign
2008-05-06 20:59:49 0 d-------- C:\Program Files\Common Files\Apple
2008-05-06 20:57:29 0 d-------- C:\Program Files\Apple Software Update
2008-05-04 20:02:01 0 d-------- C:\Program Files\Combined Community Codec Pack
2008-05-04 17:49:29 0 d-------- C:\Program Files\Atmosphere Lite
2008-05-02 21:13:09 0 d-------- C:\Windows\Downloaded Installations
2008-05-01 15:22:02 408576 --a------ C:\Windows\system32\Smab.dll
2008-05-01 15:22:02 70656 --a------ C:\Windows\system32\i420vfw.dll
2008-05-01 15:22:02 719872 --a------ C:\Windows\system32\devil.dll
2008-05-01 15:22:02 27648 --a------ C:\Windows\system32\AVSredirect.dll
2008-05-01 15:22:02 318976 --a------ C:\Windows\system32\avisynth.dll
2008-05-01 15:22:02 66560 --a------ C:\Windows\MOTA113.exe
2008-05-01 15:22:01 217073 --a------ C:\Windows\meta4.exe
2008-05-01 15:22:01 0 d-------- C:\Program Files\AviSynth 2.5
2008-05-01 15:14:34 1191936 --a------ C:\Windows\RtlUpd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update and remove driver Tool>
2008-05-01 15:14:34 98304 --a------ C:\Windows\RTKAUDIOSERVICE.EXE <Not Verified; Realtek Semiconductor; Realtek Audio Service>
2008-05-01 15:14:34 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-05-01 15:12:07 0 d-------- C:\Program Files\STOIK Imaging
2008-04-27 20:05:43 0 d-------- C:\Program Files\Freecorp


-- Find3M Report ---------------------------------------------------------------

2008-06-26 17:31:06 0 d-------- C:\Users\Roland Mackie\AppData\Roaming\TeraCopy
2008-05-25 19:05:44 0 d-------- C:\Program Files\Steam
2008-05-25 18:00:38 0 d-------- C:\Program Files\Alliance
2008-05-25 15:08:31 12 --a------ C:\Windows\bthservsdp.dat
2008-05-25 14:25:12 0 d-------- C:\Program Files\GetRight
2008-05-25 13:36:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-25 03:18:04 0 d-------- C:\Users\Roland Mackie\AppData\Roaming\Azureus
2008-05-24 18:00:37 650462 --a------ C:\Windows\system32\prfh0816.dat
2008-05-24 18:00:37 634020 --a------ C:\Windows\system32\prfh0416.dat
2008-05-24 18:00:37 127778 --a------ C:\Windows\system32\prfc0816.dat
2008-05-24 18:00:37 121690 --a------ C:\Windows\system32\prfc0416.dat
2008-05-24 18:00:37 581434 --a------ C:\Windows\system32\perfh01F.dat
2008-05-24 18:00:37 589098 --a------ C:\Windows\system32\perfh01D.dat
2008-05-24 18:00:37 644592 --a------ C:\Windows\system32\perfh019.dat
2008-05-24 18:00:37 373380 --a------ C:\Windows\system32\perfh011.dat
2008-05-24 18:00:37 669340 --a------ C:\Windows\system32\perfh00C.dat
2008-05-24 18:00:37 426924 --a------ C:\Windows\system32\perfh00B.dat
2008-05-24 18:00:37 115032 --a------ C:\Windows\system32\perfc01F.dat
2008-05-24 18:00:37 117098 --a------ C:\Windows\system32\perfc01D.dat
2008-05-24 18:00:37 125472 --a------ C:\Windows\system32\perfc019.dat
2008-05-24 18:00:37 101052 --a------ C:\Windows\system32\perfc011.dat
2008-05-24 18:00:37 123350 --a------ C:\Windows\system32\perfc00C.dat
2008-05-24 18:00:37 80414 --a------ C:\Windows\system32\perfc00B.dat
2008-05-21 01:01:22 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-19 01:03:45 0 d-------- C:\Users\Roland Mackie\AppData\Roaming\Malwarebytes
2008-05-17 12:11:37 0 d-------- C:\Program Files\PeerGuardian2
2008-05-08 15:10:12 0 d-------- C:\Program Files\Common Files\Steam
2008-05-08 02:28:36 0 d-------- C:\Users\Roland Mackie\AppData\Roaming\Adobe
2008-05-06 20:59:49 0 d-------- C:\Program Files\Common Files
2008-05-02 21:53:49 0 d-------- C:\Program Files\QuickTime
2008-05-02 21:22:14 0 d-------- C:\Users\Roland Mackie\AppData\Roaming\Apple Computer
2008-05-02 21:13:32 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-01 15:14:39 0 d-------- C:\Users\Roland Mackie\AppData\Roaming\STOIK
2008-04-29 01:02:45 0 d-------- C:\Users\Roland Mackie\AppData\Roaming\CDBurnerXP_Soft
2008-04-21 20:02:58 0 d-------- C:\Users\Roland Mackie\AppData\Roaming\SQLyog
2008-04-21 20:02:29 0 d-------- C:\Program Files\SQLyog Community
2008-04-20 23:05:40 0 d-------- C:\Program Files\Azureus
2008-04-20 21:46:15 0 d-------- C:\Program Files\TeraCopy
2008-04-17 01:28:24 0 d-------- C:\Program Files\BirdieSync
2008-04-17 01:28:05 0 d-------- C:\Users\Roland Mackie\AppData\Roaming\BirdieSync
2008-04-14 22:55:58 0 d-------- C:\Program Files\Chronopolys
2008-04-13 19:21:17 0 d--h----- C:\Program Files\Zero G Registry
2008-04-13 18:53:45 0 d-------- C:\Program Files\PowerISO
2008-04-11 23:37:31 0 d-------- C:\Users\Roland Mackie\AppData\Roaming\Souptoys
2008-04-11 23:37:15 0 d-------- C:\Program Files\GamesBar
2008-04-11 23:37:12 0 d-------- C:\Program Files\Oberon Media
2008-04-11 23:37:12 0 d-------- C:\Program Files\Common Files\Oberon Media
2008-04-09 00:26:12 4979454 --a------ C:\Windows\Aubade1.scr
2008-04-09 00:25:43 0 d-------- C:\Users\Roland Mackie\AppData\Roaming\iScreensaver
2008-04-07 03:23:49 0 d-------- C:\Program Files\CDBurnerXP
2008-04-03 01:41:40 0 d-------- C:\Program Files\Opera
2008-04-02 02:59:12 0 d-------- C:\Users\Roland Mackie\AppData\Roaming\Opera
2008-04-02 02:59:02 0 d-------- C:\Program Files\Opera 9.5 beta
2008-04-02 00:48:20 0 d-------- C:\Users\Roland Mackie\AppData\Roaming\Creative
2008-04-02 00:44:48 0 d-------- C:\Program Files\Creative


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54]
"PD0870 STISvc"="P0870Pin.dll" [2005-05-04 19:00 C:\Windows\System32\P0870Pin.dll]
"CTHelper"="CTHELPER.EXE" [2007-12-12 17:56 C:\Windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-12-12 17:56 C:\Windows\System32\CTXFIHLP.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-17 15:37]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37]
"PKR Pal"="C:\Program Files\PKR\pkrpal.exe" [2008-05-11 23:51]
"CanalPlayerHelper"="C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-02 09:31]
"DU Meter"="C:\Windows\system32\DUMeter.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-02 09:32]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 13:14]
"CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2007-11-29 13:27]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2006-05-26 10:01]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-02 09:31]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-05-25 17:19]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe [2008-01-20 19:57:07]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34b901a2-088f-11dd-a68d-001a4d590588}]
AutoRun\command- G:\wd_windows_tools\setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-25 19:09:39 ------------



Please help me !!!

BC AdBot (Login to Remove)

 


m

#2 jarnix

jarnix
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 25 May 2008 - 02:45 PM

OK I solved it by myself finally...

I don't know how to add a [CLOSED] to the topic.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,723 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:42 PM

Posted 25 May 2008 - 07:59 PM

Hello jarnix,

I'm glad your problem has been resolved. Thank you for letting us know. Since this your problem is resolved, I shall go ahead and close this topic.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users