What is a "trojan agent/gen"?

Solved
Saber03 Posted messages 135 Status Member -  
jacques.gache Posted messages 34829 Status Security Contributor -
Hello,

I see that when I run a super anti-spy, there's a "trojan agent/gen"... can someone tell me what that is, and what risks I face with this thing?

Thanks
Configuration: Windows XP Firefox 3.5.2

33 answers

  • 1
  • 2
  1. Anonymous user
     
    Hello

    Impossible to tell you, because the "name" trojan agent/gen is "generic"; I would need the name of the detected file to tell you more.

    --
    Practice makes perfect!
    2
  2. Saber03 Posted messages 135 Status Member 1
     
    The problem is that it only shows me this name "trojan agent/gen" via "super anti spyware", and it's only once in a while...

    I don't understand

    Apparently, I caught this from emule...

    But where is it hiding? No idea...

    :-) thanks
    0
  3. jacques.gache Posted messages 34829 Status Security Contributor 1 645
     
    Apparently, I got this from eMule...

    Thanks to P2P!!! Otherwise, post an RSIT so we can see where it is

    • Download Random's System Information Tool (RSIT) from Random/Random and save it to your Desktop.
    • Double-click on RSIT.exe to launch the tool.
    • Click on "Continue" on the Disclaimer screen.
    • If the HijackThis tool is not present or detected on the computer, RSIT will download it (allow access in your firewall if it asks) and you will need to accept the license.
    • Once the scan is complete, two reports will appear: please post them in two separate messages

    PS: The reports are located here:

    C:\rsit\info.txt

    C:\rsit\log.txt

    Tutorial to help you

    --
    Everyone remains the master of their own PC
    0
  4. Saber03 Posted messages 135 Status Member 1
     
    I'm doing that right away, thank you :-)
    0
  5. Saber03 Posted messages 135 Status Member 1
     
    I mistakenly allowed the trojan, I'm freaking out!!! Thanks again, here is the report:
    0
  6. Saber03 Posted messages 135 Status Member 1
     
    ```html info.txt logfile of random's system information tool 1.06 2009-06-24 22:31:45

    ======Uninstall list======

    --> -c"C:\Program Files\Ulead Systems\Ulead COOL 360\IS32Inst.dll"
    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\Program Files\MAGIX\Speed2_burnR_mxcdr\unwise.exe
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Able MPEG2 Editor 2.4 Trial-->"C:\Program Files\Able MPEG2 Editor 2.4 Trial\unins000.exe"
    ABRCrypt-->"C:\Program Files\ABRCrypt\uninstall.exe"
    AC-Plug V2.01-->"C:\Program Files\iOpus\AC-Plug\unins000.exe"
    Adastra FREESTAR-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Coeli\Adastra FREESTAR\DeIsL1.isu" -c"C:\Program Files\Coeli\Adastra FREESTAR\_ISREG32.DLL"
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9.1.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Adobe® Photoshop® Album Edition Découverte 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
    Alice Auto-diagnostic-->C:\Program Files\TechCity Solutions\AliceSAV\uninstall.exe
    Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93F599DF-519B-4706-A3F1-9530DF2590B4}\SETUP.EXE" -l0x40c
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    Audio CD Magic 1.0-->"C:\Program Files\AudioCDMagic\unins000.exe"
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Blitzkrieg 2-->C:\Program Files\Blitzkrieg 2\Uninstall\uninstall.exe /C "/U:C:\Program Files\Blitzkrieg 2\Uninstall\uninstall.xml"
    Blitzkrieg Burning Horizon-->C:\PROGRA~1\BLITZK~3\UNINST~1\UNWISE.EXE C:\PROGRA~1\BLITZK~3\UNINST~1\INSTALL.LOG
    Blitzkrieg Rolling Thunder-->C:\PROGRA~1\BLITZK~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\BLITZK~1\UNINST~1\INSTALL.LOG
    Blitzkrieg-->C:\PROGRA~1\NIVALI~1\BLITZK~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\NIVALI~1\BLITZK~1\UNINST~1\INSTALL.LOG
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    CamStudio-->C:\Program Files\CamStudio\uninstall.exe
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Dealio Toolbar 3.1.1-->MsiExec.exe /X{F38E1EF1-BBD6-4743-AF84-021E26B0481C}
    Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
    DivX Codec-->G:\acceuil\DivX\DivXCodecUninstall.exe /CODEC
    DivX Player-->G:\acceuil\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Plus DirectShow Filters-->G:\acceuil\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
    DivX Web Player-->G:\acceuil\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    DV Camcorder-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE3A3126-D6B4-4FCE-8FD6-E33C49B4282D}\Setup.exe"
    DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    Firebird SQL Server - MAGIX Edition-->C:\Program Files\MAGIX\Common\Database\unwise.exe
    Flash Decompiler-->"C:\Program Files\Eltima Software\Flash Decompiler\unins000.exe"
    foobar2000-->"C:\Program Files\foobar2000\uninstall.exe"
    Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
    Frontal Attack 1.0-->"C:\program files\Nival Interactive\Blitzkrieg\setup\uninst.exe"
    Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
    Green Devils-->C:\PROGRA~1\BLITZK~1\UNINST~2\UNWISE.EXE C:\PROGRA~1\BLITZK~1\UNINST~2\INSTALL.LOG
    Hauppauge English Help Files and Resources-->C:\PROGRA~1\WinTV\UNHLPeng.EXE C:\PROGRA~1\WinTV\WTV2Keng.LOG
    Hauppauge WinTV DVB-T EPG Service-->C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\UnEPGService.LOG
    Hauppauge WinTV Infrared Remote-->C:\PROGRA~1\WinTV\UNir32.EXE C:\PROGRA~1\WinTV\ir32.LOG
    Hauppauge WinTV Radio-->C:\PROGRA~1\WinTV\UNrad32.EXE C:\PROGRA~1\WinTV\RADIO32.LOG
    Hauppauge WinTV Scheduler-->C:\PROGRA~1\WinTV\SCHEDU~1\uniSCHED.exe C:\PROGRA~1\WinTV\SCHEDU~1\uniSCHED.log
    Hauppauge WinTV Soft PVR-->C:\PROGRA~1\WinTV\UNSftPVR.EXE C:\PROGRA~1\WinTV\softpvr.LOG
    Hauppauge WinTV TV Services-->C:\PROGRA~1\WinTV\uniTvSrv.exe C:\PROGRA~1\WinTV\UniTVSrv.LOG
    Hauppauge WinTV2000-->C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Indeo® Software-->C:\WINDOWS\IsUninst.exe -fg:\acceuil\Uninst.isu
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
    InterVideo FilterSDK for Hauppauge-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}\setup.exe" REMOVEALL
    iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
    J2SE Development Kit 5.0 Update 11-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150110}
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
    Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
    KC Softwares VideoInspector-->"C:\Program Files\KC Softwares\VideoInspector\unins000.exe"
    Kit de Connexion Alice ADSL-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A0221AD-D30B-4320-8F9B-1D0F0E6C6843}\setup.exe" -l0x40c ControlPanel
    Le Sphinx-->C:\SphinxME\Licence\UNWISE.EXE C:\SphinxME\Licence\install.log
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    LOTO Alchimie DEMO-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\LOTO\LOTO Alchimie DEMO\DeIsL1.isu" -c"C:\Program Files\LOTO\LOTO Alchimie DEMO\_ISREG32.DLL"
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Matroska Pack - Lazy Man's MKV 1.0.1-alpha6-->"C:\Program Files\LD-Anime\unins000.exe"
    Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe"
    MediaInfo 0.7.5.2-->C:\Program Files\MediaInfo\uninst.exe
    Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{3585ED1C-74C5-43B0-A232-831B96A12A2B}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
    Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
    Microsoft Sync Framework Services Native v1.0 (x86)-->&MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Microsoft WorldWide Telescope-->MsiExec.exe /I{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}
    Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    MobileMe Control Panel-->MsiExec.exe /I{C7EEC93A-2A61-4B1E-B696-A264680A889D}
    Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MPEG2 Decoders-->C:\Program Files\MPEG2_Decoders\Uninstall.exe
    MSN Messenger 7.5-->MsiExec.exe /I{BAFD3C1E-03EC-11DA-BFBD-00065BBDC0B5}
    MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    Multimedia Launcher-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
    Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    Nuclear Coffee - VideoGet 2.0.2.26 Trial-->"C:\Program Files\Nuclear Coffee\VideoGet\uninstall.exe"
    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    Odebit Multimédia V3.2-->"C:\Program Files\Odebit Multimédia\V3.2\unins000.exe"
    OpenOffice.org 1.9.79-->MsiExec.exe /I{D64CB110-5067-460E-A19C-8C2C6856D494}
    OscilloSpectro2003-->"C:\WINDOWS\VIPunins.exe" "C:\Program Files\OscilloSpectro2003\uninst.inf"
    Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
    Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
    Podmailer Beta 1-->C:\Program Files\zSlide\Podmailer\uninstall.exe
    Proactive Information Corporation Interactive Real Time Weather Screensaver 7.0.7-->C:\WINDOWS\UnDeploy.exe "C:\Program Files\Proactive Information Corporation\Delta MEC Real Time Weather Screensaver\Deploy.log"
    QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
    Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
    SAGEM F@st 800-840-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x40c
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    Services Windows Media 4.1-->C:\Program Files\Windows Media Components\Server\uninstal.exe /U
    SigmaTel MSCN Audio Player-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}\Setup.exe" -l0x40c
    SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
    Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
    SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    Turbine Video Encoder - Free Edition 1.0-->"C:\Program Files\Turbine Video Encoder\unins000.exe"
    Ulead COOL 360 1.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}\setup.exe" -l0x40c -uninst
    ULi M5289 SATA Controller Driver-->C:\WINDOWS\system32\unM5289.EXE C:\WINDOWS\IsUninst.exe -y -fC:\WINDOWS\system32\ALiM5289.isu
    ULi PCI 10-100 Fast Ethernet Controller Driver-->C:\WINDOWS\system32\UnLAN.EXE C:\WINDOWS\IsUninst.exe -y -fC:\WINDOWS\system32\ALiLAN.isu
    ULi PCI to AGP Controller Driver-->C:\WINDOWS\system32\UnAGP.EXE C:\WINDOWS\IsUninst.exe -y -fC:\WINDOWS\system32\ALiAGP.isu
    Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
    UsbFix-->C:\UsbFix\Uninstal.exe
    VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
    VD Codec Pack 3.4-->C:\Program Files\VDCodecPack3.4\uninst.exe
    VDownloader 0.77-->"C:\Program Files\VDOWNLOADER\unins000.exe"
    Version 2-->"C:\Program Files\deo\unins000.exe"
    Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
    Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
    VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Wanadoo Messager-->C:\PROGRA~1\WANADO~1\UNWISE.EXE C:\PROGRA~1\WANADO~1\INSTALL.LOG
    Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
    Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
    Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
    Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Creativity Fun Packs - Windows Movie Maker 2-->MsiExec.exe /X{DA2D4D11-1811-4A24-B719-BF9F048C6106}
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe
    X-VCD Player-->C:\PROGRA~1\X-VCDP~1\UNWISE.EXE C:\PROGRA~1\X-VCDP~1\INSTALL.LOG
    XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"
    Yahoo! Extras-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
    Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

    ======Hosts File======

    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 www.032439.com

    ======Security center information======

    AV: AVG 7.5.476
    AV: avast! antivirus 4.8.1335 [VPS 090625-0]

    ======System event log======

    Computer Name: RAJI-1E11DCCF00
    Event Code: 7000
    Message: The Icatch(IV) Video Camera Device service failed to start due to the error:
    The specified file is not found.

    Record Number: 41869
    Source Name: Service Control Manager
    Time Written: 20090606102453.000000+120
    Event Type: error
    User:

    Computer Name: RAJI-1E11DCCF00
    Event Code: 7000
    Message: The General Purpose USB Driver (adildr.sys) service failed to start due to the error:
    The service cannot be started because it is disabled or there is no enabled device associated with it.

    Record Number: 41868
    Source Name: Service Control Manager
    Time Written: 20090606102453.000000+120
    Event Type: error
    User:

    Computer Name: RAJI-1E11DCCF00
    Event Code: 10
    Message: This drive does not seem to support digital audio playback.

    Record Number: 41867
    Source Name: redbook
    Time Written: 20090606102441.000000+120
    Event Type: Information
    User:

    Computer Name: RAJI-1E11DCCF00
    Event Code: 10
    Message: This drive does not seem to support digital audio playback.

    Record Number: 41866
    Source ```
    0
  7. Saber03 Posted messages 135 Status Member 1
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by RAJI at 2009-09-07 20:11:25
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 27 GB (53%) free of 50 GB
    Total RAM: 1535 MB (52% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:11:49, on 07/09/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\iOpus\AC-Plug\acplug.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\RAJI\Desktop\RSIT.exe
    C:\Program Files\trend micro\RAJI.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [AliceSAV] "C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTALL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: 42 AC Plug.lnk = C:\Program Files\iOpus\AC-Plug\acplug.exe
    O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
    O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: Direct Addition - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menu item: &Direct Addition in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra 'Tools' menu item: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menu item: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menu item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
    O9 - Extra 'Tools' menu item: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
    O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

    --
    End of file - 9709 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Google Software Updater.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Assistant Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
    "AliceSAV"=C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe [2005-12-16 81408]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-07-20 7110656]
    "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-03-06 177472]
    "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTALL~1\UPDATE~1\ISUSPM.exe [2004-04-17 196608]
    "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-09-22 1871872]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
    rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    C:\PROGRA~1\Wanadoo\Watch.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quick Launch of Adobe Reader.lnk]
    C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^RAJI^Start Menu^Programs^Startup^OpenOffice.org 1.9.79.lnk]
    C:\PROGRA~1\OPENOF~1.79\program\QUICKS~1.EXE [2005-02-14 61440]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe
    DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\Documents and Settings\RAJI\Start Menu\Programs\Startup
    42 AC Plug.lnk - C:\Program Files\iOpus\AC-Plug\acplug.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "NoDriveAutoRun"=FFFFFFFF
    "NoFind"=0
    "NoFolderOptions"=0
    "NoRun"=0
    "NoDrives"=0
    "HonorAutoRunSetting"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
    "C:\Program Files\zSlide\Podmailer\Podmailer.exe"="C:\Program Files\zSlide\Podmailer\Podmailer.exe:*:Enabled:Podmailer"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Dreamcatcher\Superpower 2\joshua.exe"="C:\Program Files\Dreamcatcher\Superpower 2\joshua.exe:*:Disabled:joshua"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4ded9ab-fb8e-11dd-b0dd-005070161ad5}]
    shell\Auto\command - cmd /C launch.bat
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    ======List of files/folders created in the last 1 months======

    2009-09-07 19:53:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
    2009-09-07 19:53:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
    2009-09-07 19:52:50 ----A---- C:\WINDOWS\imsins.BAK
    2009-09-07 19:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
    2009-09-07 19:44:42 ----A---- C:\WINDOWS\system32\jscript.dll
    2009-08-24 20:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
    2009-08-23 20:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
    2009-08-21 23:55:34 ----D---- C:\WINDOWS\system32\XPSViewer
    2009-08-21 23:55:30 ----D---- C:\Program Files\MSBuild
    2009-08-21 23:55:28 ----D---- C:\WINDOWS\system32\en-US
    2009-08-21 23:55:22 ----D---- C:\Program Files\Reference Assemblies
    2009-08-21 23:54:55 ----N---- C:\WINDOWS\system32\prntvpt.dll
    2009-08-21 23:54:54 ----N---- C:\WINDOWS\system32\xpssvcs.dll
    2009-08-21 23:54:54 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
    2009-08-17 20:13:24 ----A---- C:\UsbFix.txt
    2009-08-15 17:44:16 ----D---- C:\UsbFix
    2009-08-14 22:48:48 ----D---- C:\Documents and Settings\RAJI\Application Data\Nokia
    2009-08-14 22:48:46 ----D---- C:\Documents and Settings\RAJI\Application Data\PC Suite
    2009-08-14 22:48:45 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite
    2009-08-14 22:46:03 ----D---- C:\Program Files\Common Files\PCSuite
    2009-08-14 22:45:56 ----D---- C:\Program Files\Common Files\Nokia
    2009-08-14 22:45:49 ----D---- C:\Program Files\DIFX
    2009-08-14 22:45:38 ----D---- C:\Program Files\PC Connectivity Solution
    2009-08-14 22:45:25 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
    2009-08-14 22:45:24 ----D---- C:\Program Files\Nokia
    2009-08-14 22:45:01 ----A---- C:\WINDOWS\system32\ptpusb.dll
    2009-08-14 22:45:00 ----A---- C:\WINDOWS\system32\ptpusd.dll
    2009-08-14 22:40:59 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
    2009-08-13 19:43:43 ----D---- C:\WORT
    2009-08-13 19:31:42 ----A---- C:\WINDOWS\system32\gnc.txt
    2009-08-13 19:31:39 ----A---- C:\WINDOWS\system32\gnc.exe
    2009-08-13 19:17:44 ----D---- C:\Program Files\Navilog1
    2009-08-11 20:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
    2009-08-11 20:05:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
    2009-08-11 20:05:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
    2009-08-11 20:04:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
    2009-08-11 20:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
    2009-08-11 20:04:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
    2009-08-11 20:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
    2009-08-11 20:04:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
    2009-08-11 20:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
    2009-08-11 20:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
    2009-08-09 21:17:01 ----D---- C:\Documents and Settings\All Users\Application Data\Apowersoft
    2009-08-09 21:16:38 ----D---- C:\Program Files\Apowersoft
    0
  8. jacques.gache Posted messages 34829 Status Security Contributor 1 645
     
    Hello, you need to organize your protection tools because there is an overload, you have:
    Alwil Avast! Antivirus Crawler®Spyware Terminator SUPERAntiSpyware.com®SUPERAntiSpyware Grisoft®AVG Antivirus Grisoft AVG AntiSpyware Microsoft Windows Live OneCare Family Safety 


    for your information: https://forum.malekal.com/viewtopic.php?t=4650&start=

    otherwise you are going to run usbfix option 1 and 2 and then malwarebytes and post a new log.txt from RSIT, Thank you

    1) for usbfix

    • Download and install http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe from C_XX & Chiquitine29

    (!) Plug in your external data sources to your PC, (USB key, external hard drive, etc...) that may have been infected without opening them

    • Double click on the UsbFix shortcut on your desktop.

    • Choose the option 1 (Search)

    • Let the tool work.

    • Then post the UsbFix.txt report that will appear.

    • Note: The UsbFix.txt report is saved at the root of the disk. (C:\UsbFix.txt)

    (CTRL+A to select all, CTRL+C to copy and CTRL+V to paste)

    • Note: "Process.exe", a component of the tool, is detected by some antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
    It is not a virus, but a utility designed to terminate processes.
    In the wrong hands, this utility could stop security software (Antivirus, Firewall...) hence the alert issued by these antivirus programs.

    • Tutorial: http://pagesperso-orange.fr/NosTools/usbfix.html

    ##################### | XP _ Removal | ########################

    (!) Plug in your external data sources to your PC, (USB key, external hard drive, etc...) that may have been infected without opening them

    • Double click on the UsbFix shortcut on your desktop

    • Choose the option 2 (Removal)

    • Your desktop will disappear and the PC will restart.

    • Upon restart, UsbFix will scan your PC, let the tool work.

    • Then post the UsbFix.txt report that will appear with the desktop.

    • Note: The UsbFix.txt report is saved at the root of the disk. (C:\UsbFix.txt)

    (CTRL+A to select all, CTRL+C to copy and CTRL+V to paste)

    . UsbFix will suggest uploading a compressed folder to this address: https://www.androidworld.fr/

    This folder was created by UsbFix and is saved on your desktop.

    Please send it to the indicated address to help the UsbFix author in their research.

    Thank you in advance for your contribution!!

    2) for malwarebytes

    Download Malwarebytes' Anti-Malware: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    . On the page click on Download Malwarebyte's Anti-Malware
    . Save it on the desktop
    . Double click on the downloaded file to start the installation process.
    . If the firewall asks for permission for malwarebytes to connect, accept
    . Go to the Search tab
    . Select Run a full scan
    . Click Search
    . The scan begins.
    . At the end of the scan, a message appears: The scan completed normally. Click 'Show results' to display all found items.
    . Click Ok to proceed.
    . If any malware was detected, click Show results
    . Select all (or leave checked) and click Delete selection Malwarebytes will destroy the files and registry keys and place a copy in quarantine.
    . Malwarebytes will open Notepad and copy the scan report there.
    . restart the PC if it does not do it itself
    . Once restarted, double-click on malwarebytes
    . Go to the report/log tab
    . Click on it to display it once displayed
    . click on edit at the top of Notepad, and then on select all
    . Click on edit again and then on copy and return to the forum and in your reply
    . Right-click in the response box and paste

    If you need help, watch this tutorial:
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    3) post a new log.txt from RSIT

    --
    Everyone remains the master of their PC
    0
  9. Saber03 Posted messages 135 Status Member 1
     
    I'm going to do all that, okay!!!

    I can't use my mouse anymore, the right-click doesn't work for copy-paste, for example!!!

    I made the mistake of allowing the trojan and superantispy doesn't detect it anymore since I authorized it, please help me with this

    and on top of that, every time I check my "C" drive, there's less and less space even though I'm not downloading anything!!!

    I'm panicking!!!

    Do you think a reformatting of my PC is necessary???
    0
  10. jacques.gache Posted messages 34829 Status Security Contributor 1 645
     
    if there's a problem with the mouse to paste the reports, display it and then press CTRL+A to select all, CTRL+C to copy, go back to the discussion and CTRL+V to paste
    --
    Everyone remains the master of their PC
    0
  11. Saber03 Posted messages 135 Status Member 1
     
    ############################## | UsbFix V6.028 |

    User : RAJI (Administrators) # RAJI-1E11DCCF00
    Update on 08/09/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 19:42:23 | 08/09/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html

    AMD Athlon(tm) 64 Processor 3000+
    Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 7.0.5730.11
    Windows Firewall Status : Enabled
    AV : AVG 7.5.476 7.5.476 [ Enabled | Updated ]
    AV : avast! antivirus 4.8.1335 [VPS 090909-0] 4.8.1335 [ Enabled | Updated ]

    A:\ -> 3.5-inch Floppy Drive
    C:\ -> Local Hard Disk # 48.83 Go (25.79 Go free) # NTFS
    D:\ -> CD-ROM Drive
    E:\ -> CD-ROM Drive
    F:\ -> CD-ROM Drive
    G:\ -> Local Hard Disk # 103.83 Go (103.72 Go free) # NTFS
    I:\ -> Local Hard Disk # 465.64 Go (314.95 Go free) [Elements] # FAT32
    J:\ -> Removable Disk # 966.99 Mo (50.84 Mo free) [IPOD (RAJI)] # FAT32

    ############################## | Active Processes |

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\iOpus\AC-Plug\acplug.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## | Infected Files # Folders |

    Present ! C:\autorun.inf
    Present ! G:\autorun.inf
    Present ! I:\autorun.inf
    Present ! J:\autorun.inf

    ################## | Registry # Infected Run Keys |

    ################## | Registry # Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\{b4ded9ab-fb8e-11dd-b0dd-005070161ad5}
    Shell\Auto\command =cmd /C launch.bat
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    ################## | ! End of report # UsbFix V6.028 ! |
    0
  12. jacques.gache Posted messages 34829 Status Security Contributor 1 645
     
    Hello, continue with option 2 of usbfix, malwarebytes, and a new RSIT as requested in message 8
    --
    Everyone remains the master of their PC
    0
  13. Saber03 Posted messages 135 Status Member 1
     
    C is done ;-)
    and I sent what you asked me

    ############################## | UsbFix V6.028 |

    User : RAJI (Administrators) # RAJI-1E11DCCF00
    Update on 08/09/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 22:57:13 | 08/09/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html

    AMD Athlon(tm) 64 Processor 3000+
    Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 7.0.5730.11
    Windows Firewall Status : Enabled
    AV : AVG 7.5.476 7.5.476 [ Enabled | Updated ]
    AV : avast! antivirus 4.8.1335 [VPS 090909-0] 4.8.1335 [ Enabled | Updated ]

    A:\ -> 3.5 inch floppy disk
    C:\ -> Local hard disk # 48.83 Go (25.5 Go free) # NTFS
    D:\ -> CD-ROM drive
    E:\ -> CD-ROM drive
    F:\ -> CD-ROM drive
    G:\ -> Local hard disk # 103.83 Go (103.72 Go free) # NTFS
    I:\ -> Local hard disk # 465.64 Go (314.95 Go free) [Elements] # FAT32
    J:\ -> Removable disk # 966.99 Mo (50.84 Mo free) [IPOD (RAJI)] # FAT32

    ############################## | Active processes |

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## | Infectious files # Folders |

    Deleted! C:\autorun.inf
    Deleted! G:\autorun.inf
    Deleted! I:\autorun.inf
    Deleted! J:\autorun.inf

    ################## | Registry # Infectious Run keys |

    Deleted! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDrives"
    Deleted! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoFind"
    Deleted! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoFolderOptions"
    Deleted! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoRun"

    ################## | Registry # Mountpoints2 |

    Deleted! HKCU\...\Explorer\MountPoints2\{b4ded9ab-fb8e-11dd-b0dd-005070161ad5}\Shell\Auto\Command

    ################## | Listing of present files |

    [18/02/2009 00:25|--ah-----|54752] C:\aaw7boot.cmd
    [05/05/2007 00:59|--a------|0] C:\AUTOEXEC.BAT
    [05/05/2007 00:56|---hs----|215] C:\boot.ini
    [05/08/2004 14:00|-rahs----|4952] C:\Bootfont.bin
    [22/09/2005 15:52|--a------|0] C:\CONFIG.SYS
    [22/09/2005 15:52|-rahs----|0] C:\IO.SYS
    [25/03/2009 23:44|--a------|13367] C:\JavaRa.log
    [22/09/2005 15:52|-rahs----|0] C:\MSDOS.SYS
    [05/08/2004 14:00|-rahs----|47564] C:\NTDETECT.COM
    [25/03/2009 23:22|-rahs----|252240] C:\ntldr
    [?|?|?] C:\pagefile.sys
    [03/05/2009 19:02|--a------|43] C:\Playlist.m3u
    [02/12/2006 05:28|--ah-----|268] C:\sqmdata00.sqm
    [05/12/2006 15:05|--ah-----|268] C:\sqmdata01.sqm
    [06/12/2006 05:19|--ah-----|268] C:\sqmdata02.sqm
    [29/12/2006 20:01|--ah-----|268] C:\sqmdata03.sqm
    [31/12/2006 12:55|--ah-----|268] C:\sqmdata04.sqm
    [06/01/2007 20:16|--ah-----|268] C:\sqmdata05.sqm
    [03/02/2007 13:57|--ah-----|268] C:\sqmdata06.sqm
    [11/02/2007 00:09|--ah-----|268] C:\sqmdata07.sqm
    [12/02/2007 18:47|--ah-----|268] C:\sqmdata08.sqm
    [25/02/2007 02:53|--ah-----|268] C:\sqmdata09.sqm
    [28/02/2007 04:10|--ah-----|268] C:\sqmdata10.sqm
    [01/03/2007 20:57|--ah-----|268] C:\sqmdata11.sqm
    [14/03/2007 04:07|--ah-----|268] C:\sqmdata12.sqm
    [16/03/2007 23:34|--ah-----|268] C:\sqmdata13.sqm
    [17/03/2007 00:09|--ah-----|268] C:\sqmdata14.sqm
    [14/04/2007 20:18|--ah-----|268] C:\sqmdata15.sqm
    [26/06/2007 08:13|--ah-----|268] C:\sqmdata16.sqm
    [05/03/2008 22:07|--ah-----|268] C:\sqmdata17.sqm
    [30/10/2008 14:51|--ah-----|292] C:\sqmdata18.sqm
    [30/10/2008 14:51|--ah-----|232] C:\sqmdata19.sqm
    [02/12/2006 05:28|--ah-----|244] C:\sqmnoopt00.sqm
    [05/12/2006 15:05|--ah-----|244] C:\sqmnoopt01.sqm
    [06/12/2006 05:19|--ah-----|244] C:\sqmnoopt02.sqm
    [29/12/2006 20:01|--ah-----|244] C:\sqmnoopt03.sqm
    [31/12/2006 12:55|--ah-----|244] C:\sqmnoopt04.sqm
    [06/01/2007 20:16|--ah-----|244] C:\sqmnoopt05.sqm
    [03/02/2007 13:57|--ah-----|244] C:\sqmnoopt06.sqm
    [11/02/2007 00:09|--ah-----|244] C:\sqmnoopt07.sqm
    [12/02/2007 18:47|--ah-----|244] C:\sqmnoopt08.sqm
    [25/02/2007 02:53|--ah-----|244] C:\sqmnoopt09.sqm
    [28/02/2007 04:10|--ah-----|244] C:\sqmnoopt10.sqm
    [01/03/2007 20:57|--ah-----|244] C:\sqmnoopt11.sqm
    [14/03/2007 04:07|--ah-----|244] C:\sqmnoopt12.sqm
    [16/03/2007 23:34|--ah-----|244] C:\sqmnoopt13.sqm
    [17/03/2007 00:09|--ah-----|244] C:\sqmnoopt14.sqm
    [14/04/2007 20:18|--ah-----|244] C:\sqmnoopt15.sqm
    [26/06/2007 08:13|--ah-----|244] C:\sqmnoopt16.sqm
    [05/03/2008 22:07|--ah-----|244] C:\sqmnoopt17.sqm
    [30/10/2008 14:51|--ah-----|244] C:\sqmnoopt18.sqm
    [30/10/2008 14:51|--ah-----|244] C:\sqmnoopt19.sqm
    [08/09/2009 22:59|--a------|5793] C:\UsbFix.txt

    ################## | Upload |

    Please send the file: C:\DOCUME~1\RAJI\Desktop\UsbFix_Upload_Me_RAJI-1E11DCCF00.zip : https://www.androidworld.fr/
    Thank you for your contribution.

    ################## | ! End of report # UsbFix V6.028 ! |
    0
  14. jacques.gache Posted messages 34829 Status Security Contributor 1 645
     
    ok you run malwarebytes and a new RSIT personally I'll take over tomorrow night
    --
    Everyone stays in control of their PC
    0
  15. Saber03 Posted messages 135 Status Member 1
     
    3 items detected by anti m :-)

    thank you

    Malwarebytes' Anti-Malware 1.40
    Database version: 2773
    Windows 5.1.2600 Service Pack 3

    09/09/2009 21:47:59
    mbam-log-2009-09-09 (21-47-59).txt

    Scan type: Complete scan (C:\|G:\|I:\|)
    Items scanned: 173360
    Elapsed time: 36 minute(s), 9 second(s)

    Infected memory process(es): 0
    Infected memory module(s): 0
    Infected Registry key(s): 0
    Infected Registry value(s): 0
    Infected Registry data item(s): 0
    Infected folder(s): 0
    Infected file(s): 3

    Infected memory process(es):
    (No harmful items detected)

    Infected memory module(s):
    (No harmful items detected)

    Infected Registry key(s):
    (No harmful items detected)

    Infected Registry value(s):
    (No harmful items detected)

    Infected Registry data item(s):
    (No harmful items detected)

    Infected folder(s):
    (No harmful items detected)

    Infected file(s):
    C:\Program Files\VDCodecPack1.3\videoinspector.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    C:\Program Files\VDCodecPack1.6\videoinspector.1.7.1.89.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    C:\Program Files\VDCodecPack3.4\videoinspector.1.9.1.103.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    0
  16. Saber03 Posted messages 135 Status Member 1
     
    Malwarebytes' Anti-Malware 1.40
    Database version: 2773
    Windows 5.1.2600 Service Pack 3

    09/09/2009 21:47:59
    mbam-log-2009-09-09 (21-47-59).txt

    Scan type: Full scan (C:\|G:\|I:\|)
    Items examined: 173360
    Elapsed time: 36 minute(s), 9 second(s)

    Infected memory process(es): 0
    Infected memory module(s): 0
    Infected Registry key(s): 0
    Infected Registry value(s): 0
    Infected Registry data item(s): 0
    Infected folder(s): 0
    Infected file(s): 3

    Infected memory process(es):
    (No harmful items detected)

    Infected memory module(s):
    (No harmful items detected)

    Infected Registry key(s):
    (No harmful items detected)

    Infected Registry value(s):
    (No harmful items detected)

    Infected Registry data item(s):
    (No harmful items detected)

    Infected folder(s):
    (No harmful items detected)

    Infected file(s):
    C:\Program Files\VDCodecPack1.3\videoinspector.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    C:\Program Files\VDCodecPack1.6\videoinspector.1.7.1.89.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    C:\Program Files\VDCodecPack3.4\videoinspector.1.9.1.103.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    0
  17. Saber03 Posted messages 135 Status Member 1
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by RAJI at 2009-09-09 22:20:35
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 27 GB (53%) free of 50 GB
    Total RAM: 1535 MB (68% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:20:43, on 09/09/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\iOpus\AC-Plug\acplug.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\imapi.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\RAJI\Desktop\RSIT.exe
    C:\Program Files\trend micro\RAJI.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [AliceSAV] "C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: 42 AC Plug.lnk = C:\Program Files\iOpus\AC-Plug\acplug.exe
    O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
    O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: Direct Add - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Direct Add in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
    O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

    --
    End of file - 9803 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Google Software Updater.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Assistant Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
    "AliceSAV"=C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe [2005-12-16 81408]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-07-20 7110656]
    "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-03-06 177472]
    "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-04-17 196608]
    "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-09-22 1871872]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
    rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    C:\PROGRA~1\Wanadoo\Watch.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Quick Launch of Adobe Reader.lnk]
    C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^RAJI^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 1.9.79.lnk]
    C:\PROGRA~1\OPENOF~1.79\program\QUICKS~1.EXE [2005-02-14 61440]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe
    DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\Documents and Settings\RAJI\Menu Démarrer\Programmes\Démarrage
    42 AC Plug.lnk - C:\Program Files\iOpus\AC-Plug\acplug.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=255
    "NoDriveAutoRun"=FFFFFFFF
    "HonorAutoRunSetting"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
    "C:\Program Files\zSlide\Podmailer\Podmailer.exe"="C:\Program Files\zSlide\Podmailer\Podmailer.exe:*:Enabled:Podmailer"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Dreamcatcher\Superpower 2\joshua.exe"="C:\Program Files\Dreamcatcher\Superpower 2\joshua.exe:*:Disabled:joshua"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    ======List of files/folders created in the last 1 months======

    2009-09-09 22:07:53 ----A---- C:\WINDOWS\system32\hzuhwfct.txt
    2009-09-08 22:57:00 ----A---- C:\UsbFix.txt
    2009-09-07 19:53:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
    2009-09-07 19:53:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
    2009-09-07 19:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
    2009-09-07 19:44:42 ----A---- C:\WINDOWS\system32\jscript.dll
    2009-08-24 20:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
    2009-08-23 20:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
    2009-08-21 23:55:34 ----D---- C:\WINDOWS\system32\XPSViewer
    2009-08-21 23:55:30 ----D---- C:\Program Files\MSBuild
    2009-08-21 23:55:28 ----D---- C:\WINDOWS\system32\en-US
    2009-08-21 23:55:22 ----D---- C:\Program Files\Reference Assemblies
    2009-08-21 23:54:55 ----N---- C:\WINDOWS\system32\prntvpt.dll
    2009-08-21 23:54:54 ----N---- C:\WINDOWS\system32\xpssvcs.dll
    2009-08-21 23:54:54 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
    2009-08-15 17:44:16 ----D---- C:\UsbFix
    2009-08-14 22:48:48 ----D---- C:\Documents and Settings\RAJI\Application Data\Nokia
    2009-08-14 22:48:46 ----D---- C:\Documents and Settings\RAJI\Application Data\PC Suite
    2009-08-14 22:48:45 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite
    2009-08-14 22:46:03 ----D---- C:\Program Files\Common Files\PCSuite
    2009-08-14 22:45:56 ----D---- C:\Program Files\Common Files\Nokia
    2009-08-14 22:45:49 ----D---- C:\Program Files\DIFX
    2009-08-14 22:45:38 ----D---- C:\Program Files\PC Connectivity Solution
    2009-08-14 22:45:25 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
    2009-08-14 22:45:24 ----D---- C:\Program Files\Nokia
    2009-08-14 22:45:01 ----A---- C:\WINDOWS\system32\ptpusb.dll
    2009-08-14 22:45:00 ----A---- C:\WINDOWS\system32\ptpusd.dll
    2009-08-14 22:40:59 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
    2009-08-13 19:43:43 ----D---- C:\WORT
    2009-08-13 19:31:42 ----A---- C:\WINDOWS\system32\gnc.txt
    2009-08-13 19:31:39 ----A---- C:\WINDOWS\system32\gnc.exe
    2009-08-13 19:17:44 ----D---- C:\Program Files\Navilog1
    2009-08-11 20:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
    2009-08-11 20:05:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
    2009-08-11 20:05:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
    2009-08-11 20:04:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
    2009-08-11 20:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
    2009-08-11 20:04:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
    2009-08-11 20:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
    2009-08-11 20:04:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
    2009-08-11 20:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
    2009-08-11 20:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

    ======List of files/folders modified in the last 1 months======

    2009-09-09 22:20:42 ----D---- C:\WINDOWS\Prefetch
    2009-09-09 22:20:36 ----D---- C:\Program Files\Trend Micro
    2009-09-09 22:12:01 ----D---- C:\Program Files\Mozilla Firefox
    0
  18. jacques.gache Posted messages 34829 Status Security Contributor 1 645
     
    How is your PC? I see that you've removed some things from your prospecting tools, but you still have Avast and AVG "just in the automatic startup," and then Spyware Terminator and SUPERAntiSpyware show traces on the PC. Can you confirm what protection you are keeping, and I will remove the rest with OTM? How's the PC and the initial issues?
    --
    Everyone remains the master of their PC
    0
  19. Saber03 Posted messages 135 Status Member 1
     
    My PC runs well, but the right click still doesn't work.

    Sorry, but I'm not great at computers, but thanks to this site and people like you, it's nice to surf!!
    Thanks a thousand times.

    I normally uninstalled AVG, but it has never disappeared from my PC. Why?
    0
  20. jacques.gache Posted messages 34829 Status Security Contributor 1 645
     
    Well, confirm to me which protections you want to keep, and I will remove the rest with a script for OTM
    that is to say
    Crawler®Spyware Terminator
    SUPERAntiSpyware.com®SUPERAntiSpyware
    Grisoft®AVG Antivirus

    but if you really want advice, remove Avast, which is the worst of the free ones, and put Antivir which is also in French, and if you have doubts, check what is said on the net http://forum.malekal.com/ftopic3528.php
    --
    Everyone is master of their PC
    0
  • 1
  • 2