High-Tech Santé Médecine Droit-Finances

Auto-Entrepreneur

Comment faire ?

Rechercher : dans
Par :

Supprimer wuauclt.exe sur XP

Dernière réponse le 11 oct 2009 à 20:03:14 xpierre, le 11 oct 2009 à 19:34:30 
 Signaler ce message aux modérateurs

Bonjour,

Après avoir cherché, je pense que ce .exe est un trojan, comment le retirer efficacement ?

Merci,

Meilleures réponses pour « supprimer wuauclt.exe sur XP » dans :
[trojan] besoin d'aide pour suppr wuauclt.exe Voir
Boite de dialogue wuauclt.exe toutes les 5 mn Voir
Wuauclt - wuauclt.exe Voir wuauclt - wuauclt.exe Le processus wuauclt.exe (wuauclt signifiant Windows Update client for WindowsME) est un processus générique de Windows Millenium servant à mettre à jour Windows Millenium via Internet. Le fichier correspondant à ce...
Supprimer un compte Administrateur sous Windows XP VoirProblème Comment supprimer un compte administrateur sur Windows XP ? Solution Rendez-vous dans Panneau de configuration Sélectionner outils d'administration, puis gestion de l'ordinateur et utilisateurs et groupes locaux >...
[Windows/Corbeille] Supprimer la corbeille du bureau VoirPar défaut la corbeille apparaît sur le bureau. En cliquant avec le bouton droit sur la Corbeille aucune option de suppression n'est disponible. Windows XP Cliquer sur Démarrer > Exécuter, puis taper gpedit.msc Ensuite dans Configuration...
[Windows XP] Désactiver le redémarrage automatique VoirPar défaut, Windows XP est configuré pour redémarrer en cas d'erreur. Pour stopper les redémarrages intempestif, une simple manipulation suffit parfois, mais elle n’est pas efficace dans tous les cas : 1) Allez dans le menu Démarrer, puis Panneau...
Télécharger Remover.exe GData Voir
Télécharger Support IPX pour Vista VoirLe protocole IPX/SPX sert à de nombreux anciens jeux pour pouvoir jouer en réseau (Red Alert, Command & Conquer, etc.). Malheureusement, Microsoft a retiré le support du protocole IPX/SPX dans Vista (32bit). Néanmoins, il est possible de...
Smss - smss.exe Voirsmss - smss.exe Le processus smss.exe (smss signifiant Session Management Subsystem) est un processus générique de Windows NT/2000/XP servant à créer, gérer et supprimer les sessions utilisateurs. Il s'agit du premier processus executé au démarrage...
Csrss - csrss.exe Voircsrss - csrss.exe Le processus csrss.exe (csrss signifiant Client/Server Runtime Subsystem) est un processus générique de Windows NT/2000/XP servant à gérer les fenêtres et les éléments graphiques de Windows. Le fichier correspondant à ce...
Posez votre question Répondre

1

XaTon, le 11 oct 2009 à 19:35:44
  • +1

Salut ,

~~~~~~~~~~~~~~~~> RSIT <~~~~~~~~~~~~~~~~~~~

Télécharger Random's System Information Tool (RSIT) sur le Bureau.

http://images.malwareremoval.com/random/RSIT.exe

Double-cliquer sur RSIT.exe afin de lancer le programme (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur).

• Cliquer sur Continue à l'écran Disclaimer.

• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autoriser l'accès dans le pare-feu, si demandé) et vous devrez accepter la licence.

• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poster le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que vous verrez dans la barre des tâches)
­                                       ←« XaŦoи »→ ™    
                    

   
Répondre à XaTon

2

&#1028;ut&#926;rp&#1069;, le 11 oct 2009 à 19:35:55

Bonsoir,

faites-le avec un antivirus et uniquement en mode sans échec sans prise en charge réseau Euterpe

   
Répondre à &#1028;ut&#926;rp&#1069;

3

Qwerty66, le 11 oct 2009 à 19:39:53

Wuauclt.exe n'est pas un TROJAN ... c'est Windows Update wuauclt signifiant Windows Update client for WindowsME (les mises a jour quoi)

donc pas d'inquiétude

Maintenant si tu est SUR que c'est un trojan (il ne se trouve pas dans un bon endroit pas exemple) tu peut le supprimer DEFINITIVEMENT avec Eraser (http://www.01net.com/telecharger/windows/Utilitaire/nettoye­urs_et_installeurs/fiches/6615.html) ce logiciel gratuit Efface COMPLETEMENT le fichier (il repase 35x sur le fichier grace a un systeme d'équation tres compliqué ... bref apres tu fait clic droit sur ton fichier et ERASE

voila

   
Répondre à Qwerty66

4

xpierre, le 11 oct 2009 à 19:42:33

Info.txt logfile of random's system information tool 1.06 2009-10-11 19:39:20

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
AutoHotkey 1.0.48.05-->C:\Program Files\AutoHotkey\uninst.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BetClic Poker-->C:\PROGRA~1\BETCLI~1\UNWISE.EXE C:\PROGRA~1\BETCLI~1\INSTALL.LOG
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
EVEREST Ultimate Edition v5.02-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Geonaute KeyMaze 300-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35DFE767-D0DB-4228-A64E-7E6D50B6FEA4}\Setup.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.25\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{3A05B900-A3E7-11DE-A9B7-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Holdem Manager-->MsiExec.exe /I{42DE940E-8037-4266-9FBF-5A3AEDA39E96}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Logitech SetPoint 5.20-->MsiExec.exe /I{D3120436-1358-4253-9EB2-257FFE8CE1D9}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money 2007 Home & Business-->"C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->"C:\Program Files\InstallShield Installation Information\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\setup.exe" -runfromtemp -l0x0409 -removeonly
NVIDIA ForceWare Network Access Manager-->MsiExec.exe /I{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
Pacific Poker-->C:\PROGRA~1\PACIFI~1\UNWISE.EXE C:\PROGRA~1\PACIFI~1\INSTALL.LOG
PartyPoker-->"C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
pdfsam 0.7b1-->C:\Program Files\pdfsam\uninst.exe
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PokerStove version 1.23-->"C:\Program Files\PokerStove\unins000.exe"
PostgreSQL 8.4-->C:\Program Files\PostgreSQL\8.4\uninstall-postgresql.exe
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RedKings Poker-->"C:\RedKings\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Ubuntu-->C:\ubuntu\Uninstall-Ubuntu.exe
Unibet-->C:\MicroGaming\Poker\unibetpokerMPP\install.exe -uninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Vuze-->C:\Program Files\Vuze\uninstall.exe
WiFi Station-->C:\Program Files\InstallShield Installation Information\{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}\setup.exe -runfromtemp -l0x0009 -removeonly
Winamax-->"C:\Winamax\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1356 [VPS 091010-0]
FW: COMODO Firewall

======System event log======

Computer Name: ----------
Event Code: 1000
Message: Your computer has lost the lease to its IP address 192.168.0.13 on the
Network Card with network address 001966D81F65.

Record Number: 306
Source Name: Dhcp
Time Written: 20090911043307.000000+120
Event Type: error
User:

Computer Name: ----------
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001966D81F65. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 305
Source Name: Dhcp
Time Written: 20090911043307.000000+120
Event Type: warning
User:

Computer Name: ----------
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Record Number: 303
Source Name: DCOM
Time Written: 20090910192808.000000+120
Event Type: error
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: ----------
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Record Number: 286
Source Name: DCOM
Time Written: 20090910190247.000000+120
Event Type: error
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: ----------
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Record Number: 285
Source Name: DCOM
Time Written: 20090910190247.000000+120
Event Type: error
User: NT AUTHORITY\LOCAL SERVICE

=====Application event log=====

Computer Name: ----------
Event Code: 63
Message: A provider, NPU Management Provider, has been registered in the WMI namespace, root\nVIDIA\NS_Eth\NS_EthStat, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 154
Source Name: WinMgmt
Time Written: 20090911044955.000000+120
Event Type: warning
User: ----------\Pierre

Computer Name: ----------
Event Code: 63
Message: A provider, NPU Management Provider, has been registered in the WMI namespace, root\nVIDIA\NS_Eth\NS_EthStat, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 153
Source Name: WinMgmt
Time Written: 20090911044955.000000+120
Event Type: warning
User: ----------\Pierre

Computer Name: ----------
Event Code: 63
Message: A provider, NPU Management Provider, has been registered in the WMI namespace, root\nVIDIA\NS_Eth\NS_EthConfig, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 152
Source Name: WinMgmt
Time Written: 20090911044955.000000+120
Event Type: warning
User: ----------\Pierre

Computer Name: ----------
Event Code: 63
Message: A provider, NPU Management Provider, has been registered in the WMI namespace, root\nVIDIA\NS_Eth\NS_EthConfig, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 151
Source Name: WinMgmt
Time Written: 20090911044955.000000+120
Event Type: warning
User: ----------\Pierre

Computer Name: ----------
Event Code: 63
Message: A provider, NPU Management Provider, has been registered in the WMI namespace, root\nVIDIA\NS_Eth\NS_EthConfig, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 150
Source Name: WinMgmt
Time Written: 20090911044955.000000+120
Event Type: warning
User: ----------\Pierre

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------



Logfile of random's system information tool 1.06 (written by random/random)
Run by Pierre at 2009-10-11 19:38:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 187 GB (78%) free of 238 GB
Total RAM: 1535 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:12, on 11/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pierre\My Documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\Pierre.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1390067357-1450960922-1801674531-1005\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'postgres')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe
End of file - 7656 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-14 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-10-28 17331200]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-13 1657376]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-09-18 1799952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SetPointII.lnk]
C:\PROGRA~1\Logitech\SETPOI~1\SETPOI~1.EXE [2009-07-21 323584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WifiStation.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-08-31 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\B2BPOKER\Pinnacle Sports\jre\bin\javaw.exe"="C:\Program Files\B2BPOKER\Pinnacle Sports\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83750710-9de5-11de-a0e3-806d6172696f}]
shell\AutoRun\command - D:\autorun.exe


======List of files/folders created in the last 1 months======

2009-10-11 19:38:58 ----D---- C:\Program Files\trend micro
2009-10-11 19:38:55 ----D---- C:\rsit
2009-10-11 19:11:48 ----A---- C:\WINDOWS\wininit.ini
2009-10-11 18:42:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-10-11 18:42:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-09 18:19:46 ----D---- C:\Program Files\AutoHotkey
2009-10-07 13:58:09 ----D---- C:\Program Files\pdfsam
2009-10-07 13:47:02 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll
2009-10-07 13:47:00 ----A---- C:\WINDOWS\system32\VB6FR.DLL
2009-10-07 13:47:00 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL
2009-10-07 13:47:00 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
2009-10-07 13:47:00 ----A---- C:\WINDOWS\system32\MSCC2FR.DLL
2009-10-07 13:46:58 ----D---- C:\Program Files\PDFCreator
2009-10-07 13:37:12 ----D---- C:\Program Files\gs
2009-10-07 13:33:08 ----D---- C:\Program Files\PlotSoft
2009-10-05 21:20:18 ----D---- C:\Documents and Settings\Pierre\Application Data\Office Genuine Advantage
2009-10-05 20:23:41 ----D---- C:\RedKings
2009-10-04 16:35:42 ----D---- C:\Program Files\PartyGaming
2009-10-03 20:58:25 ----D---- C:\WINDOWS\system32\zh-TW
2009-10-03 20:58:25 ----D---- C:\WINDOWS\system32\zh-HK
2009-10-03 20:58:25 ----D---- C:\WINDOWS\system32\tr-TR
2009-10-03 20:58:25 ----D---- C:\WINDOWS\system32\sv-SE
2009-10-03 20:58:25 ----D---- C:\WINDOWS\system32\pt-BR
2009-10-03 20:58:25 ----D---- C:\WINDOWS\system32\nl-NL
2009-10-03 20:58:25 ----D---- C:\WINDOWS\system32\nb-NO
2009-10-03 20:58:25 ----D---- C:\WINDOWS\system32\ko-KR
2009-10-03 20:58:25 ----D---- C:\WINDOWS\system32\it-IT
2009-10-03 20:58:25 ----D---- C:\WINDOWS\system32\he-IL
2009-10-03 20:58:25 ----D---- C:\WINDOWS\system32\fr-FR
2009-10-03 20:58:25 ----D---- C:\WINDOWS\system32\fi-FI
2009-10-03 20:58:25 ----D---- C:\WINDOWS\system32\es-ES
2009-10-03 20:58:25 ----D---- C:\WINDOWS\system32\el-GR
2009-10-03 20:58:25 ----D---- C:\WINDOWS\system32\de-DE
2009-10-03 20:58:25 ----D---- C:\WINDOWS\system32\da-DK
2009-10-03 20:58:25 ----D---- C:\WINDOWS\system32\ar-SA
2009-10-03 01:25:40 ----D---- C:\WINDOWS\Sun
2009-10-02 21:40:08 ----A---- C:\WINDOWS\ODBC.INI
2009-10-02 21:39:36 ----D---- C:\Program Files\Microsoft ActiveSync
2009-10-02 21:39:33 ----D---- C:\Program Files\Common Files\DESIGNER
2009-10-02 21:39:21 ----D---- C:\WINDOWS\SHELLNEW
2009-10-02 21:39:21 ----D---- C:\Program Files\Microsoft.NET
2009-10-02 21:39:21 ----D---- C:\Program Files\Microsoft Office
2009-10-02 02:19:28 ----D---- C:\Program Files\Microsoft Money 2007
2009-10-02 02:12:40 ----D---- C:\Program Files\MagicISO
2009-09-25 05:34:05 ----A---- C:\Documents and Settings\Pierre\Application Data\MPUI.ini
2009-09-25 05:20:06 ----D---- C:\Program Files\IVCsoft
2009-09-25 04:54:02 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2009-09-25 04:54:00 ----D---- C:\Documents and Settings\Pierre\Application Data\Azureus
2009-09-25 04:53:37 ----D---- C:\Program Files\Vuze
2009-09-22 03:56:54 ----D---- C:\Documents and Settings\Pierre\Application Data\Microgaming
2009-09-22 03:55:37 ----D---- C:\MicroGaming
2009-09-20 19:30:28 ----D---- C:\Documents and Settings\Pierre\Application Data\Google
2009-09-20 19:29:46 ----D---- C:\Program Files\Google
2009-09-20 19:28:21 ----D---- C:\Program Files\Geonaute KeyMaze 300
2009-09-20 08:52:12 ----D---- C:\Program Files\In The Money
2009-09-17 05:51:14 ----D---- C:\Documents and Settings\All Users\Application Data\Boss Media
2009-09-17 05:50:55 ----D---- C:\Program Files\BetClic Poker
2009-09-17 03:03:09 ----D---- C:\Program Files\PokerStove
2009-09-16 16:48:44 ----SHD---- C:\WINDOWS\CSC
2009-09-16 01:40:17 ----D---- C:\Documents and Settings\Pierre\Application Data\PacificPoker
2009-09-16 01:39:48 ----D---- C:\Program Files\PacificPoker
2009-09-15 18:13:12 ----D---- C:\WINDOWS\ie8updates
2009-09-15 18:10:48 ----HDC---- C:\WINDOWS\ie8
2009-09-14 03:18:56 ----A---- C:\WINDOWS\hpdj5100.ini
2009-09-14 00:51:49 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-09-14 00:51:44 ----D---- C:\Program Files\Common Files\Adobe
2009-09-14 00:51:44 ----D---- C:\Program Files\Adobe
2009-09-14 00:48:28 ----D---- C:\Documents and Settings\Pierre\Application Data\OpenOffice.org
2009-09-14 00:45:46 ----D---- C:\Program Files\JRE
2009-09-14 00:45:40 ----D---- C:\Program Files\OpenOffice.org 3
2009-09-14 00:45:27 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-14 00:45:27 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-14 00:45:27 ----A---- C:\WINDOWS\system32\java.exe
2009-09-14 00:45:27 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-14 00:45:18 ----D---- C:\Program Files\Java
2009-09-14 00:45:10 ----D---- C:\Documents and Settings\Pierre\Application Data\Sun
2009-09-13 05:05:30 ----A---- C:\WINDOWS\HMHud.INI
2009-09-13 01:44:37 ----D---- C:\Program Files\PostgreSQL
2009-09-12 23:07:56 ----D---- C:\ubuntu
2009-09-12 19:37:55 ----D---- C:\8714fb1774889fee9a50a928821ba6bd
2009-09-12 19:37:42 ----D---- C:\WINDOWS\SxsCaPendDel
2009-09-12 19:22:23 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-09-12 19:22:14 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-09-12 19:22:11 ----D---- C:\Program Files\DAEMON Tools Lite
2009-09-12 19:21:58 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-09-12 19:21:58 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-09-12 03:35:26 ----D---- C:\Documents and Settings\Pierre\Application Data\DAEMON Tools Lite
2009-09-12 02:53:19 ----D---- C:\Winamax
2009-09-12 02:30:28 ----D---- C:\Program Files\RVG Software
2009-09-12 02:19:11 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-09-12 02:18:53 ----D---- C:\Program Files\MSBuild
2009-09-12 02:18:50 ----D---- C:\WINDOWS\system32\XPSViewer
2009-09-12 02:18:46 ----D---- C:\Program Files\Reference Assemblies
2009-09-12 02:18:22 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-09-12 02:17:45 ----RSD---- C:\WINDOWS\assembly
2009-09-12 02:17:26 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-12 02:02:37 ----D---- C:\Program Files\B2BPOKER
2009-09-12 01:54:06 ----D---- C:\Program Files\Hercules

======List of files/folders modified in the last 1 months======

2009-10-11 19:38:58 ----RD---- C:\Program Files
2009-10-11 19:38:50 ----D---- C:\WINDOWS\Prefetch
2009-10-11 19:38:13 ----D---- C:\Program Files\Mozilla Firefox
2009-10-11 19:37:44 ----D---- C:\Program Files\Mozilla Thunderbird
2009-10-11 19:36:02 ----SHD---- C:\WINDOWS\Installer
2009-10-11 19:36:02 ----D---- C:\Program Files\ma-config.com
2009-10-11 19:36:01 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2009-10-11 19:35:49 ----D---- C:\WINDOWS\WinSxS
2009-10-11 19:30:36 ----D---- C:\WINDOWS\system32
2009-10-11 19:30:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-11 19:27:33 ----D---- C:\WINDOWS\Temp
2009-10-11 19:26:29 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-11 19:25:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-11 19:11:48 ----D---- C:\WINDOWS
2009-10-07 14:21:36 ----SD---- C:\Documents and Settings\Pierre\Application Data\Microsoft
2009-10-07 12:14:16 ----HD---- C:\WINDOWS\inf
2009-10-04 19:11:39 ----A---- C:\WINDOWS\win.ini
2009-10-04 16:59:32 ----D---- C:\WINDOWS\Debug
2009-10-03 20:58:26 ----SD---- C:\WINDOWS\Tasks
2009-10-03 20:57:35 ----RSD---- C:\WINDOWS\Fonts
2009-10-03 20:57:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-03 20:56:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-03 20:55:58 ----D---- C:\WINDOWS\system32\drivers
2009-10-03 01:15:05 ----D---- C:\WINDOWS\Help
2009-10-02 21:39:33 ----D---- C:\Program Files\Common Files
2009-10-02 21:39:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-02 21:39:21 ----D---- C:\Program Files\Common Files\System
2009-10-02 21:39:10 ----D---- C:\WINDOWS\system
2009-09-21 00:35:08 ----D---- C:\WINDOWS\system32\config
2009-09-20 19:29:46 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-20 19:27:49 ----D---- C:\Program Files\Common Files\InstallShield
2009-09-18 22:56:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-18 03:42:51 ----A---- C:\WINDOWS\system32\guard32.dll
2009-09-16 16:51:56 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-16 01:34:03 ----D---- C:\WINDOWS\system32\en-US
2009-09-16 01:34:03 ----D---- C:\WINDOWS\Media
2009-09-16 01:34:03 ----D---- C:\Program Files\Internet Explorer
2009-09-15 12:59:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-09-14 04:26:25 ----D---- C:\WINDOWS\system32\Restore
2009-09-14 00:53:37 ----D---- C:\Documents and Settings\Pierre\Application Data\Adobe
2009-09-13 02:06:21 ----D---- C:\Documents and Settings\Pierre\Application Data\Winamp
2009-09-13 01:45:48 ----D---- C:\Documents and Settings
2009-09-12 23:34:49 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-12 23:08:52 ----RSH---- C:\boot.ini
2009-09-12 03:19:33 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-12 02:29:21 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-12 02:18:28 ----D---- C:\WINDOWS\system32\spool
2009-09-12 02:17:26 ----D---- C:\WINDOWS\pchealth

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]
R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-17 33792]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-09-18 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-09-18 25160]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-09-12 21419]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-31 4942336]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-02 54784]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2009-06-27 56992]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-02 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-10-13 13312]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RT73;Hercules Wireless USB Dongle Driver ; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-12-22 429440]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 ab6t5da1;ab6t5da1; C:\WINDOWS\system32\drivers\ab6t5da1.sys []
S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2007-11-21 49792]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-08-31 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-08-31 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-09-18 723632]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2008-01-29 598016]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-14 153376]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2008-01-29 163840]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004]
R2 postgresql-8.4;PostgreSQL Server 8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w []
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-20 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]

-----------------EOF-----------------

   
Répondre à xpierre

5

Qwerty66, le 11 oct 2009 à 19:49:59

Wuauclt.exe n'est pas un TROJAN ... c'est Windows Update wuauclt signifiant Windows Update client for WindowsME (les mises a jour quoi)

donc pas d'inquiétude

Maintenant si tu est SUR que c'est un trojan (il ne se trouve pas dans un bon endroit pas exemple) tu peut le supprimer DEFINITIVEMENT avec Eraser (http://www.01net.com/telecharger/windows/Utilitaire/nettoye­­urs_et_installeurs/fiches/6615.html) ce logiciel gratuit Efface COMPLETEMENT le fichier (il repase 35x sur le fichier grace a un systeme d'équation tres compliqué ... bref apres tu fait clic droit sur ton fichier et ERASE

voila

   
Répondre à Qwerty66

6

xpierre, le 11 oct 2009 à 19:53:36

C'est un updater pour windows ME mais j'ai XP ... étrange ou normal ?

   
Répondre à xpierre

7

Qwerty66, le 11 oct 2009 à 19:54:38
  • +1

NORMAL windows update est installé sur Xp

   
Répondre à Qwerty66

8

xpierre, le 11 oct 2009 à 20:02:49

Ok, merci

   
Répondre à xpierre

9

 Qwerty66, le 11 oct 2009 à 20:03:14

Bye

   
Répondre à Qwerty66
Posez votre question Répondre
Ils ont besoin de votre aide