Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Comment débarassé de VIRUS ( TAZEBAMA )

Dernière réponse le 6 mai 2009 à 16:50:39 almeda_8219, le 3 avr 2009 à 18:29:47

Signaler ce message aux modérateurs

Salut tou le monde j'ai des problem de virus tazebama
j'ai éssayé presque tou les anti virus sans sucsé
je trouve des dossier nommé:
zPharaoh.exe ; adober.exe ; autorun.inf ; comment.htt ; copy.exe ; host.exe
ntdelect.com ; ravmon.exe ; temp1.exe
quand je suprime ces dossier il sort message "impssible de suprimé :le fichier est introuvable
vérifier que le chemain...etc
mtn mes tous mes clé usb ne marche pas
je peux copier de ma clé vers le pc mais pas le contraire
et je peux suprimé des fichier de ma clé aussi
mais avec d'autre pc je fais tou normalement
merci de votre aide
a+

Configuration: Windows XP
Internet Explorer 6.0

Meilleures réponses pour « comment débarassé de VIRUS ( TAZEBAMA ) » dans :

Infection virus tazebama.dll_ (Résolu) Voir

Anti-virus +key contre (virus tazebama.dll Voir

Pc infecté.virus tazebama Voir

Comment supprimer le virus Conficker / Downadup / Kido VoirSommaire Qu'est-ce que Conficker ? Comment éviter d'être infecté par Conficker ? Diagnostic Rapide Désinfecter un ordinateur touché par Conficker Préliminaire Suppression de l'infection Qu'est-ce que Conficker ? Conficker (connu...

Virus et Malwares ... Le truc pour les éliminer Voir

[Virus] Que faire quand on est infecté ? VoirSi vous savez ou vous pensez être infecté par un virus Si vous savez ou vous pensez être infecté par un virus, il faut s'en occuper le plus rapidement possible car l'infection peut inviter d'autres infections dans votre PC et votre système risque...

Tazebama, un virus tenace... (Résolu) Voir

Réparation fichier infecter par tazebama Voir

Un virus-Tazebama-j'arrive pa à le supprimer Voir

Télécharger AVG Anti-Virus Voir

Télécharger Kaspersky Anti-Virus Voir

Télécharger Avast! Virus Cleaner VoirTout le monde connaît l' antivirus gratuit Avast. Son éditeur propose avast! Virus Cleaner, un nettoyeur de virus gratuit, permettant de supprimer de l'ordinateur, les infections d'une vaste gamme de virus et de vers (worms). Si, malgré toutes...

Virus - Introduction aux virus VoirVirus Un virus est un petit programme informatique situé dans le corps d'un autre, qui, lorsqu'on l'exécute, se charge en mémoire et exécute les instructions que son auteur a programmé. La définition d'un virus pourrait être la suivante : « Tout...

Utilitaires de désinfection des principaux virus et vers VoirQu'est-ce qu'un kit de désinfection ? Un kit de désinfection est un petit exécutable dont le but est de nettoyer une machine infectée par un virus particulier. Chaque kit de désinfection est donc uniquement capable d'éradiquer un type de virus...

--> Télécharge UsbFix (de C_XX & Chiquitine29) sur ton Bureau. --> Lire la suite

Posez votre question Répondre

Destrio5, le 3 avr 2009 à 18:32:09

Salut,

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

Répondre à Destrio5

amedo, le 6 mai 2009 à 16:47:54

Logfile of random's system information tool 1.06 (written by random/random)
Run by starnet at 2009-05-06 14:38:27
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 12 GB (79%) free of 15 GB
Total RAM: 126 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:31, on 06/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ooVoo\oovoo.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\starnet\LOCALS~1\Temp\shpu.exe
C:\DOCUME~1\starnet\LOCALS~1\Temp\winpgdej.exe
C:\DOCUME~1\starnet\LOCALS~1\Temp\winfhvw.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\starnet\Bureau\RSIT.exe
C:\Program Files\trend micro\starnet.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [oovoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
End of file - 4073 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-04-16 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
"oovoo.exe"=C:\Program Files\ooVoo\oovoo.exe [2009-03-29 14612272]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-18 4433136]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-05-04 4119759]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispCPL"=0
"DisableLockWorkstation"=0
"DisableTaskMgr"=1
"DisableChangePassword"=0
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRun"=0
"NoFileURL"=0
"NoDrives"=0
"NoWinKeys"=0
"NoLogoff"=0
"NoClose"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ooVoo\ooVoo.exe"="C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:ipsec"
"C:\Program Files\CCP Client\ccpcli.exe"="C:\Program Files\CCP Client\ccpcli.exe:*:Enabled:CyberCafePro Client"
"D:\zPharaoh.exe"="D:\zPharaoh.exe:*:Enabled:ipsec"
"C:\PROGRA~1\CCPCLI~1\CCPCLI.EXE"="C:\PROGRA~1\CCPCLI~1\CCPCLI.EXE:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winjxfnog.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winjxfnog.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winvyor.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winvyor.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\trptlk.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\trptlk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winlrqbj.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winlrqbj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\wkxc.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\wkxc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\wintcwqg.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\wintcwqg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winsesgqx.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winsesgqx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\hhcsc.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\hhcsc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\yjxnvn.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\yjxnvn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\hgpypl.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\hgpypl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\jmhe.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\jmhe.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winqhkg.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winqhkg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\lqhm.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\lqhm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\afdis.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\afdis.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winrxapg.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winrxapg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\ldja.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\ldja.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winuwtvx.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winuwtvx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\ormo.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\ormo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\tsilwg.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\tsilwg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\cwihrb.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\cwihrb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\mplj.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\mplj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winhmfkj.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winhmfkj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winbkqaf.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winbkqaf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\npjwaj.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\npjwaj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winwvfc.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winwvfc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winnneyp.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winnneyp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winmgffq.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winmgffq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winqsbqau.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winqsbqau.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winqmiobx.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winqmiobx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\wintyjyns.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\wintyjyns.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\nlevf.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\nlevf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winlvdcg.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winlvdcg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winnetv.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winnetv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winrxlhh.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winrxlhh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winqtwtd.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winqtwtd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\lxuv.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\lxuv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\reoytv.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\reoytv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\gqhmua.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\gqhmua.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\xpll.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\xpll.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winoowar.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winoowar.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\bjwsd.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\bjwsd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winuvdbr.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winuvdbr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\pmsar.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\pmsar.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winpdhs.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winpdhs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winqqswg.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winqqswg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\kbdie.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\kbdie.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\tkdp.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\tkdp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winkvpch.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winkvpch.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winwusxkn.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winwusxkn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\qktn.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\qktn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winmjkuv.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winmjkuv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\utned.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\utned.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winyduox.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winyduox.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winarph.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winarph.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winwqtwte.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winwqtwte.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winogwpt.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winogwpt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\uunwje.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\uunwje.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winpmac.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winpmac.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winctdjnj.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winctdjnj.exe:*:Enabled:ipsec"
"C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\ytbb.exe"="C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\ytbb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winuyec.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winuyec.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winldmcm.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winldmcm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\fssnn.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\fssnn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\oioes.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\oioes.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winkhlsqb.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winkhlsqb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winjljy.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winjljy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\wineghpmr.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\wineghpmr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\bfjvda.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\bfjvda.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\vltwt.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\vltwt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\wingnoie.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\wingnoie.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winpcyj.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winpcyj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\lbsxqq.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\lbsxqq.exe:*:Enabled:ipsec"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\kwfmd.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\kwfmd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winhxytp.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winhxytp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\wincqub.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\wincqub.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\wwpr.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\wwpr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\vapkw.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\vapkw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winbdnca.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winbdnca.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\yurb.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\yurb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\kgmwbp.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\kgmwbp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\windjkc.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\windjkc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winvxpda.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winvxpda.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\windypfmt.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\windypfmt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\akgj.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\akgj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\ntskv.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\ntskv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winpiofge.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winpiofge.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winyktkpy.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winyktkpy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\wingmxquo.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\wingmxquo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\jaorg.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\jaorg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\ukkoq.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\ukkoq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\starnet\LOCALS~1\Temp\winxoyi.exe"="C:\DOCUME~1\starnet\LOCALS~1\Temp\winxoyi.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - C:\zPharaoh.exe
shell\explore\command - C:\zPharaoh.exe
shell\open\command - C:\zPharaoh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\zPharaoh.exe
shell\explore\command - D:\zPharaoh.exe
shell\open\command - D:\zPharaoh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\setup.exe

======List of files/folders created in the last 1 months======

2009-05-06 14:38:48 ----D---- C:\Program Files\trend micro
2009-05-06 14:38:27 ----D---- C:\rsit
2009-05-04 18:33:48 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-05-04 14:45:03 ----SHD---- C:\RECYCLER
2009-05-04 14:41:13 ----RSH---- C:\zPharaoh.exe
2009-05-04 14:41:10 ----D---- C:\Documents and Settings\starnet\Application Data\tazebama
2009-05-04 14:27:08 ----D---- C:\Documents and Settings\starnet\Application Data\Adobe
2009-05-04 13:41:54 ----D---- C:\Documents and Settings\starnet\Application Data\skypePM
2009-05-04 13:39:55 ----D---- C:\Documents and Settings\starnet\Application Data\Skype
2009-05-04 13:39:28 ----D---- C:\Program Files\Fichiers communs\Skype
2009-05-04 13:39:24 ----RD---- C:\Program Files\Skype
2009-05-04 13:29:16 ----D---- C:\Program Files\CCP Client
2009-05-04 13:24:23 ----A---- C:\WINDOWS\ODBC.INI
2009-05-04 13:24:10 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-05-04 13:22:14 ----D---- C:\Program Files\Microsoft.NET
2009-05-04 13:21:12 ----D---- C:\Program Files\Fichiers communs\DESIGNER
2009-05-04 13:21:06 ----D---- C:\Program Files\Microsoft Works
2009-05-04 13:20:55 ----D---- C:\Program Files\Microsoft Visual Studio
2009-05-04 13:20:34 ----D---- C:\WINDOWS\SHELLNEW
2009-05-04 13:11:59 ----D---- C:\Program Files\Microsoft Office
2009-05-04 13:09:17 ----RHD---- C:\MSOCache
2009-05-04 13:06:31 ----D---- C:\Documents and Settings\starnet\Application Data\Macromedia
2009-05-04 13:02:32 ----D---- C:\Program Files\Microsoft
2009-05-04 13:02:12 ----D---- C:\Program Files\Windows Live SkyDrive
2009-05-04 13:01:44 ----D---- C:\Program Files\Windows Live
2009-05-04 12:36:23 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-05-04 12:26:44 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-05-04 12:26:08 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-05-04 12:25:51 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-05-04 12:15:32 ----D---- C:\Documents and Settings\starnet\Application Data\Yahoo!
2009-05-04 12:15:32 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-05-04 12:13:30 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-05-04 12:13:27 ----D---- C:\Program Files\Yahoo!
2009-05-04 12:07:20 ----D---- C:\Documents and Settings\starnet\Application Data\ooVoo Details
2009-05-04 12:07:04 ----D---- C:\Program Files\ooVoo
2009-05-04 12:07:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-04 11:46:30 ----D---- C:\Documents and Settings\starnet\Application Data\Identities
2009-05-04 11:46:26 ----HD---- C:\Program Files\Uninstall Information
2009-05-04 11:46:17 ----SD---- C:\Documents and Settings\starnet\Application Data\Microsoft
2009-05-04 11:46:17 ----ASH---- C:\Documents and Settings\starnet\Application Data\desktop.ini
2009-05-04 11:37:35 ----D---- C:\WINDOWS\SoftwareDistribution
2009-05-04 11:37:25 ----D---- C:\WINDOWS\Prefetch
2009-05-04 11:37:24 ----SD---- C:\WINDOWS\system32\Microsoft
2009-05-04 11:37:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-04 11:30:54 ----D---- C:\WINDOWS\system32\xircom
2009-05-04 11:30:54 ----D---- C:\Program Files\xerox
2009-05-04 11:30:54 ----D---- C:\Program Files\microsoft frontpage
2009-05-04 11:29:56 ----A---- C:\WINDOWS\control.ini
2009-05-04 11:29:56 ----A---- C:\AUTOEXEC.BAT
2009-05-04 11:29:31 ----A---- C:\WINDOWS\OEWABLog.txt
2009-05-04 11:29:25 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-05-04 11:27:12 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-04 11:27:12 ----RD---- C:\WINDOWS\Offline Web Pages
2009-05-04 11:27:12 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-05-04 11:27:00 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-05-04 11:26:51 ----HD---- C:\Program Files\WindowsUpdate
2009-05-04 11:26:44 ----D---- C:\Program Files\Services en ligne
2009-05-04 11:26:12 ----D---- C:\WINDOWS\system32\DirectX
2009-05-04 11:25:41 ----A---- C:\WINDOWS\system32\atrace.dll
2009-05-04 11:25:36 ----A---- C:\WINDOWS\system32\desktop.ini
2009-05-04 11:25:36 ----A---- C:\WINDOWS\desktop.ini
2009-05-04 11:25:26 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-05-04 11:25:25 ----A---- C:\WINDOWS\system32\acctres.dll
2009-05-04 11:25:24 ----D---- C:\Program Files\Fichiers communs\Services
2009-05-04 11:25:19 ----SD---- C:\WINDOWS\Tasks
2009-05-04 11:25:19 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-05-04 11:25:18 ----D---- C:\Program Files\Fichiers communs\MSSoap
2009-05-04 11:25:12 ----D---- C:\WINDOWS\srchasst
2009-05-04 11:25:09 ----D---- C:\WINDOWS\system32\Macromed
2009-05-04 11:25:03 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-05-04 11:25:03 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-05-04 11:25:03 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-05-04 11:25:03 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-05-04 11:25:03 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-05-04 11:25:02 ----A---- C:\WINDOWS\system32\wups.dll
2009-05-04 11:25:02 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-05-04 11:25:02 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-05-04 11:25:02 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-05-04 11:25:01 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-05-04 11:25:01 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-05-04 11:25:01 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-05-04 11:25:01 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-05-04 11:24:55 ----D---- C:\Program Files\Movie Maker
2009-05-04 11:24:48 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-05-04 11:24:48 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-05-04 11:24:48 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-05-04 11:24:48 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-05-04 11:24:41 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-05-04 11:24:41 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-05-04 11:24:40 ----D---- C:\WINDOWS\system32\Restore
2009-05-04 11:24:40 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-05-04 11:24:40 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-05-04 11:24:40 ----A---- C:\WINDOWS\system32\srclient.dll
2009-05-04 11:24:37 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-05-04 11:24:37 ----A---- C:\WINDOWS\system32\msconf.dll
2009-05-04 11:24:37 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-05-04 11:24:37 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-05-04 11:24:37 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-05-04 11:24:37 ----A---- C:\WINDOWS\system32\ils.dll
2009-05-04 11:24:33 ----D---- C:\Program Files\NetMeeting
2009-05-04 11:24:33 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-05-04 11:24:32 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-05-04 11:24:30 ----A---- C:\WINDOWS\system32\inetres.dll
2009-05-04 11:24:29 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-05-04 11:24:27 ----D---- C:\Program Files\Outlook Express
2009-05-04 11:24:27 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-05-04 11:24:25 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-05-04 11:24:25 ----A---- C:\WINDOWS\system32\mstask.dll
2009-05-04 11:24:24 ----A---- C:\WINDOWS\system32\isign32.dll
2009-05-04 11:24:24 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-05-04 11:24:24 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-05-04 11:24:24 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-05-04 11:24:17 ----D---- C:\Program Files\Fichiers communs\System
2009-05-04 11:24:15 ----D---- C:\Program Files\Internet Explorer
2009-05-04 11:22:51 ----D---- C:\Program Files\ComPlus Applications
2009-05-04 11:22:47 ----A---- C:\WINDOWS\vbaddin.ini
2009-05-04 11:22:47 ----A---- C:\WINDOWS\vb.ini
2009-05-04 11:22:41 ----D---- C:\WINDOWS\Registration
2009-05-04 11:22:29 ----D---- C:\Program Files\Online Services
2009-05-04 11:22:28 ----D---- C:\Program Files\Windows Media Player
2009-05-04 11:22:17 ----D---- C:\Program Files\Messenger
2009-05-04 11:22:11 ----D---- C:\Program Files\MSN Gaming Zone
2009-05-04 11:22:11 ----A---- C:\WINDOWS\system32\write.exe
2009-05-04 11:21:59 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-05-04 11:21:58 ----A---- C:\WINDOWS\system32\hticons.dll
2009-05-04 11:21:58 ----A---- C:\WINDOWS\system32\avwav.dll
2009-05-04 11:21:58 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-05-04 11:21:58 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-05-04 11:21:57 ----A---- C:\WINDOWS\system32\winchat.exe
2009-05-04 11:21:46 ----A---- C:\WINDOWS\system32\getuname.dll
2009-05-04 11:21:46 ----A---- C:\WINDOWS\system32\charmap.exe
2009-05-04 11:21:46 ----A---- C:\WINDOWS\system32\calc.exe
2009-05-04 11:21:45 ----A---- C:\WINDOWS\system32\winmine.exe
2009-05-04 11:21:45 ----A---- C:\WINDOWS\system32\sol.exe
2009-05-04 11:21:45 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-05-04 11:21:45 ----A---- C:\WINDOWS\system32\freecell.exe
2009-05-04 11:21:44 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-05-04 11:21:44 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-05-04 11:21:44 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-05-04 11:21:44 ----A---- C:\WINDOWS\system32\tskill.exe
2009-05-04 11:21:44 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-05-04 11:21:44 ----A---- C:\WINDOWS\system32\tscon.exe
2009-05-04 11:21:44 ----A---- C:\WINDOWS\system32\shadow.exe
2009-05-04 11:21:44 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-05-04 11:21:44 ----A---- C:\WINDOWS\system32\reset.exe
2009-05-04 11:21:44 ----A---- C:\WINDOWS\system32\regini.exe
2009-05-04 11:21:44 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-05-04 11:21:43 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-05-04 11:21:43 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-05-04 11:21:43 ----A---- C:\WINDOWS\system32\msg.exe
2009-05-04 11:21:43 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-05-04 11:21:43 ----A---- C:\WINDOWS\system32\logoff.exe
2009-05-04 11:21:43 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-05-04 11:21:42 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-05-04 11:21:41 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-05-04 11:21:41 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-05-04 11:21:41 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-05-04 11:21:40 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-05-04 11:21:40 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-05-04 11:21:39 ----A---- C:\WINDOWS\system32\stclient.dll
2009-05-04 11:21:39 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-05-04 11:21:33 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-05-04 11:21:16 ----D---- C:\Program Files\MSN
2009-05-04 11:21:15 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-05-04 11:21:15 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-05-04 11:21:13 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-05-04 11:21:13 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-05-04 11:21:12 ----D---- C:\Program Files\Windows NT
2009-05-04 11:21:12 ----A---- C:\WINDOWS\system32\spider.exe
2009-05-04 11:21:12 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-05-04 11:21:12 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-05-04 11:21:11 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-05-04 11:21:11 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-05-04 11:21:11 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-05-04 11:21:10 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-05-04 11:21:10 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-05-04 11:21:10 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-05-04 11:21:10 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-05-04 11:21:10 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-05-04 11:21:10 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-05-04 11:21:10 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-05-04 11:21:10 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-05-04 11:21:09 ----D---- C:\WINDOWS\system32\MsDtc
2009-05-04 11:21:09 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-05-04 11:21:09 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-05-04 11:21:09 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-05-04 11:21:09 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-05-04 11:21:09 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-05-04 11:21:09 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-05-04 11:21:09 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-05-04 11:21:08 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-05-04 11:21:08 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-05-04 11:21:08 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-05-04 11:21:08 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-05-04 11:21:08 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-05-04 11:21:07 ----D---- C:\WINDOWS\system32\Com
2009-05-04 11:21:07 ----A---- C:\WINDOWS\system32\colbact.dll
2009-05-04 11:21:07 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-05-04 11:21:07 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-05-04 11:21:06 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-05-04 11:21:06 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-05-04 11:21:06 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-05-04 11:21:05 ----A---- C:\WINDOWS\system32\comuid.dll
2009-05-04 11:21:05 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-05-04 11:20:56 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-05-04 11:20:56 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-05-04 11:20:56 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-05-04 11:20:56 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-05-04 11:17:05 ----A---- C:\WINDOWS\system32\h323log.txt
2009-05-04 11:08:42 ----A---- C:\WINDOWS\system32\usbui.dll
2009-05-04 11:08:37 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-05-04 11:08:27 ----A---- C:\WINDOWS\system32\i81xdnt5.dll
2009-05-04 11:06:37 ----A---- C:\WINDOWS\imsins.BAK
2009-05-04 11:06:32 ----SHD---- C:\WINDOWS\Installer
2009-05-04 11:06:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-04 11:06:30 ----D---- C:\Program Files\Fichiers communs\ODBC
2009-05-04 11:06:30 ----A---- C:\WINDOWS\ODBCINST.INI
2009-05-04 11:06:24 ----RD---- C:\Program Files
2009-05-04 11:06:24 ----D---- C:\Program Files\Fichiers communs\SpeechEngines
2009-05-04 11:06:24 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-05-04 11:06:24 ----D---- C:\Program Files\Fichiers communs
2009-05-04 11:06:19 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-05-04 11:06:19 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-05-04 11:06:19 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-05-04 11:06:17 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-05-04 11:06:17 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-05-04 11:06:17 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-05-04 11:06:17 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-05-04 11:06:17 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-05-04 11:06:17 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-05-04 11:06:17 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-05-04 11:06:17 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-05-04 11:06:17 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-05-04 11:06:17 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-05-04 11:06:17 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-05-04 11:06:17 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-05-04 11:06:15 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-05-04 11:06:15 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-05-04 11:06:14 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-05-04 11:06:14 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-05-04 11:06:14 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-05-04 11:06:14 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-05-04 11:06:14 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-05-04 11:06:13 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-05-04 11:06:13 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-05-04 11:06:13 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-05-04 11:06:13 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-05-04 11:06:13 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-05-04 11:06:11 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-05-04 11:06:11 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-05-04 11:06:11 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-05-04 11:06:11 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-05-04 11:06:11 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-05-04 11:06:10 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-05-04 11:06:10 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-05-04 11:06:10 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-05-04 11:06:10 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-05-04 11:06:10 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-05-04 11:06:10 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-05-04 11:06:10 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-05-04 11:06:10 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-05-04 11:06:05 ----A---- C:\WINDOWS\system32\irclass.dll
2009-05-04 11:06:05 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-05-04 11:06:05 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-05-04 11:06:04 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-05-04 11:06:04 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-05-04 11:06:02 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-05-04 11:06:01 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-05-04 11:06:01 ----A---- C:\WINDOWS\system32\batt.dll
2009-05-04 11:06:00 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-05-04 11:05:59 ----A---- C:\WINDOWS\system32\storprop.dll
2009-05-04 11:05:46 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-05-04 11:05:40 ----RA---- C:\WINDOWS\SET8.tmp
2009-05-04 11:05:35 ----RA---- C:\WINDOWS\SET4.tmp
2009-05-04 11:05:33 ----RA---- C:\WINDOWS\SET3.tmp
2009-05-04 11:05:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-04 11:05:27 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-04 11:05:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-04 11:05:03 ----A---- C:\WINDOWS\setuplog.txt
2009-05-04 11:04:58 ----SHD---- C:\System Volume Information
2009-05-04 11:04:58 ----D---- C:\Documents and Settings
2009-05-04 11:04:09 ----SH---- C:\boot.ini
2009-05-04 10:57:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-04 10:57:31 ----RSD---- C:\WINDOWS\Fonts
2009-05-04 10:57:31 ----RD---- C:\WINDOWS\Web
2009-05-04 10:57:31 ----HD---- C:\WINDOWS\inf
2009-05-04 10:57:31 ----D---- C:\WINDOWS\WinSxS
2009-05-04 10:57:31 ----D---- C:\WINDOWS\twain_32
2009-05-04 10:57:31 ----D---- C:\WINDOWS\Temp
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\wins
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\wbem
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\usmt
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\spool
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\ShellExt
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\Setup
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\ras
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\oobe
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\npp
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\mui
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\inetsrv
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\IME
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\icsxml
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\ias
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\export
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\drivers
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\dhcp
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\config
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\3com_dmi
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\3076
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\2052
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\1054
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\1042
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\1041
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\1037
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\1036
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\1033
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\1031
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\1028
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32\1025
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system32
2009-05-04 10:57:31 ----D---- C:\WINDOWS\system
2009-05-04 10:57:31 ----D---- C:\WINDOWS\security
2009-05-04 10:57:31 ----D---- C:\WINDOWS\Resources
2009-05-04 10:57:31 ----D---- C:\WINDOWS\repair
2009-05-04 10:57:31 ----D---- C:\WINDOWS\Provisioning
2009-05-04 10:57:31 ----D---- C:\WINDOWS\PeerNet
2009-05-04 10:57:31 ----D---- C:\WINDOWS\pchealth
2009-05-04 10:57:31 ----D---- C:\WINDOWS\mui
2009-05-04 10:57:31 ----D---- C:\WINDOWS\msapps
2009-05-04 10:57:31 ----D---- C:\WINDOWS\msagent
2009-05-04 10:57:31 ----D---- C:\WINDOWS\Media
2009-05-04 10:57:31 ----D---- C:\WINDOWS\java
2009-05-04 10:57:31 ----D---- C:\WINDOWS\ime
2009-05-04 10:57:31 ----D---- C:\WINDOWS\Help
2009-05-04 10:57:31 ----D---- C:\WINDOWS\ehome
2009-05-04 10:57:31 ----D---- C:\WINDOWS\Driver Cache
2009-05-04 10:57:31 ----D---- C:\WINDOWS\Debug
2009-05-04 10:57:31 ----D---- C:\WINDOWS\Cursors
2009-05-04 10:57:31 ----D---- C:\WINDOWS\Connection Wizard
2009-05-04 10:57:31 ----D---- C:\WINDOWS\Config
2009-05-04 10:57:31 ----D---- C:\WINDOWS\AppPatch
2009-05-04 10:57:31 ----D---- C:\WINDOWS\addins
2009-05-04 10:57:31 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2009-05-04 14:41:10 ----A---- C:\WINDOWS\system.ini
2009-05-04 13:23:27 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-19 46720]
R3 ac97intc;Service d'installation du pilote audio Intel(r) 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 asc3360pr;asc3360pr; \??\C:\WINDOWS\system32\drivers\rmjep.sys []
R3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-19 60800]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-19 61824]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 166960]

-----------------EOF-----------------

Répondre à amedo

Destrio5, le 6 mai 2009 à 16:50:39

--> Télécharge UsbFix (de C_XX & Chiquitine29) sur ton Bureau.

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix sur ton Bureau.

--> Choisis l'option 1 (Recherche).

--> Laisse travailler l'outil.

--> Poste le rapport UsbFix.txt.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

Répondre à Destrio5

Posez votre question Répondre