Sujet Précédent Sujet Suivant

Hijackthis (pour regis58)

Résolu/Fermé
jadareem Messages postés 33 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 31 mai 2007 - 3 mai 2007 à 01:49
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 - 4 mai 2007 à 18:59
Merci regis pour tous ces conseils!!! c super gentil!!!
Voila j'ai suivis ta procedure et voici le contenu du fichier report.txt

SDFix: Version 1.81

Run by Julie Cahn - 03/05/2007 - 0:24:26,96

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
av4tlcmr8h

ImagePath:
C:\WINDOWS\system32\dior4f47479281.exe /service

av4tlcmr8h - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\KLJSSE.EXE - Deleted
C:\WINDOWS\SYSTEM32\CDXDIZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\AJDDBA.EXE - Deleted
C:\WINDOWS\SYSTEM32\QDBKAH.EXE - Deleted
C:\WINDOWS\SYSTEM32\UKXINZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\KQIDSV.EXE - Deleted
C:\WINDOWS\SYSTEM32\QPUBMN.EXE - Deleted
C:\WINDOWS\SYSTEM32\JDHPXO.EXE - Deleted
C:\WINDOWS\SYSTEM32\FGOZKX.EXE - Deleted
C:\WINDOWS\SYSTEM32\IZRYUU.EXE - Deleted
C:\WINDOWS\SYSTEM32\PHQGHU.EXE - Deleted
C:\WINDOWS\SYSTEM32\HMDIPO.EXE - Deleted
C:\WINDOWS\SYSTEM32\ZSPGRM.EXE - Deleted
C:\WINDOWS\SYSTEM32\FUXOVY.EXE - Deleted
C:\WINDOWS\SYSTEM32\NQDUXW.EXE - Deleted
C:\WINDOWS\SYSTEM32\NAHMPO.EXE - Deleted
C:\WINDOWS\SYSTEM32\XCEMBM.EXE - Deleted
C:\WINDOWS\SYSTEM32\SCXGGB.EXE - Deleted
C:\WINDOWS\SYSTEM32\NCBQPM.EXE - Deleted
C:\WINDOWS\SYSTEM32\IRKTVU.EXE - Deleted
C:\WINDOWS\SYSTEM32\VBXAPJ.EXE - Deleted
C:\WINDOWS\SYSTEM32\HMDELU.EXE - Deleted
C:\WINDOWS\SYSTEM32\ABCXAD.EXE - Deleted
C:\WINDOWS\SYSTEM32\KTXKWZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\VYLCHU.EXE - Deleted
C:\WINDOWS\SYSTEM32\XMZCBK.EXE - Deleted
C:\WINDOWS\SYSTEM32\REPGGX.EXE - Deleted
C:\WINDOWS\SYSTEM32\EHCZYH.EXE - Deleted
C:\WINDOWS\SYSTEM32\GGXRPN.EXE - Deleted
C:\WINDOWS\SYSTEM32\RUTYXO.EXE - Deleted
C:\WINDOWS\SYSTEM32\CJCZWC.EXE - Deleted
C:\WINDOWS\SYSTEM32\BCVPHC.EXE - Deleted
C:\WINDOWS\SYSTEM32\GXWBGD.EXE - Deleted
C:\WINDOWS\SYSTEM32\RMJKDS.EXE - Deleted
C:\WINDOWS\SYSTEM32\XKBSXU.EXE - Deleted
C:\WINDOWS\SYSTEM32\FBRDQC.EXE - Deleted
C:\WINDOWS\SYSTEM32\NCJAHK.EXE - Deleted
C:\WINDOWS\SYSTEM32\QSDEMO.EXE - Deleted
C:\WINDOWS\SYSTEM32\FYZMPC.EXE - Deleted
C:\WINDOWS\SYSTEM32\KZUXSZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\RWDGZW.EXE - Deleted
C:\WINDOWS\SYSTEM32\RPNRVY.EXE - Deleted
C:\WINDOWS\SYSTEM32\IBOHCH.EXE - Deleted
C:\WINDOWS\SYSTEM32\KKASVW.EXE - Deleted
C:\WINDOWS\SYSTEM32\GJOJAT.EXE - Deleted
C:\WINDOWS\SYSTEM32\QXAJOR.EXE - Deleted
C:\WINDOWS\SYSTEM32\SCTWVO.EXE - Deleted
C:\WINDOWS\SYSTEM32\FSVKPI.EXE - Deleted
C:\WINDOWS\SYSTEM32\XULKLN.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFKRMH.EXE - Deleted
C:\WINDOWS\SYSTEM32\KPWBUP.EXE - Deleted
C:\WINDOWS\SYSTEM32\WTIBEJ.EXE - Deleted
C:\WINDOWS\SYSTEM32\XOLRRH.EXE - Deleted
C:\WINDOWS\SYSTEM32\DJWJMA.EXE - Deleted
C:\WINDOWS\SYSTEM32\ZHLVDT.EXE - Deleted
C:\WINDOWS\SYSTEM32\XOAIVJ.EXE - Deleted
C:\WINDOWS\SYSTEM32\28818_~1.EXE - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7BC.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7BD.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7BA.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7A4.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7A5.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7A0.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7AE.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7AF.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7AC.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7AD.tmp - Deleted
C:\WINDOWS\Temp\sklrr7y8823908.tmp - Deleted
C:\WINDOWS\odbc.INI - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe:LocalSubNet:Enabled:PMSManager.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\Pmc.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\Pmc.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe:LocalSubNet:Enabled:PSST.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe:LocalSubNet:Enabled:PMC.Tvtv.Wizard.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\WINDOWS\system32\8F176C33B7.sys
C:\Documents and Settings\All Users\Documents\1ere Ann‚e EIM\compta gestion et financiere\~WRL3520.tmp
C:\Documents and Settings\All Users\Documents\1ere Ann‚e EIM\compta gestion et financiere\~WRL3805.tmp
C:\Documents and Settings\All Users\Documents\1ere Ann‚e EIM\introduction au droit\~WRL1979.tmp
C:\Documents and Settings\All Users\Documents\1ere Ann‚e EIM\histoire des religions\~WRL3063.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\Julie Cahn\Mes documents\~WRL2525.tmp
C:\Documents and Settings\Julie Cahn\Mes documents\Mes fichiers re‡us\~WRL2385.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0009.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0006.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1634.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0133.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3224.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3093.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3787.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2433.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0738.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1310.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0025.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3197.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3849.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2801.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL4065.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3493.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2717.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1782.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2439.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0007.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1340.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3809.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0534.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3527.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0829.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1760.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0671.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3844.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1222.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0003.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0005.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1159.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2645.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1423.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2100.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2446.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2743.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3399.tmp

Finished
A voir également:

5 réponses

Réponse 1 / 5
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
3 mai 2007 à 11:21
Hello

Tu peux rester sur le poste ou on etait?

A+
0
Réponse 2 / 5
jadareem Messages postés 33 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 31 mai 2007
3 mai 2007 à 13:09
coucou,

Je susi toujours sur le meme poste (enfin si pour toi le poste ca ve dire le meme ordi? je n'ai pas change?!)

bis
Julie
0
Réponse 3 / 5
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
3 mai 2007 à 17:46
Coucou Julie,

Pour moi le meme poste, c'est au meme endroit ou je t avais demandé de faire cela ;)

A+
0
jadareem Messages postés 33 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 31 mai 2007
3 mai 2007 à 18:49
Coucou Regis,

Ben en fait je suis toujours restee sur le meme poste, et jai suivit toutes tes indications....
alors pe etre ke je nai toujours pas bien compris ce ke tu ve dire....:(

Bisous

Julie
0
Réponse 4 / 5
jadareem Messages postés 33 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 31 mai 2007
3 mai 2007 à 20:45
c bon g comprissss j'ai tout remis sur le poste initial!!!
:)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
4 mai 2007 à 18:59
OK lol

:)
0

Discussions similaires

Hijackthis pour Android mobile
Sartuplady -
le druide -

3 réponses
Analyse des logs hijackthis
philnoug -
nayas13 -

35 réponses
Analyse en ligne du log Hijackthis
tufs -
tufs -

2 réponses
HIJACKTHIS tutorial
CHUNKY -
Fox-Winsax -

3 réponses
rapport hijackthis
Utilisateur anonyme -
Utilisateur anonyme -

7 réponses