Hijackthis (pour regis58)
Résolu
jadareem
Messages postés
33
Statut
Membre
-
Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Merci regis pour tous ces conseils!!! c super gentil!!!
Voila j'ai suivis ta procedure et voici le contenu du fichier report.txt
SDFix: Version 1.81
Run by Julie Cahn - 03/05/2007 - 0:24:26,96
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
av4tlcmr8h
ImagePath:
C:\WINDOWS\system32\dior4f47479281.exe /service
av4tlcmr8h - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\SYSTEM32\KLJSSE.EXE - Deleted
C:\WINDOWS\SYSTEM32\CDXDIZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\AJDDBA.EXE - Deleted
C:\WINDOWS\SYSTEM32\QDBKAH.EXE - Deleted
C:\WINDOWS\SYSTEM32\UKXINZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\KQIDSV.EXE - Deleted
C:\WINDOWS\SYSTEM32\QPUBMN.EXE - Deleted
C:\WINDOWS\SYSTEM32\JDHPXO.EXE - Deleted
C:\WINDOWS\SYSTEM32\FGOZKX.EXE - Deleted
C:\WINDOWS\SYSTEM32\IZRYUU.EXE - Deleted
C:\WINDOWS\SYSTEM32\PHQGHU.EXE - Deleted
C:\WINDOWS\SYSTEM32\HMDIPO.EXE - Deleted
C:\WINDOWS\SYSTEM32\ZSPGRM.EXE - Deleted
C:\WINDOWS\SYSTEM32\FUXOVY.EXE - Deleted
C:\WINDOWS\SYSTEM32\NQDUXW.EXE - Deleted
C:\WINDOWS\SYSTEM32\NAHMPO.EXE - Deleted
C:\WINDOWS\SYSTEM32\XCEMBM.EXE - Deleted
C:\WINDOWS\SYSTEM32\SCXGGB.EXE - Deleted
C:\WINDOWS\SYSTEM32\NCBQPM.EXE - Deleted
C:\WINDOWS\SYSTEM32\IRKTVU.EXE - Deleted
C:\WINDOWS\SYSTEM32\VBXAPJ.EXE - Deleted
C:\WINDOWS\SYSTEM32\HMDELU.EXE - Deleted
C:\WINDOWS\SYSTEM32\ABCXAD.EXE - Deleted
C:\WINDOWS\SYSTEM32\KTXKWZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\VYLCHU.EXE - Deleted
C:\WINDOWS\SYSTEM32\XMZCBK.EXE - Deleted
C:\WINDOWS\SYSTEM32\REPGGX.EXE - Deleted
C:\WINDOWS\SYSTEM32\EHCZYH.EXE - Deleted
C:\WINDOWS\SYSTEM32\GGXRPN.EXE - Deleted
C:\WINDOWS\SYSTEM32\RUTYXO.EXE - Deleted
C:\WINDOWS\SYSTEM32\CJCZWC.EXE - Deleted
C:\WINDOWS\SYSTEM32\BCVPHC.EXE - Deleted
C:\WINDOWS\SYSTEM32\GXWBGD.EXE - Deleted
C:\WINDOWS\SYSTEM32\RMJKDS.EXE - Deleted
C:\WINDOWS\SYSTEM32\XKBSXU.EXE - Deleted
C:\WINDOWS\SYSTEM32\FBRDQC.EXE - Deleted
C:\WINDOWS\SYSTEM32\NCJAHK.EXE - Deleted
C:\WINDOWS\SYSTEM32\QSDEMO.EXE - Deleted
C:\WINDOWS\SYSTEM32\FYZMPC.EXE - Deleted
C:\WINDOWS\SYSTEM32\KZUXSZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\RWDGZW.EXE - Deleted
C:\WINDOWS\SYSTEM32\RPNRVY.EXE - Deleted
C:\WINDOWS\SYSTEM32\IBOHCH.EXE - Deleted
C:\WINDOWS\SYSTEM32\KKASVW.EXE - Deleted
C:\WINDOWS\SYSTEM32\GJOJAT.EXE - Deleted
C:\WINDOWS\SYSTEM32\QXAJOR.EXE - Deleted
C:\WINDOWS\SYSTEM32\SCTWVO.EXE - Deleted
C:\WINDOWS\SYSTEM32\FSVKPI.EXE - Deleted
C:\WINDOWS\SYSTEM32\XULKLN.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFKRMH.EXE - Deleted
C:\WINDOWS\SYSTEM32\KPWBUP.EXE - Deleted
C:\WINDOWS\SYSTEM32\WTIBEJ.EXE - Deleted
C:\WINDOWS\SYSTEM32\XOLRRH.EXE - Deleted
C:\WINDOWS\SYSTEM32\DJWJMA.EXE - Deleted
C:\WINDOWS\SYSTEM32\ZHLVDT.EXE - Deleted
C:\WINDOWS\SYSTEM32\XOAIVJ.EXE - Deleted
C:\WINDOWS\SYSTEM32\28818_~1.EXE - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7BC.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7BD.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7BA.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7A4.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7A5.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7A0.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7AE.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7AF.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7AC.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7AD.tmp - Deleted
C:\WINDOWS\Temp\sklrr7y8823908.tmp - Deleted
C:\WINDOWS\odbc.INI - Deleted
Removing Temp Files
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe:LocalSubNet:Enabled:PMSManager.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\Pmc.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\Pmc.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe:LocalSubNet:Enabled:PSST.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe:LocalSubNet:Enabled:PMC.Tvtv.Wizard.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes:
C:\WINDOWS\system32\8F176C33B7.sys
C:\Documents and Settings\All Users\Documents\1ere Ann‚e EIM\compta gestion et financiere\~WRL3520.tmp
C:\Documents and Settings\All Users\Documents\1ere Ann‚e EIM\compta gestion et financiere\~WRL3805.tmp
C:\Documents and Settings\All Users\Documents\1ere Ann‚e EIM\introduction au droit\~WRL1979.tmp
C:\Documents and Settings\All Users\Documents\1ere Ann‚e EIM\histoire des religions\~WRL3063.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\Julie Cahn\Mes documents\~WRL2525.tmp
C:\Documents and Settings\Julie Cahn\Mes documents\Mes fichiers re‡us\~WRL2385.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0009.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0006.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1634.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0133.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3224.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3093.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3787.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2433.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0738.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1310.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0025.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3197.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3849.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2801.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL4065.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3493.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2717.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1782.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2439.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0007.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1340.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3809.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0534.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3527.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0829.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1760.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0671.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3844.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1222.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0003.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0005.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1159.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2645.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1423.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2100.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2446.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2743.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3399.tmp
Finished
Voila j'ai suivis ta procedure et voici le contenu du fichier report.txt
SDFix: Version 1.81
Run by Julie Cahn - 03/05/2007 - 0:24:26,96
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
av4tlcmr8h
ImagePath:
C:\WINDOWS\system32\dior4f47479281.exe /service
av4tlcmr8h - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\SYSTEM32\KLJSSE.EXE - Deleted
C:\WINDOWS\SYSTEM32\CDXDIZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\AJDDBA.EXE - Deleted
C:\WINDOWS\SYSTEM32\QDBKAH.EXE - Deleted
C:\WINDOWS\SYSTEM32\UKXINZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\KQIDSV.EXE - Deleted
C:\WINDOWS\SYSTEM32\QPUBMN.EXE - Deleted
C:\WINDOWS\SYSTEM32\JDHPXO.EXE - Deleted
C:\WINDOWS\SYSTEM32\FGOZKX.EXE - Deleted
C:\WINDOWS\SYSTEM32\IZRYUU.EXE - Deleted
C:\WINDOWS\SYSTEM32\PHQGHU.EXE - Deleted
C:\WINDOWS\SYSTEM32\HMDIPO.EXE - Deleted
C:\WINDOWS\SYSTEM32\ZSPGRM.EXE - Deleted
C:\WINDOWS\SYSTEM32\FUXOVY.EXE - Deleted
C:\WINDOWS\SYSTEM32\NQDUXW.EXE - Deleted
C:\WINDOWS\SYSTEM32\NAHMPO.EXE - Deleted
C:\WINDOWS\SYSTEM32\XCEMBM.EXE - Deleted
C:\WINDOWS\SYSTEM32\SCXGGB.EXE - Deleted
C:\WINDOWS\SYSTEM32\NCBQPM.EXE - Deleted
C:\WINDOWS\SYSTEM32\IRKTVU.EXE - Deleted
C:\WINDOWS\SYSTEM32\VBXAPJ.EXE - Deleted
C:\WINDOWS\SYSTEM32\HMDELU.EXE - Deleted
C:\WINDOWS\SYSTEM32\ABCXAD.EXE - Deleted
C:\WINDOWS\SYSTEM32\KTXKWZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\VYLCHU.EXE - Deleted
C:\WINDOWS\SYSTEM32\XMZCBK.EXE - Deleted
C:\WINDOWS\SYSTEM32\REPGGX.EXE - Deleted
C:\WINDOWS\SYSTEM32\EHCZYH.EXE - Deleted
C:\WINDOWS\SYSTEM32\GGXRPN.EXE - Deleted
C:\WINDOWS\SYSTEM32\RUTYXO.EXE - Deleted
C:\WINDOWS\SYSTEM32\CJCZWC.EXE - Deleted
C:\WINDOWS\SYSTEM32\BCVPHC.EXE - Deleted
C:\WINDOWS\SYSTEM32\GXWBGD.EXE - Deleted
C:\WINDOWS\SYSTEM32\RMJKDS.EXE - Deleted
C:\WINDOWS\SYSTEM32\XKBSXU.EXE - Deleted
C:\WINDOWS\SYSTEM32\FBRDQC.EXE - Deleted
C:\WINDOWS\SYSTEM32\NCJAHK.EXE - Deleted
C:\WINDOWS\SYSTEM32\QSDEMO.EXE - Deleted
C:\WINDOWS\SYSTEM32\FYZMPC.EXE - Deleted
C:\WINDOWS\SYSTEM32\KZUXSZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\RWDGZW.EXE - Deleted
C:\WINDOWS\SYSTEM32\RPNRVY.EXE - Deleted
C:\WINDOWS\SYSTEM32\IBOHCH.EXE - Deleted
C:\WINDOWS\SYSTEM32\KKASVW.EXE - Deleted
C:\WINDOWS\SYSTEM32\GJOJAT.EXE - Deleted
C:\WINDOWS\SYSTEM32\QXAJOR.EXE - Deleted
C:\WINDOWS\SYSTEM32\SCTWVO.EXE - Deleted
C:\WINDOWS\SYSTEM32\FSVKPI.EXE - Deleted
C:\WINDOWS\SYSTEM32\XULKLN.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFKRMH.EXE - Deleted
C:\WINDOWS\SYSTEM32\KPWBUP.EXE - Deleted
C:\WINDOWS\SYSTEM32\WTIBEJ.EXE - Deleted
C:\WINDOWS\SYSTEM32\XOLRRH.EXE - Deleted
C:\WINDOWS\SYSTEM32\DJWJMA.EXE - Deleted
C:\WINDOWS\SYSTEM32\ZHLVDT.EXE - Deleted
C:\WINDOWS\SYSTEM32\XOAIVJ.EXE - Deleted
C:\WINDOWS\SYSTEM32\28818_~1.EXE - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7BC.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7BD.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7BA.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7A4.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7A5.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7A0.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7AE.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7AF.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7AC.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4BFD4A7AD.tmp - Deleted
C:\WINDOWS\Temp\sklrr7y8823908.tmp - Deleted
C:\WINDOWS\odbc.INI - Deleted
Removing Temp Files
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe:LocalSubNet:Enabled:PMSManager.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\Pmc.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\Pmc.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe:LocalSubNet:Enabled:PSST.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe:LocalSubNet:Enabled:PMC.Tvtv.Wizard.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes:
C:\WINDOWS\system32\8F176C33B7.sys
C:\Documents and Settings\All Users\Documents\1ere Ann‚e EIM\compta gestion et financiere\~WRL3520.tmp
C:\Documents and Settings\All Users\Documents\1ere Ann‚e EIM\compta gestion et financiere\~WRL3805.tmp
C:\Documents and Settings\All Users\Documents\1ere Ann‚e EIM\introduction au droit\~WRL1979.tmp
C:\Documents and Settings\All Users\Documents\1ere Ann‚e EIM\histoire des religions\~WRL3063.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\Julie Cahn\Mes documents\~WRL2525.tmp
C:\Documents and Settings\Julie Cahn\Mes documents\Mes fichiers re‡us\~WRL2385.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0009.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0006.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1634.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0133.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3224.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3093.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3787.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2433.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0738.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1310.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0025.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3197.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3849.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2801.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL4065.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3493.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2717.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1782.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2439.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0007.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1340.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3809.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0534.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3527.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0829.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1760.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0671.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3844.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1222.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0003.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL0005.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1159.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2645.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL1423.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2100.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2446.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL2743.tmp
C:\Documents and Settings\Julie Cahn\Application Data\Microsoft\Word\~WRL3399.tmp
Finished
A voir également:
- Hijackthis (pour regis58)
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Entraide Hijackthis ✓ - Forum Virus
- Demande d'aide pour un Log Hijackthis - Forum Virus
- Analyse HiJackThis - Forum Virus
- Raport hijackthis - Forum Virus
5 réponses
coucou,
Je susi toujours sur le meme poste (enfin si pour toi le poste ca ve dire le meme ordi? je n'ai pas change?!)
bis
Julie
Je susi toujours sur le meme poste (enfin si pour toi le poste ca ve dire le meme ordi? je n'ai pas change?!)
bis
Julie
Coucou Julie,
Pour moi le meme poste, c'est au meme endroit ou je t avais demandé de faire cela ;)
A+
Pour moi le meme poste, c'est au meme endroit ou je t avais demandé de faire cela ;)
A+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
