Virus
homaga10
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:04 AM, on 2/16/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\Apache.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ismserv.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\OfcAoSMgr.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\web\service\ofcservice.exe
C:\hp\hpsmh\bin\smhstart.exe
C:\WINDOWS\System32\wins.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\DbServer.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\CpqRcmc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\sysdown.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\Apache.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ma.ori.local
O17 - HKLM\Software\..\Telephony: DomainName = ma.ori.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ma.ori.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ma.ori.local
O23 - Service: Apache2 - Apache Software Foundation - c:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\Apache.exe
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqRcmc.exe
O23 - Service: ISC BIND (named) - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe
O23 - Service: Scan en temps rel Trend Micro Client/Server Security Agent (ntrtscan) - Unknown owner - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe (file missing)
O23 - Service: Trend Micro Plug-in Manager (OfcAoSMgr) - Trend Micro Inc. - C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\OfcAoSMgr.exe
O23 - Service: Trend Micro Security Server Master Service (ofcservice) - Trend Micro Inc. - C:\Program Files\Trend Micro\Security Server\PCCSRV\web\service\ofcservice.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINDOWS\system32\sysdown.exe
O23 - Service: HP System Management Homepage (SysMgmtHP) - Hewlett-Packard Company - C:\hp\hpsmh/bin/smhstart.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\..\BM\TMBMSRV.exe
O23 - Service: Trend Micro IMSS Web Console (TmImssAdminUI) - Unknown owner - C:\Program Files\Trend Micro\IMSS\ui\tomcat\bin\tomcat5.exe (file missing)
O23 - Service: Trend Micro IMSS CMAgent Service (TmImssCMAgent) - Unknown owner - C:\Program Files\Trend Micro\IMSS\bin\imsscmagent.exe (file missing)
O23 - Service: Trend Micro IMSS IPProfiler (TmImssIpprofiler) - Unknown owner - C:\Program Files\Trend Micro\IMSS\bin\foxdns.exe (file missing)
O23 - Service: Trend Micro IMSS Manager (TmImssManager) - Unknown owner - C:\Program Files\Trend Micro\IMSS\bin\imssmgr.exe (file missing)
O23 - Service: Trend Micro IMSS SMTP Service (TmImssMTA) - Unknown owner - C:\Program Files\Trend Micro\IMSS\bin\tsmtpd.exe (file missing)
O23 - Service: Trend Micro IMSS Policy Service (TmImssPolicy) - Unknown owner - C:\Program Files\Trend Micro\IMSS\bin\imssps.exe (file missing)
O23 - Service: Trend Micro IMSS Scan Service (TmImssScan) - Unknown owner - C:\Program Files\Trend Micro\IMSS\bin\IMSSService.exe (file missing)
O23 - Service: Trend Micro IMSS Task Services (TmImssTasks) - Unknown owner - C:\Program Files\Trend Micro\IMSS\bin\imsstasks.exe (file missing)
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:04 AM, on 2/16/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\Apache.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ismserv.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\OfcAoSMgr.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\web\service\ofcservice.exe
C:\hp\hpsmh\bin\smhstart.exe
C:\WINDOWS\System32\wins.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\DbServer.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\CpqRcmc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\sysdown.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\Apache.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ma.ori.local
O17 - HKLM\Software\..\Telephony: DomainName = ma.ori.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ma.ori.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ma.ori.local
O23 - Service: Apache2 - Apache Software Foundation - c:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\Apache.exe
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqRcmc.exe
O23 - Service: ISC BIND (named) - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe
O23 - Service: Scan en temps rel Trend Micro Client/Server Security Agent (ntrtscan) - Unknown owner - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe (file missing)
O23 - Service: Trend Micro Plug-in Manager (OfcAoSMgr) - Trend Micro Inc. - C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\OfcAoSMgr.exe
O23 - Service: Trend Micro Security Server Master Service (ofcservice) - Trend Micro Inc. - C:\Program Files\Trend Micro\Security Server\PCCSRV\web\service\ofcservice.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINDOWS\system32\sysdown.exe
O23 - Service: HP System Management Homepage (SysMgmtHP) - Hewlett-Packard Company - C:\hp\hpsmh/bin/smhstart.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\..\BM\TMBMSRV.exe
O23 - Service: Trend Micro IMSS Web Console (TmImssAdminUI) - Unknown owner - C:\Program Files\Trend Micro\IMSS\ui\tomcat\bin\tomcat5.exe (file missing)
O23 - Service: Trend Micro IMSS CMAgent Service (TmImssCMAgent) - Unknown owner - C:\Program Files\Trend Micro\IMSS\bin\imsscmagent.exe (file missing)
O23 - Service: Trend Micro IMSS IPProfiler (TmImssIpprofiler) - Unknown owner - C:\Program Files\Trend Micro\IMSS\bin\foxdns.exe (file missing)
O23 - Service: Trend Micro IMSS Manager (TmImssManager) - Unknown owner - C:\Program Files\Trend Micro\IMSS\bin\imssmgr.exe (file missing)
O23 - Service: Trend Micro IMSS SMTP Service (TmImssMTA) - Unknown owner - C:\Program Files\Trend Micro\IMSS\bin\tsmtpd.exe (file missing)
O23 - Service: Trend Micro IMSS Policy Service (TmImssPolicy) - Unknown owner - C:\Program Files\Trend Micro\IMSS\bin\imssps.exe (file missing)
O23 - Service: Trend Micro IMSS Scan Service (TmImssScan) - Unknown owner - C:\Program Files\Trend Micro\IMSS\bin\IMSSService.exe (file missing)
O23 - Service: Trend Micro IMSS Task Services (TmImssTasks) - Unknown owner - C:\Program Files\Trend Micro\IMSS\bin\imsstasks.exe (file missing)
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
A voir également:
- Virus
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
1 réponse
bonjour :
réouvre hijackthis
fais scan only
coches ces lignes :
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
tu les coches et tu clic sur fix checked
Telecharge maintenant FindyKill sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
--> Lance l installation avec les parametres par default
--> Au menu principal,choisi l option 1 (Recherche)
--> Post le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
réouvre hijackthis
fais scan only
coches ces lignes :
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
tu les coches et tu clic sur fix checked
Telecharge maintenant FindyKill sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
--> Lance l installation avec les parametres par default
--> Au menu principal,choisi l option 1 (Recherche)
--> Post le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
