Hijackthis log
HelmondB
Messages postés
2
Statut
Membre
-
HelmondB Messages postés 2 Statut Membre -
HelmondB Messages postés 2 Statut Membre -
Bonjour,
Je suis administrateur, entre autre, d'un serveur Windows 2003 (je sais, je sais...) et je suis la cible depuis quelques mois d'attaques de vers, visiblement pour l'utilisation de mon serveur comme zombie dans un réseau P2P (torrent). J'ai essayé plusieurs solutons mais rien ne fonctionne (à part la solution temporaire de la réinstall complète!). J'ai repéré dans ma registry la présence d'une clé bizarre : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\__ScriptGod_RootKit_DeviceDriver__ Je ne sais pas à quoi ca correspond...
Voici mon log Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54:10, on 1/14/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\SWSoft\Plesk\kav\kavsvc.exe
C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MELSC.EXE
C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MEMTA.EXE
C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MEPOC.EXE
C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MEPOPS.EXE
C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MESMTPC.EXE
c:\WINDOWS\system32\CatRoot2\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}\svchost.exe
C:\Program Files\SWSoft\Plesk\Databases\MSDEMSSQL\Binn\sqlservr.exe
c:\WINDOWS\system32\CatRoot2\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}\java\bin\java.exe
C:\WINDOWS\system32\config\rad.exe
C:\Program Files\SWSoft\Plesk\SiteBuilder\HostingService\Bin\HostingService.exe
C:\WINDOWS\system32\inetsrv\svchost.exe
C:\Program Files\SWSoft\Plesk\Additional\Tomcat\bin\tomcat5.exe
C:\Program Files\SWSoft\Plesk\admin\bin\PopPassD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SWSoft\Plesk\admin\bin\PleskControlPanel.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\SWSoft\Plesk\admin\bin\traymonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\regedit.exe
C:\_soft\06_HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.be/?gws_rd=ssl
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Plesk Services Monitor.lnk = C:\Program Files\SWSoft\Plesk\admin\bin\traymonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O15 - ESC Trusted Zone: http://ads.grx.adbrite.com
O15 - ESC Trusted Zone: https://www.adobe.com/
O15 - ESC Trusted Zone: https://marketingplatform.google.com/about/enterprise/
O15 - ESC Trusted Zone: https://filezilla.fr/
O15 - ESC Trusted Zone: https://www.google.be/?gws_rd=ssl
O15 - ESC Trusted Zone: http://*.hebits.net
O15 - ESC Trusted Zone: http://*.sourceforge.net
O15 - ESC Trusted Zone: https://www.toolbox.com/tech/
O15 - ESC Trusted Zone: https://www.torrentleech.org/
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A2BDFF3-C114-4C4E-B7B0-7426644239A8}: NameServer = 10.48.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{B369A5E6-0434-40EC-A893-112441400F95}: NameServer = 213.186.33.99
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Openssh SSHD (copSSHD) - Unknown owner - C:\Program Files\copSSH\bin\cygrunsrv.exe
O23 - Service: DrWebCom - Doctor Web Ltd. - C:\Program Files\SWSoft\Plesk\DrWeb\drwebcom.exe
O23 - Service: KasperskyTM Anti-Virus (kavsvc) - SWsoft, Inc - C:\Program Files\SWSoft\Plesk\kav\kavsvc.exe
O23 - Service: MailEnable List Connector (MELCS) - MailEnable Pty Ltd - C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MELSC.EXE
O23 - Service: MailEnable Mail Transfer Agent (MEMTAS) - MailEnable Pty Ltd - C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MEMTA.EXE
O23 - Service: MailEnable Postoffice Connector (MEPOCS) - MailEnable Pty Ltd - C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MEPOC.EXE
O23 - Service: MailEnable POP Service (MEPOPS) - MailEnable Pty Ltd - C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MEPOPS.EXE
O23 - Service: MailEnable SMTP Connector (MESMTPCS) - MailEnable Pty Ltd - C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MESMTPC.EXE
O23 - Service: MicroSoft Netstart Logon System (MSnls) - Unknown owner - c:\WINDOWS\system32\CatRoot2\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}\svchost.exe
O23 - Service: MySQL Server (MySQL) - Unknown owner - C:\Program Files\SWSoft\Plesk\Databases\MySQL\bin\mysqld-nt.exe
O23 - Service: Plesk Name Server (named) - Unknown owner - C:\Program Files\SWSoft\Plesk\dns\bin\named.exe
O23 - Service: Plesk Control Panel Service (PleskControlPanel) - SWsoft, Inc - C:\Program Files\SWSoft\Plesk\admin\bin\PleskControlPanel.exe
O23 - Service: Plesk Management Service (plesksrv) - SWsoft, Inc - C:\Program Files\SWSoft\Plesk\admin\bin\plesksrv.exe
O23 - Service: Plesk PopPass Service (PopPassD) - SWsoft, Inc - C:\Program Files\SWSoft\Plesk\admin\bin\PopPassD.exe
O23 - Service: Remote Controller (RpcCtr) - Unknown owner - C:\WINDOWS\system32\script.dll
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\config\rad.exe
O23 - Service: SiteBuilder for Windows Hosting Service (SBPreviewHost) - SWSoft Inc. - C:\Program Files\SWSoft\Plesk\SiteBuilder\HostingService\Bin\HostingService.exe
O23 - Service: SiteBuilder for Windows Updater Service (SBUpdater) - SWSoft Inc. - C:\Program Files\SWSoft\Plesk\SiteBuilder\HostingService\Bin\HostingService.exe
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Plesk SSL Wrapper Service (stunnel) - Unknown owner - C:\Program Files\SWSoft\Plesk\admin\bin\stunnel.exe
O23 - Service: MS System Monitor (sysmon) - Unknown owner - C:\WINDOWS\system32\inetsrv\svchost.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\SWSoft\Plesk\Additional\Tomcat\bin\tomcat5.exe
Je suis administrateur, entre autre, d'un serveur Windows 2003 (je sais, je sais...) et je suis la cible depuis quelques mois d'attaques de vers, visiblement pour l'utilisation de mon serveur comme zombie dans un réseau P2P (torrent). J'ai essayé plusieurs solutons mais rien ne fonctionne (à part la solution temporaire de la réinstall complète!). J'ai repéré dans ma registry la présence d'une clé bizarre : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\__ScriptGod_RootKit_DeviceDriver__ Je ne sais pas à quoi ca correspond...
Voici mon log Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54:10, on 1/14/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\SWSoft\Plesk\kav\kavsvc.exe
C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MELSC.EXE
C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MEMTA.EXE
C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MEPOC.EXE
C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MEPOPS.EXE
C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MESMTPC.EXE
c:\WINDOWS\system32\CatRoot2\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}\svchost.exe
C:\Program Files\SWSoft\Plesk\Databases\MSDEMSSQL\Binn\sqlservr.exe
c:\WINDOWS\system32\CatRoot2\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}\java\bin\java.exe
C:\WINDOWS\system32\config\rad.exe
C:\Program Files\SWSoft\Plesk\SiteBuilder\HostingService\Bin\HostingService.exe
C:\WINDOWS\system32\inetsrv\svchost.exe
C:\Program Files\SWSoft\Plesk\Additional\Tomcat\bin\tomcat5.exe
C:\Program Files\SWSoft\Plesk\admin\bin\PopPassD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SWSoft\Plesk\admin\bin\PleskControlPanel.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\SWSoft\Plesk\admin\bin\traymonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\regedit.exe
C:\_soft\06_HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.be/?gws_rd=ssl
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Plesk Services Monitor.lnk = C:\Program Files\SWSoft\Plesk\admin\bin\traymonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O15 - ESC Trusted Zone: http://ads.grx.adbrite.com
O15 - ESC Trusted Zone: https://www.adobe.com/
O15 - ESC Trusted Zone: https://marketingplatform.google.com/about/enterprise/
O15 - ESC Trusted Zone: https://filezilla.fr/
O15 - ESC Trusted Zone: https://www.google.be/?gws_rd=ssl
O15 - ESC Trusted Zone: http://*.hebits.net
O15 - ESC Trusted Zone: http://*.sourceforge.net
O15 - ESC Trusted Zone: https://www.toolbox.com/tech/
O15 - ESC Trusted Zone: https://www.torrentleech.org/
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A2BDFF3-C114-4C4E-B7B0-7426644239A8}: NameServer = 10.48.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{B369A5E6-0434-40EC-A893-112441400F95}: NameServer = 213.186.33.99
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Openssh SSHD (copSSHD) - Unknown owner - C:\Program Files\copSSH\bin\cygrunsrv.exe
O23 - Service: DrWebCom - Doctor Web Ltd. - C:\Program Files\SWSoft\Plesk\DrWeb\drwebcom.exe
O23 - Service: KasperskyTM Anti-Virus (kavsvc) - SWsoft, Inc - C:\Program Files\SWSoft\Plesk\kav\kavsvc.exe
O23 - Service: MailEnable List Connector (MELCS) - MailEnable Pty Ltd - C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MELSC.EXE
O23 - Service: MailEnable Mail Transfer Agent (MEMTAS) - MailEnable Pty Ltd - C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MEMTA.EXE
O23 - Service: MailEnable Postoffice Connector (MEPOCS) - MailEnable Pty Ltd - C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MEPOC.EXE
O23 - Service: MailEnable POP Service (MEPOPS) - MailEnable Pty Ltd - C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MEPOPS.EXE
O23 - Service: MailEnable SMTP Connector (MESMTPCS) - MailEnable Pty Ltd - C:\Program Files\SWSoft\Plesk\Mail Servers\Mail Enable\Bin\MESMTPC.EXE
O23 - Service: MicroSoft Netstart Logon System (MSnls) - Unknown owner - c:\WINDOWS\system32\CatRoot2\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}\svchost.exe
O23 - Service: MySQL Server (MySQL) - Unknown owner - C:\Program Files\SWSoft\Plesk\Databases\MySQL\bin\mysqld-nt.exe
O23 - Service: Plesk Name Server (named) - Unknown owner - C:\Program Files\SWSoft\Plesk\dns\bin\named.exe
O23 - Service: Plesk Control Panel Service (PleskControlPanel) - SWsoft, Inc - C:\Program Files\SWSoft\Plesk\admin\bin\PleskControlPanel.exe
O23 - Service: Plesk Management Service (plesksrv) - SWsoft, Inc - C:\Program Files\SWSoft\Plesk\admin\bin\plesksrv.exe
O23 - Service: Plesk PopPass Service (PopPassD) - SWsoft, Inc - C:\Program Files\SWSoft\Plesk\admin\bin\PopPassD.exe
O23 - Service: Remote Controller (RpcCtr) - Unknown owner - C:\WINDOWS\system32\script.dll
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\config\rad.exe
O23 - Service: SiteBuilder for Windows Hosting Service (SBPreviewHost) - SWSoft Inc. - C:\Program Files\SWSoft\Plesk\SiteBuilder\HostingService\Bin\HostingService.exe
O23 - Service: SiteBuilder for Windows Updater Service (SBUpdater) - SWSoft Inc. - C:\Program Files\SWSoft\Plesk\SiteBuilder\HostingService\Bin\HostingService.exe
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Plesk SSL Wrapper Service (stunnel) - Unknown owner - C:\Program Files\SWSoft\Plesk\admin\bin\stunnel.exe
O23 - Service: MS System Monitor (sysmon) - Unknown owner - C:\WINDOWS\system32\inetsrv\svchost.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\SWSoft\Plesk\Additional\Tomcat\bin\tomcat5.exe
A voir également:
- Hijackthis log
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Vpn no log - Guide
- View rescue log traduction - Guide
- Log freebox - Forum Freebox
- Log crash windows - Guide
