Pb avec un serveur Trend Micro
SAB_110805
Messages postés
1
Statut
Membre
-
Meds -
Meds -
Salut.
Est-ce que qq'un peut m'aider?
J'ai un serveur sur lequel est installé le serveur OfficeScan. On n'a eu le virus tazebama sur le lan et la quarantaine se trouvant sur le serveur a tellement grandi que le c: a été saturé et le serveur est devenu très lent. On a commencé par vider la quarantaire de TM mais le serveur est tjr très lent.
J'ai l'ai scanné avec "Virus Removal Tool" de "Kasperssky" ça n'a rien donné.
On a remarqué la présence du pr "cgilog.exe" pls fois. Ce pr revient chq fois qu'on l'arrête. Quand on a déconnecté le serveur du lan il n'est resté qu'1 seul pr "cgilog" de TM.
ci-joint le rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:41, on 22/06/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\Documents and Settings\soniaa.STAR\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\apache.exe
C:\Program Files\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe
C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\UnivAgent.exe
C:\Program Files\Emulex\Util\Common\rmserver.exe
C:\Program Files\Emulex\Util\Common\HbaHsMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fujitsu Siemens\StorMan\bin\storman.exe
C:\Program Files\Fujitsu Siemens\StorMan\bin\storman.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Chloride Power\MopUPS\ups.exe
C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SQLSERVERVIEW\Binn\sqlservr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\OCS Inventory Agent\ocsservice.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe
C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\apache.exe
C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SQLSERVERVIEW\Binn\sqlagent.EXE
C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\srvctrl.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend\Common\TMI\cm.exe
C:\Program Files\Fujitsu Siemens\RAID\amService.exe
C:\Program Files\Fujitsu Siemens\ServerView\ServerView Services\scripts\ServerView\SnmpTrap\AlarmService.exe
C:\Program Files\Trend\Common\TMI\mrf.exe
C:\Program Files\Trend\Common\TMI\LWDMServer.exe
C:\Program Files\Fujitsu Siemens\ServerView Agents\OnlineDiagnostic\TestManager\TestHandler.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe
C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\scripts\ServerView\common\SVDBServer.exe
C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\scripts\ServerView\SnmpTrap\snmptraplisten.exe
C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\scripts\ServerView\SnmpTrap\SVFwdServer.exe
C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\scripts\ServerView\SnmpArchive\SVArchiveServer.exe
C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\scripts\ServerView\common\SVBmcService.exe
C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\scripts\ServerView\common\svserverlistservice.exe
C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\scripts\ServerView\SnmpExport\ExportServer.exe
C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\scripts\ServerView\SnmpInventory\SVInventoryServer.exe
C:\WINDOWS\TEMP\HZ536D.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Documents and Settings\soniaa.STAR\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: is-KH1LG.lnk = D:\Virus Removal Tool\is-KH1LG\startup.exe
O4 - Global Startup: Monitor Apache Servers.lnk = Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\soniaa.star\windows\system32\mswsock.dll' missing
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: [http://]*.windowsupdate.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: [http://]*.windowsupdate.com (HKLM)
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://ipserverTM:n°port/officescan/console/html/root/AtxEnc.cab
O16 - DPF: {4F3DCE50-E8E7-40AC-AB8D-99F87F1F89BD} (Console d'administration Trend Micro OfficeScan) - https://ipserverTM:n°port/officescan/console/html/root/AtxConsole.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8990AFAD-D352-42AC-A72F-A660BBF6E209} (Console d'administration OfficeScan) - https://nomserverTM:n°port/officescan/console/html/AtxConsole.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://ip/TSWEB/msrdp.cab
O16 - DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} (PieChart Class) - https://ipserverTM:n°port/officescan/console/html/root/AtxPie.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = STAR.NET
O17 - HKLM\Software\..\Telephony: DomainName = STAR.NET
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7E7F0EE-5072-49F9-84F2-5E8E4DD57EFB}: NameServer = DC1,DC2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = STAR.NET
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = STAR.NET
O23 - Service: ServerView Raid (amService) - Fujitsu Siemens Computers GmbH - C:\Program Files\Fujitsu Siemens\RAID\amService.exe
O23 - Service: Apache2 - Apache Software Foundation - c:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\apache.exe
O23 - Service: Service de découverte BrightStor de CA (CASDiscoverySvc) - CA - C:\Program Files\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe
O23 - Service: Agent universel de CA BrightStor (CASUniversalAgent) - CA - C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\UnivAgent.exe
O23 - Service: Emulex HBA Discovery - Emulex Corporation - C:\Program Files\Emulex\Util\Common\HbaDiscSrvr.exe
O23 - Service: Emulex HBA Management - Emulex Corporation - C:\Program Files\Emulex\Util\Common\rmserver.exe
O23 - Service: Emulex SvcMgr - Emulex Corporation - C:\Program Files\Emulex\Util\Common\HbaHsMgr.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\OCS Inventory NG\xampp\filezillaftp\filezillaserver.exe (file missing)
O23 - Service: FSC Download Service - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens\ServerView\ServerView Services\scripts\ServerView\Download\DownloadServerSVC.exe
O23 - Service: FSC ServerView Services - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens\ServerView\ServerView Services\scripts\ServerView\SnmpTrap\AlarmService.exe
O23 - Service: FSC StorMan Service (FSC_StorMan_Service) - Fujitsu Siemen Computers - C:\Program Files\Fujitsu Siemens\StorMan\bin\storman.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lotus Domino Server (lotusdominodata) - Unknown owner - c:\program files\lotus\domino\nservice.exe
O23 - Service: MopUPS - Chloride Power - C:\Program Files\Chloride Power\MopUPS\ups.exe
O23 - Service: mr2kserv - LSI Logic Corporation - C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe
O23 - Service: mysql - Unknown owner - C:\Program.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - PJ Naughter - C:\Program Files\OCS Inventory Agent\ocsservice.exe
O23 - Service: OfficeScan Master Service (ofcservice) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
O23 - Service: OfficeScan Control Manager Agent (OfficeScanCMAgent) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\CMAgent\OfcCMAgent.exe
O23 - Service: OfflineFlash - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe
O23 - Service: ServerView Remote Connector (RemoteConnector) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe
O23 - Service: SpySer - Unknown owner - C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe
O23 - Service: Server Control Service (SrvCtrl) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens\ServerView Agents\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScanNT Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Trend Micro Management Infrastructure (TrendMicro Infrastructure) - Trend Micro Inc. - C:\Program Files\Trend\Common\TMI\cm.exe
Est-ce que qq'un peut m'aider?
J'ai un serveur sur lequel est installé le serveur OfficeScan. On n'a eu le virus tazebama sur le lan et la quarantaine se trouvant sur le serveur a tellement grandi que le c: a été saturé et le serveur est devenu très lent. On a commencé par vider la quarantaire de TM mais le serveur est tjr très lent.
J'ai l'ai scanné avec "Virus Removal Tool" de "Kasperssky" ça n'a rien donné.
On a remarqué la présence du pr "cgilog.exe" pls fois. Ce pr revient chq fois qu'on l'arrête. Quand on a déconnecté le serveur du lan il n'est resté qu'1 seul pr "cgilog" de TM.
ci-joint le rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:41, on 22/06/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\Documents and Settings\soniaa.STAR\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\apache.exe
C:\Program Files\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe
C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\UnivAgent.exe
C:\Program Files\Emulex\Util\Common\rmserver.exe
C:\Program Files\Emulex\Util\Common\HbaHsMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fujitsu Siemens\StorMan\bin\storman.exe
C:\Program Files\Fujitsu Siemens\StorMan\bin\storman.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Chloride Power\MopUPS\ups.exe
C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SQLSERVERVIEW\Binn\sqlservr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\OCS Inventory Agent\ocsservice.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe
C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\apache.exe
C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SQLSERVERVIEW\Binn\sqlagent.EXE
C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\srvctrl.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend\Common\TMI\cm.exe
C:\Program Files\Fujitsu Siemens\RAID\amService.exe
C:\Program Files\Fujitsu Siemens\ServerView\ServerView Services\scripts\ServerView\SnmpTrap\AlarmService.exe
C:\Program Files\Trend\Common\TMI\mrf.exe
C:\Program Files\Trend\Common\TMI\LWDMServer.exe
C:\Program Files\Fujitsu Siemens\ServerView Agents\OnlineDiagnostic\TestManager\TestHandler.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe
C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\scripts\ServerView\common\SVDBServer.exe
C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\scripts\ServerView\SnmpTrap\snmptraplisten.exe
C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\scripts\ServerView\SnmpTrap\SVFwdServer.exe
C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\scripts\ServerView\SnmpArchive\SVArchiveServer.exe
C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\scripts\ServerView\common\SVBmcService.exe
C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\scripts\ServerView\common\svserverlistservice.exe
C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\scripts\ServerView\SnmpExport\ExportServer.exe
C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\scripts\ServerView\SnmpInventory\SVInventoryServer.exe
C:\WINDOWS\TEMP\HZ536D.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web\CGI\cgiLog.exe
C:\Documents and Settings\soniaa.STAR\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: is-KH1LG.lnk = D:\Virus Removal Tool\is-KH1LG\startup.exe
O4 - Global Startup: Monitor Apache Servers.lnk = Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\soniaa.star\windows\system32\mswsock.dll' missing
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: [http://]*.windowsupdate.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: [http://]*.windowsupdate.com (HKLM)
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://ipserverTM:n°port/officescan/console/html/root/AtxEnc.cab
O16 - DPF: {4F3DCE50-E8E7-40AC-AB8D-99F87F1F89BD} (Console d'administration Trend Micro OfficeScan) - https://ipserverTM:n°port/officescan/console/html/root/AtxConsole.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8990AFAD-D352-42AC-A72F-A660BBF6E209} (Console d'administration OfficeScan) - https://nomserverTM:n°port/officescan/console/html/AtxConsole.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://ip/TSWEB/msrdp.cab
O16 - DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} (PieChart Class) - https://ipserverTM:n°port/officescan/console/html/root/AtxPie.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = STAR.NET
O17 - HKLM\Software\..\Telephony: DomainName = STAR.NET
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7E7F0EE-5072-49F9-84F2-5E8E4DD57EFB}: NameServer = DC1,DC2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = STAR.NET
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = STAR.NET
O23 - Service: ServerView Raid (amService) - Fujitsu Siemens Computers GmbH - C:\Program Files\Fujitsu Siemens\RAID\amService.exe
O23 - Service: Apache2 - Apache Software Foundation - c:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\apache.exe
O23 - Service: Service de découverte BrightStor de CA (CASDiscoverySvc) - CA - C:\Program Files\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe
O23 - Service: Agent universel de CA BrightStor (CASUniversalAgent) - CA - C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\UnivAgent.exe
O23 - Service: Emulex HBA Discovery - Emulex Corporation - C:\Program Files\Emulex\Util\Common\HbaDiscSrvr.exe
O23 - Service: Emulex HBA Management - Emulex Corporation - C:\Program Files\Emulex\Util\Common\rmserver.exe
O23 - Service: Emulex SvcMgr - Emulex Corporation - C:\Program Files\Emulex\Util\Common\HbaHsMgr.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\OCS Inventory NG\xampp\filezillaftp\filezillaserver.exe (file missing)
O23 - Service: FSC Download Service - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens\ServerView\ServerView Services\scripts\ServerView\Download\DownloadServerSVC.exe
O23 - Service: FSC ServerView Services - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens\ServerView\ServerView Services\scripts\ServerView\SnmpTrap\AlarmService.exe
O23 - Service: FSC StorMan Service (FSC_StorMan_Service) - Fujitsu Siemen Computers - C:\Program Files\Fujitsu Siemens\StorMan\bin\storman.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lotus Domino Server (lotusdominodata) - Unknown owner - c:\program files\lotus\domino\nservice.exe
O23 - Service: MopUPS - Chloride Power - C:\Program Files\Chloride Power\MopUPS\ups.exe
O23 - Service: mr2kserv - LSI Logic Corporation - C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe
O23 - Service: mysql - Unknown owner - C:\Program.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - PJ Naughter - C:\Program Files\OCS Inventory Agent\ocsservice.exe
O23 - Service: OfficeScan Master Service (ofcservice) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
O23 - Service: OfficeScan Control Manager Agent (OfficeScanCMAgent) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\CMAgent\OfcCMAgent.exe
O23 - Service: OfflineFlash - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe
O23 - Service: ServerView Remote Connector (RemoteConnector) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe
O23 - Service: SpySer - Unknown owner - C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe
O23 - Service: Server Control Service (SrvCtrl) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens\ServerView Agents\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScanNT Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Trend Micro Management Infrastructure (TrendMicro Infrastructure) - Trend Micro Inc. - C:\Program Files\Trend\Common\TMI\cm.exe
A voir également:
- Pb avec un serveur Trend Micro
- Changer serveur dns - Guide
- Micro torrent - Télécharger - Téléchargement & Transfert
- Serveur dns gratuit - Guide
- Serveur entrant et sortant - Guide
- Micro whatsapp - Accueil - WhatsApp
