Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

EXE dans repertoire temp - serveur 2000

Dernière réponse le 16 jun 2008 à 14:42:12 lancevo7, le 12 jun 2008 à 14:19:42

Signaler ce message aux modérateurs

Bonjour,

dans le repertoire temp j'ai un exe qui se lance au demarrage, F8 au demarrage, je suprime, ca marche, mais ca revient

voila le rapport hijack

merci d'avance :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:14:12, on 12/06/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe
C:\Program Files\CA\BrightStor ARCserve Backup\DBENG.exe
C:\Program Files\Fichiers communs\CA\BrightStor\CADS\casdscsvc.exe
C:\Program Files\CA\BrightStor ARCserve Backup\jobeng.exe
C:\Program Files\CA\BrightStor ARCserve Backup\msgeng.exe
C:\Program Files\CA\BrightStor ARCserve Backup\casmrtbk.exe
C:\Program Files\CA\BrightStor ARCserve Backup\caserved.exe
C:\Program Files\CA\BrightStor ARCserve Backup\tapeeng.exe
C:\Program Files\CA\BrightStor ARCserve Backup\cadiscovd.exe
C:\Program Files\CA\BrightStor ARCserve Backup\Catirpc.exe
C:\Program Files\CA\BrightStor ARCserve Backup\Mediasvr.exe
C:\WINNT\system32\CpqRcmc.exe
C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
C:\Program Files\CA\BrightStor ARCserve Backup\caloggerd.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\CA\iGateway\iGateway.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\oracle\ora81\BIN\TNSLSNR.exe
C:\Program Files\CA\BrightStor ARCserve Backup\caauthd.exe
C:\Program Files\CA\BrightStor ARCserve Backup\LDBServer.exe
C:\Program Files\CA\BrightStor ARCserve Backup\LQServer.exe
c:\oracle\ora81\bin\ORACLE.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\compaq\survey\Surveyor.EXE
C:\hp\hpsmh\bin\smhstart.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\WINNT\system32\CPQNiMgt\cpqnimgt.exe
C:\WINNT\system32\CPQMgmt\CqMgServ\cqmgserv.exe
C:\WINNT\system32\CPQMgmt\CqMgStor\cqmgstor.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\system32\sysdown.exe
C:\WINNT\system32\CPQMgmt\CqMgHost\cqmghost.exe
C:\WINNT\system32\CPQMgmt\cpqwmgmt.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryAgent.exe
C:\WINNT\system32\locator.exe
C:\Program Files\CA\BrightStor ARCserve Backup\asalert.exe
C:\WINNT\System32\svchost.exe
C:\oracle\ora81\BIN\TNSLSNR.exe
c:\oracle\ora81\bin\ORACLE.EXE
c:\oracle\ora81\bin\ORACLE.EXE
c:\oracle\ora81\bin\ORACLE.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\cpqteam.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINNT\system32\svchs.exe
C:\WINNT\system32\Atiptaxx.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\system32\cleanmgr.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\rdpclip.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\cpqteam.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINNT\system32\svchs.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.250:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [CPQTEAM] cpqteam.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Office Monitor Word Exel R] C:\WINNT\system32\svchs.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Program Files\Cobian Backup 8\cbInterface.exe" -service
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Office Monitor Word Exel R] C:\WINNT\system32\svchs.exe
O4 - HKUS\S-1-5-21-1214440339-1801674531-725345543-1548\..\Run: [internat.exe] internat.exe (User 'VES')
O4 - HKUS\S-1-5-21-1214440339-1801674531-725345543-1548\..\Run: [Office Monitor Word Exel R] C:\WINNT\system32\svchs.exe (User 'VES')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CSP.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{4565B0AD-DFB2-4C99-BCC7-D6D68F879667}: NameServer = 192.168.1.2,192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CSP.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{4565B0AD-DFB2-4C99-BCC7-D6D68F879667}: NameServer = 192.168.1.2,192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CSP.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{4565B0AD-DFB2-4C99-BCC7-D6D68F879667}: NameServer = 192.168.1.2,192.168.1.1
O18 - Protocol: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\Cpqacuxe\Bin\hpapp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: BlackBerry Attachment Service (BBAttachServer) - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe
O23 - Service: BlackBerry Controller - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryController.exe
O23 - Service: BlackBerry Dispatcher - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryDispatcher.exe
O23 - Service: BlackBerry MDS Connection Service - Research In Motion - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\bin\bmds.exe
O23 - Service: BlackBerry Policy Service - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\ITAdminServer.exe
O23 - Service: BlackBerry Router - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BypassRouter\BlackberryRouter.exe
O23 - Service: BlackBerry Alert (BlackBerry Server Alert) - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BESAlert.exe
O23 - Service: BlackBerry Synchronization Service (BlackBerry SyncServer) - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\SyncServer\BlackBerrySyncServer.exe
O23 - Service: Moteur de bases de données BrightStor AB (CASDBEngine) - Computer Associates - C:\Program Files\CA\BrightStor ARCserve Backup\DBENG.exe
O23 - Service: BrightStor Discovery Service (CASDiscoverySvc) - Computer Associates - C:\Program Files\Fichiers communs\CA\BrightStor\CADS\casdscsvc.exe
O23 - Service: Moteur de jobs BrightStor AB (CASJobEngine) - Computer Associates - C:\Program Files\CA\BrightStor ARCserve Backup\jobeng.exe
O23 - Service: Moteur de messages BrightStor AB (CASMsgEngine) - Computer Associates - C:\Program Files\CA\BrightStor ARCserve Backup\msgeng.exe
O23 - Service: Contrôleur de service BrightStor AB (CASSvcControlSvr) - Computer Associates - C:\Program Files\CA\BrightStor ARCserve Backup\caserved.exe
O23 - Service: Moteur de bandes BrightStor AB (CASTapeEngine) - Computer Associates - C:\Program Files\CA\BrightStor ARCserve Backup\tapeeng.exe
O23 - Service: Serveur de domaine BrightStor AB (CASUnivDomainSvr) - Computer Associates - C:\Program Files\CA\BrightStor ARCserve Backup\cadiscovd.exe
O23 - Service: Serveur d'appel de procédure distante CA (CATIRPC) - Computer Associates - C:\Program Files\CA\BrightStor ARCserve Backup\Catirpc.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
O23 - Service: HP Insight NIC Agent (CpqNicMgmt) - Hewlett-Packard Company - C:\WINNT\system32\CPQNiMgt\cpqnimgt.exe
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Hewlett-Packard Company - C:\WINNT\system32\CpqRcmc.exe
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
O23 - Service: HP Insight Web Agent (CpqWebMgmt) - HP Corporation - C:\WINNT\system32\CPQMgmt\cpqwmgmt.exe
O23 - Service: HP Insight Foundation Agent (CqMgHost) - Hewlett-Packard Company - C:\WINNT\system32\CPQMgmt\CqMgHost\cqmghost.exe
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINNT\system32\CPQMgmt\CqMgServ\cqmgserv.exe
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINNT\system32\CPQMgmt\CqMgStor\cqmgstor.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iGateway - Unknown owner - C:\Program Files\CA\iGateway\iGateway.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Visto Mobile Enterprise Server (mesntservice) - Visto Corporation - C:\Program Files\Visto\VES\MESNTService.exe
O23 - Service: OracleOraHome81Agent - Oracle Corporation - C:\oracle\ora81\bin\dbsnmp.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81DataGatherer - Oracle Corporation - C:\oracle\ora81\bin\vppdc.exe
O23 - Service: OracleOraHome81HTTPServer - Unknown owner - C:\oracle\ora81\Apache\Apache\Apache.exe
O23 - Service: OracleOraHome81PagingServer - Unknown owner - C:\oracle\ora81/bin/pagntsrv.exe
O23 - Service: OracleOraHome81TNSListener - Unknown owner - C:\oracle\ora81\BIN\TNSLSNR.exe
O23 - Service: OracleOraHome81TNSListenerarpelstr - Unknown owner - C:\oracle\ora81\BIN\TNSLSNR.exe
O23 - Service: OracleServiceARPE - Oracle Corporation - c:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: OracleServiceAXPE - Oracle Corporation - c:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: OracleServiceAXPS - Oracle Corporation - c:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: OracleServiceSERCL - Oracle Corporation - c:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: Créateur de rapports d'état Sophos Anti-Virus (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: Surveyor - Hewlett-Packard Development Group, L.P. - C:\compaq\survey\Surveyor.EXE
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINNT\system32\sysdown.exe
O23 - Service: HP System Management Homepage (SysMgmtHp) - Hewlett-Packard Company - C:\hp\hpsmh\bin\smhstart.exe
O23 - Service: Visto Desktop Assistant (VDACSvc) - Visto Corporation, Inc. - C:\Program Files\Visto\VES\vdac.exe
End of file - 14433 bytes

Meilleures réponses pour « EXE dans repertoire temp serveur 2000 » dans :

Télécharger Advanced SQL Server 2000 HTML Docs Gen Voir

Problème installation SQL Server 2000 (Résolu) Voir

Migration serveur 2000 vers 2003 Voir

Comment avoir "msconfig" sous Windows 2000 Voir

Compatibilité SQL server 2000 & win 2003 serv Voir

Vider le repertoire temp de windows XP Voir

Etapes d' installation server 2000 Voir

Télécharger SQL Server Backup Voir

Télécharger Drive Backup Server Edition 8.5 Voir

Active Directory VoirPrésentation de Active Directory Active Directory est le nom du service d'annuaire de Microsoft apparu dans le système d'exploitation Microsoft Windows Server 2000. Le service d'annuaire Active Directory est basé sur les standards TCP/IP : DNS,...

Posez votre question Répondre

lancevo7, le 16 jun 2008 à 14:42:12

Répondre à lancevo7

Posez votre question Répondre