Problème Windows 2003 serveur reboot chaque x heures...

La section des versions NT, 2000, et XP de windows : informations, problèmes, questions, avis ou dépannages y trouveront leur place.

Modérateur: Modérateurs

Messagepar pyofan » 24 Juil 2007 07:48

Merci Achille1er,

Je vais ptet essayer avec un autre antivirus dès ce soir...

Merci pour les conseils.
pyofan
Libellulien
Libellulien
 
Messages: 51
Inscription: 09 Déc 2005 15:17

Messagepar Achille1er » 24 Juil 2007 07:54

Pas de quoi, pas de relation entre les plantages et les backups par hasard ?
J'ai vu qu'il y avait un programme dédié.
Avatar de l’utilisateur
Achille1er
Super Libellulien
Super Libellulien
 
Messages: 2533
Inscription: 30 Mai 2005 07:46
Localisation: Zotrland

Messagepar pyofan » 24 Juil 2007 08:00

normalement pas dans le sens où j'ai pas changé de logiciel depuis longtemps.... par contre j'ai eu une attaque virale et ai dù passé à mcaffee 8.5 il y a 1 mois et depuis lors (apparemment), j'ai ce genre de soucis....

ce qui est inquiétant c'est que parfois j'ai 2 reboots intempestifs pendant 1 journée et aucune les 2 jours suivants....

:shock:
pyofan
Libellulien
Libellulien
 
Messages: 51
Inscription: 09 Déc 2005 15:17

Messagepar Falkra » 24 Juil 2007 08:27

Ce log est curieux sur certains points, je pars vérifier 2-3 trucs d'abord.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Messagepar Falkra » 24 Juil 2007 09:20

Dans ton dossier windows, tu dois avoir un fichier nommé 525181M.BMP

J'aimerais que tu l'envoies ici http://www.virustotal.com/

Tu fais parcourir, tu vas le chercher et tu fais "Send File", il sera analysé par une vingtaine et plus d'antivirus, et chacun donnera ses résultats. La page rafraîchit toute seule les résultats au fur et à mesure.

Une fois terminé (ce sera indiqué), copie colle le tableau final de résultats ici, ou fais une copie d'écran.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Messagepar pyofan » 24 Juil 2007 09:29

je viens de le chercher mais sans résultat...

mon option des fichiers et dossiers cachés et activée...

merci pour ton aide...
pyofan
Libellulien
Libellulien
 
Messages: 51
Inscription: 09 Déc 2005 15:17

Messagepar Falkra » 24 Juil 2007 09:32

Essaie une recherche de fichiers, mais il y a des chances si c'est un rootkit qu'il ne soit pas "visible" par windows.

Envoie le fichier linkinfo.dll que tu as trouvé à sa place (si tu en as trois, celui dans c:\windows tout court), même procédure, et le rapport de résultats.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Messagepar Falkra » 24 Juil 2007 10:17

Ta version de hijackthis est une beta, j'aimerais un log avec celle-ci :
http://www.merijn.org/files/hijackthis.zip
pour éviter tout risque de bug ou erreur d'analyse.

Sinon :
Pour afficher les dossiers et fichiers cachés du système:

Panneau de configuration/Options des dossiers/onglet Affichage/cocher Afficher les fichiers et dossiers cachés, décocher Masquer les extensions de fichiers connus, décocher Masquer les fichiers protégés du Système.

(si pas déjà fait, pour les deux)
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Messagepar pyofan » 24 Juil 2007 11:47

alors j'ai refait un hijackthis avec ta version et ça donne ça:

-----------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:45:34, on 24.07.2007
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe
C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\UnivAgent.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINDOWS\system32\cpqrcmc.exe
C:\Compaq\VCRepository\cpqsrhmo.exe
C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\DBASVR.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
C:\CA_LIC\LogWatNT.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\CA\BrightStor Backup Agent for Open Files\Ofant.exe
C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\dbasqlr.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\hp\hpsmh\bin\smhstart.exe
C:\WINDOWS\System32\CPQNiMgt\CPQNIMGT.EXE
C:\WINDOWS\system32\cpqmgmt\CqMgServ\CqMgServ.EXE
C:\WINDOWS\system32\cpqmgmt\cqmgstor\cqmgstor.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\WINDOWS\system32\Dfsr.exe
C:\WINDOWS\system32\sysdown.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cpqmgmt\CqMgHost\CQMGHOST.EXE
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\PROGRA~1\Compaq\COMPAQ~2\CHKADMIN.EXE
C:\WINDOWS\system32\Atiptaxx.exe
C:\WINDOWS\system32\cpqteam.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mmc.exe
E:\PRIVE\exrop\HiJackThis_v2.exe
C:\DOCUME~1\ADMINI~2\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~2\CHKADMIN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [lcfep] "C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe" -x
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [CPQTEAM] cpqteam.exe
O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2531032765
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_02) - https://localhost:50000/ui/classes/j2re ... -win-i.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ch.symrise.cns
O17 - HKLM\Software\..\Telephony: DomainName = ch.symrise.cns
O17 - HKLM\System\CCS\Services\Tcpip\..\{D02ACB09-8D88-40BA-9B17-53CD5B28F3E0}: Domain = ch.symrise.cns
O17 - HKLM\System\CCS\Services\Tcpip\..\{D02ACB09-8D88-40BA-9B17-53CD5B28F3E0}: NameServer = 10.105.30.118,10.11.5.103
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ch.symrise.cns
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ch.symrise.cns,symrise.cns
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ch.symrise.cns,symrise.cns
O18 - Protocol: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\hpadu\bin\hpapp.dll
O20 - AppInit_DLLs: 525181M.BMP
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - Service: CA BrightStor Discovery Service (CASDiscoverySvc) - CA - C:\Program Files\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe
O23 - Service: CA BrightStor Universal Agent (CASUniversalAgent) - CA - C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\UnivAgent.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\CA_LIC\\lic98rmt.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: HP Insight NIC Agents (CPQNicMgmt) - Hewlett-Packard Company - C:\WINDOWS\System32\CPQNiMgt\CPQNIMGT.EXE
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Hewlett-Packard Company - C:\WINDOWS\system32\cpqrcmc.exe
O23 - Service: Compaq Version Control Repository Manager (cpqsrhmo) - Compaq Computer Corporation - C:\Compaq\VCRepository\cpqsrhmo.exe
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
O23 - Service: HP Insight Foundation Agents (CqMgHost) - Hewlett-Packard Company - C:\WINDOWS\system32\cpqmgmt\CqMgHost\CQMGHOST.EXE
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINDOWS\system32\cpqmgmt\CqMgServ\CqMgServ.EXE
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINDOWS\system32\cpqmgmt\cqmgstor\cqmgstor.exe
O23 - Service: CA BrightStor Backup Agent RPC Server (DbaRpcService) - CA - C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\DBASVR.exe
O23 - Service: McAfee Host Intrusion Prevention-Dienst (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: Compaq Insight Manager 7 (InsightXE) - Unknown owner - C:\WINDOWS\system32\InsightXESvc.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\CA_LIC\LogWatNT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: CA Backup Agent for Open Files (OpenFileAgent) - CA - C:\Program Files\CA\BrightStor Backup Agent for Open Files\Ofant.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: CA BrightStor Backup Agent Remote Service (RemoteDbagent) - CA - C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\dbasqlr.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINDOWS\system32\sysdown.exe
O23 - Service: HP System Management Homepage (SysMgmtHp) - Hewlett-Packard Company - C:\hp\hpsmh\bin\smhstart.exe


----------------------------------------------------------------------------------


j'ai aussi ici le résultat du site virustotal.com :

File linkinfo.dll received on 07.24.2007 12:42:07 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2007.7.24.0 2007.07.24 no virus found
AntiVir 7.4.0.44 2007.07.24 no virus found
Authentium 4.93.8 2007.07.23 no virus found
Avast 4.7.997.0 2007.07.24 no virus found
AVG 7.5.0.476 2007.07.23 no virus found
BitDefender 7.2 2007.07.24 no virus found
CAT-QuickHeal 9.00 2007.07.23 no virus found
ClamAV devel-20070416 2007.07.24 no virus found
DrWeb 4.33 2007.07.24 no virus found
eSafe 7.0.15.0 2007.07.23 no virus found
eTrust-Vet 31.1.5003 2007.07.24 no virus found
Ewido 4.0 2007.07.24 no virus found
FileAdvisor 1 2007.07.24 no virus found
Fortinet 2.91.0.0 2007.07.24 no virus found
F-Prot 4.3.2.48 2007.07.23 no virus found
F-Secure 6.70.13030.0 2007.07.24 no virus found
Ikarus T3.1.1.8 2007.07.24 no virus found
Kaspersky 4.0.2.24 2007.07.24 no virus found
McAfee 5080 2007.07.23 no virus found
Microsoft 1.2704 2007.07.24 no virus found
NOD32v2 2416 2007.07.24 no virus found
Norman 5.80.02 2007.07.24 no virus found
Panda 9.0.0.4 2007.07.23 no virus found
Sophos 4.19.0 2007.07.17 no virus found
Sunbelt 2.2.907.0 2007.07.24 no virus found
Symantec 10 2007.07.24 no virus found
TheHacker 6.1.7.152 2007.07.23 no virus found
VBA32 3.12.2.1 2007.07.23 no virus found
VirusBuster 4.3.26:9 2007.07.23 no virus found
Webwasher-Gateway 6.0.1 2007.07.24 no virus found
Additional information
File size: 19968 bytes
MD5: 3de20625f32bdc81e73c430e07f1ceb0
SHA1: 3eddaabb8db2e1d2e88aa6bb4fc53590d05f2777


pas de virus trouvé dans le linkinfo.dll




Merci pour votre aide
pyofan
Libellulien
Libellulien
 
Messages: 51
Inscription: 09 Déc 2005 15:17

Messagepar Achille1er » 24 Juil 2007 12:49

C'est ça: "O20 - AppInit_DLLs: 525181M.BMP" qui inquiète Falkra (à juste titre) charger une dll avec une extension bmp, c'est pas très catho :wink:
Avatar de l’utilisateur
Achille1er
Super Libellulien
Super Libellulien
 
Messages: 2533
Inscription: 30 Mai 2005 07:46
Localisation: Zotrland

Messagepar Falkra » 24 Juil 2007 13:32

Ca ressemble à une image piégée (+ éventuel rootkit).

On va faire quelques tests détetection :

Télécharge et lance DiagHelp comme montré dans ce tutoriel :
http://www.malekal.com/DiagHelp/DiagHelp.php
Ne lance que l'option 1 et poste le rapport s'il te plait.

Attention: n'oublie pas d'appuyer sur une touche lorsque cela te sera demandé à la fin du rapport Catchme.

@ tout à l'heure
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Messagepar pyofan » 24 Juil 2007 13:55

voici le rapport du DiagHelp:


--------------------------------------------------------------------------------

DiagHelp version v1.1.2 - http://www.malekal.com
excute le 24.07.2007 à 14:49:49.10


Liste des derniers fichies modifies/crees dans windir\system32
C:\WINDOWS\System32/drivers\cqdetect.sys -->20.07.2007 18:43:18
C:\WINDOWS\System32/drivers\arp8023.sys -->04.06.2007 18:55:54
C:\WINDOWS\System32/drivers\update.sys -->28.05.2007 14:17:15
C:\WINDOWS\System32/drivers\CPQCISSE.sys -->23.03.2007 12:23:10
C:\WINDOWS\System32/drivers\cpqcidrv.sys -->09.03.2007 13:16:52
C:\WINDOWS\System32/drivers\cpqteam.sys -->07.03.2007 03:31:04
C:\WINDOWS\System32/drivers\cpqcissm.sys -->23.02.2007 22:48:46

C:\WINDOWS\System32\PerfStringBackup.INI -->23.07.2007 20:04:49
C:\WINDOWS\System32\perfh009.dat -->23.07.2007 20:04:49
C:\WINDOWS\System32\perfc009.dat -->23.07.2007 20:04:49
C:\WINDOWS\System32\SysCalls.dat -->23.07.2007 18:59:41
C:\WINDOWS\System32\TZLog.log -->23.07.2007 17:38:39
C:\WINDOWS\System32\wpa.dbl -->22.07.2007 12:02:27
C:\WINDOWS\System32\ATMenuxx.GID -->20.07.2007 19:15:45
C:\WINDOWS\System32\ati64hlp.stb -->20.07.2007 19:15:42
C:\WINDOWS\System32\FNTCACHE.DAT -->20.07.2007 18:33:32
C:\WINDOWS\System32\KevlarSigs.dll -->10.07.2007 23:42:02
C:\WINDOWS\System32\kevlar_api_hook_list.dat -->05.07.2007 15:31:56
C:\WINDOWS\System32\MRT.exe -->28.06.2007 09:57:27
C:\WINDOWS\System32\urlmon.dll -->03.05.2007 18:23:01
C:\WINDOWS\System32\inetcomm.dll -->03.05.2007 18:12:37
C:\WINDOWS\System32\mfc40u.dll -->01.05.2007 12:12:29
C:\WINDOWS\System32\ntdsa.dll -->30.04.2007 08:34:52
C:\WINDOWS\System32\spmsg.dll -->30.04.2007 00:51:26
C:\WINDOWS\System32\schannel.dll -->25.04.2007 23:02:45
C:\WINDOWS\System32\shdocvw.dll -->20.04.2007 19:01:58
C:\WINDOWS\System32\mshtml.dll -->20.04.2007 19:01:58
C:\WINDOWS\System32\kernel32.dll -->18.04.2007 18:25:36
C:\WINDOWS\System32\wups.dll -->16.04.2007 22:47:36
C:\WINDOWS\System32\wuaucpl.cpl.mui -->16.04.2007 22:46:18
C:\WINDOWS\System32\wuapi.dll.mui -->16.04.2007 22:46:00
C:\WINDOWS\System32\wuaueng.dll -->16.04.2007 22:45:54

C:\WINDOWS\hpbafd.ini -->24.07.2007 00:15:55
C:\WINDOWS\WindowsUpdate.log -->23.07.2007 23:21:10
C:\WINDOWS\0.log -->23.07.2007 18:59:39
C:\WINDOWS\bootstat.dat -->23.07.2007 18:59:20
C:\WINDOWS\ntbtlog.txt -->23.07.2007 18:02:55
C:\WINDOWS\PFRO.log -->23.07.2007 18:01:49
C:\WINDOWS\ntdtcsetup.log -->23.07.2007 17:48:42
C:\WINDOWS\KB926122.log -->23.07.2007 17:48:42
C:\WINDOWS\comsetup.log -->23.07.2007 17:48:42
C:\WINDOWS\tsoc.log -->23.07.2007 17:48:41
C:\WINDOWS\sfuocgen.log -->23.07.2007 17:48:41
C:\WINDOWS\pop3oc.log -->23.07.2007 17:48:41
C:\WINDOWS\ocwss.log -->23.07.2007 17:48:41
C:\WINDOWS\ocgen.log -->23.07.2007 17:48:41
C:\WINDOWS\nfsocm.log -->23.07.2007 17:48:41


Volume in drive C has no label.
Volume Serial Number is 3C42-DA36

Directory of C:\WINDOWS\system32

30.11.2005 14:00 4'096 csrss.exe
30.11.2005 14:00 41'984 csvde.exe
2 File(s) 46'080 bytes
0 Dir(s) 41'677'271'040 bytes free

Contenu de Downloaded Program Files
Volume in drive C has no label.
Volume Serial Number is 3C42-DA36

Directory of C:\WINDOWS\Downloaded Program Files

22.06.2007 18:50 <DIR> .
22.06.2007 18:50 <DIR> ..
03.08.2006 14:32 65 desktop.ini
16.04.2007 22:50 293 wuweb.inf
2 File(s) 358 bytes

Total Files Listed:
2 File(s) 358 bytes
2 Dir(s) 41'677'271'040 bytes free

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\\Program Files\\Tivoli\\lcf\\bin\\w32-ix86\\mrt\\lcfd.exe"="C:\\Program Files\\Tivoli\\lcf\\bin\\w32-ix86\\mrt\\lcfd.exe:*:Enabled:lcfd"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]

Rechercher adresses sensibles dans le fichier HOSTS...



catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-24 14:50:57
Windows 5.2.3790 Service Pack 2 NTFS

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (http://www.security.org.sg)

Sorry, this version supports only Win2K/XP

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (http://www.security.org.sg)

Sorry, this version supports only Win2K/XP

Volume in drive C has no label.
Volume Serial Number is 3C42-DA36

Directory of C:\Program Files

20.07.2007 18:50 <DIR> .
20.07.2007 18:50 <DIR> ..
13.11.2006 18:20 <DIR> batch
19.06.2007 15:07 <DIR> CA
20.07.2007 18:22 <DIR> cmak
04.06.2007 19:40 <DIR> Common Files
20.07.2007 18:47 <DIR> COMPAQ
03.08.2006 14:29 <DIR> ComPlus Applications
19.06.2007 14:48 <DIR> ComputerAssociates
20.07.2007 18:50 <DIR> HP
25.08.2006 08:51 <DIR> HP StorageWorks Library and Tape Tools
20.07.2007 18:50 <DIR> HPWBEM
20.07.2007 18:23 <DIR> Internet Explorer
23.08.2006 11:42 <DIR> JavaSoft
04.06.2007 19:40 <DIR> McAfee
20.07.2007 18:17 <DIR> NetMeeting
04.06.2007 19:42 <DIR> Network Associates
03.08.2006 14:31 <DIR> Online Services
20.07.2007 18:17 <DIR> Outlook Express
03.08.2006 16:05 <DIR> Remote Desktop
03.07.2007 13:22 <DIR> Tivoli
05.09.2006 15:44 <DIR> VMware
20.07.2007 18:22 <DIR> Windows Media Player
03.08.2006 14:27 <DIR> Windows NT
0 File(s) 0 bytes
24 Dir(s) 41'677'373'440 bytes free
Volume in drive C has no label.
Volume Serial Number is 3C42-DA36

Directory of C:\Program Files\common files

04.06.2007 19:40 <DIR> .
04.06.2007 19:40 <DIR> ..
03.08.2006 15:22 <DIR> Cisco Systems
03.07.2007 13:21 <DIR> InstallShield
04.06.2007 18:51 <DIR> McAfee
04.06.2007 19:40 <DIR> McAfee Inc
23.08.2006 09:13 <DIR> Microsoft Shared
04.06.2007 18:51 <DIR> Network Associates
03.08.2006 16:08 <DIR> ODBC
03.08.2006 14:31 <DIR> Services
03.08.2006 16:08 <DIR> SpeechEngines
20.07.2007 18:28 <DIR> System
03.07.2007 13:23 <DIR> Tivoli
0 File(s) 0 bytes
13 Dir(s) 41'677'373'440 bytes free
Volume in drive C has no label.
Volume Serial Number is 3C42-DA36

Directory of C:\

24.08.2006 11:49 57'344 Cazipxp.exe
03.06.2003 17:43 2'970'922 DeviceSP.exe
24.07.2007 14:48 68'096 diff.exe
24.07.2007 14:48 103'424 grep.exe
18.02.2007 00:31 94'720 msizap.exe
13.11.2006 18:11 32'768 shutdown.exe
6 File(s) 3'327'274 bytes
0 Dir(s) 41'677'373'440 bytes free
c:\Documents and Settings\administrateur\Desktop\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\administrateur\Desktop\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\administrateur\Desktop\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\administrateur\Desktop\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\administrateur\Desktop\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\administrateur\Desktop\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\administrateur\Desktop\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\administrateur\Desktop\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\administrateur\Desktop\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\administrateur\Desktop\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\administrateur\Desktop\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\administrateur\Desktop\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\administrateur\Desktop\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\administrateur\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
c:\Documents and Settings\administrateur\Local Settings\Temporary Internet Files\Content.IE5\4BQDKDOH\hp_ltt41_win[1].exe
c:\Documents and Settings\administrateur\Local Settings\Temporary Internet Files\Content.IE5\QN47SZEZ\setupeng[1].exe
c:\Documents and Settings\administrateur\Local Settings\Temporary Internet Files\Content.IE5\QN47SZEZ\setupfre[1].exe
c:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Current\ENTERCPT6100\Install\0407\McAfeeHIP_ClientSetup.exe
c:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Current\EPOAGENT3000\Install\0409\FramePkg.exe
c:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Current\PATCH___1100\Install\0000\PatchScanInstaller.exe
c:\Documents and Settings\uivof\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\uivof\Application Data\Microsoft\Installer\{7050644E-67F3-43A4-B9F6-18657468C868}\ARPPRODUCTICON.exe
c:\Documents and Settings\uivof\Application Data\Microsoft\Installer\{7050644E-67F3-43A4-B9F6-18657468C868}\NewShortcut1_2.exe
c:\Documents and Settings\uivof\Application Data\Microsoft\Installer\{7050644E-67F3-43A4-B9F6-18657468C868}\NewShortcut2_2.exe
c:\Documents and Settings\uivof\Bureau\FreeWatch.exe
c:\Documents and Settings\uivof\Bureau\SRip32.exe
c:\Documents and Settings\uivof\Desktop\SRip32.exe
c:\Documents and Settings\uivof\Desktop\TreeSize.exe
c:\Documents and Settings\uivof\My Documents\ethereal-setup-0.99.0.exe
c:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Current\EPOAGENT3000\LangPack\040c\AgentRes.Dll
c:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Current\EPOAGENT3000\LangPack\040c\CMAUIRes.dll
c:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Current\EPOAGENT3000\LangPack\040c\ScrptRes.Dll
c:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Current\EPOAGENT3000\LangPack\040c\UpdRes.Dll

****** Fin du rapport DiagHelp


---------------------------------------------------------------------------------



merci !
pyofan
Libellulien
Libellulien
 
Messages: 51
Inscription: 09 Déc 2005 15:17

Messagepar Falkra » 24 Juil 2007 14:12

Tout n'a pas pu être testé (compatibilité des outils avec win2003 serveur).
On va essayer de pallier ces manques.

Télécharge SREng ("System Repair Engineer" par Smallfrogs) de ce lien:
http://www.kztechs.com/eng/download.html

Extrais tout son contenu sur ton Bureau
Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double clique sur SREng.exe afin de lancer l'outil
Clique sur Smart Scan
Ensuite, clique sur le bouton [Scan]

Lorsque complété, clique sur le bouton [Save Reports]
Sauvegarde le rapport sur ton Bureau
Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse, s'il te plaît.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Messagepar pyofan » 24 Juil 2007 14:19

voilà:

------------------------------------------------------------------------------

Code: Tout sélectionner

2007-07-24,15:17:24

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 "R2" Standard Edition Service Pack 2 (Build 3790) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey>  [(Verified)"McAfee, Inc."]
    <ChkAdmin><C>  [Compaq Computer Corporation]
    <ShStatEXE><"C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE>  [(Verified)"McAfee, Inc."]
    <lcfep><"C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe" -x>  []
    <AtiPTA><Atiptaxx>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <CPQTEAM><cpqteam>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><525181M>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><SystemRoot>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes><SystemRoot>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting><rundll32>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]
    <Internet><SystemRoot>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft><rundll32>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N><C>  [Microsoft Corporation]

==================================
Startup Folders
[McAfee Host Intrusion Prevention Tray]
  <C> C:\PROGRA~1\McAfee\HOSTIN~1\FireTray.exe [McAfee, Inc.]><N>
[Service Manager]
  <C> C:\MSSQL7\Binn\sqlmangr.exe [Microsoft Corporation]><N>

==================================
Services
[CA BrightStor Discovery Service / CASDiscoverySvc][Running/Auto Start]
  <"C:\Program Files\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe"><CA>
[CA BrightStor Universal Agent / CASUniversalAgent][Running/Auto Start]
  <"C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\UnivAgent.exe"><CA>
[CA License Client / CA_LIC_CLNT][Stopped/Manual Start]
  <"C:\CA_LIC\\lic98rmt.exe"><Computer>
[HP Insight Event Notifier / CIMnotify][Stopped/Disabled]
  <C><Hewlett>
[COMPAQ DMI Indication Handler / COMPAQ DMI Indication Handler][Stopped/Disabled]
  <C><Compaq>
[Compaq Local Alerter / CPQALERT][Running/Auto Start]
  <C><Compaq>
[cpqdmi / cpqdmi][Stopped/Disabled]
  <C><Compaq>
[HP Insight NIC Agents / CPQNicMgmt][Running/Auto Start]
  <C><Hewlett>
[HP ProLiant Remote Monitor Service / CpqRcmc][Running/Auto Start]
  <C><Hewlett>
[Compaq Version Control Repository Manager / cpqsrhmo][Running/Auto Start]
  <C><Compaq>
[HP Version Control Agent / cpqvcagent][Running/Auto Start]
  <C><Hewlett>
[Compaq DMI Web Agent / cpqWebDmi][Stopped/Disabled]
  <C><Compaq>
[HP Insight Foundation Agents / CqMgHost][Running/Auto Start]
  <C><Hewlett>
[HP Insight Server Agents / CqMgServ][Running/Auto Start]
  <C><Hewlett>
[HP Insight Storage Agents / CqMgStor][Running/Auto Start]
  <C><Hewlett>
[CA BrightStor Backup Agent RPC Server / DbaRpcService][Running/Auto Start]
  <"C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\DBASVR.exe"><CA>
[McAfee Host Intrusion Prevention-Dienst / enterceptAgent][Running/Auto Start]
  <"C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe"><McAfee>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C>%SystemRoot%\System32\hidserv.dll><N>
[Compaq Insight Manager 7 / InsightXE][Stopped/Manual Start]
  <C><N>
[Tivoli Endpoint / lcfd][Running/Auto Start]
  <"C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe"><N>
[Event Log Watch / LogWatch][Running/Auto Start]
  <C><Computer>
[McAfee Framework Service / McAfeeFramework][Running/Auto Start]
  <"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart><McAfee>
[McAfee McShield / McShield][Running/Auto Start]
  <"C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe"><McAfee>
[McAfee Task Manager / McTaskManager][Running/Auto Start]
  <"C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe"><McAfee>
[MSSQLServer / MSSQLServer][Running/Auto Start]
  <C><Microsoft>
[CA Backup Agent for Open Files / OpenFileAgent][Running/Auto Start]
  <"C:\Program Files\CA\BrightStor Backup Agent for Open Files\Ofant.exe"><CA>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
  <C><HP>
[CA BrightStor Backup Agent Remote Service / RemoteDbagent][Running/Auto Start]
  <"C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\dbasqlr.exe"><CA>
[SQLServerAgent / SQLServerAgent][Stopped/Manual Start]
  <C><Microsoft>
[File Server Storage Reports Manager / SrmReports][Stopped/Manual Start]
  <C><Microsoft>
[HP ProLiant System Shutdown Service / sysdown][Running/Auto Start]
  <C><Compaq>
[HP System Management Homepage / SysMgmtHp][Running/Auto Start]
  <C><Hewlett>
[VMware Authorization Service / VMAuthdService][Stopped/Disabled]
  <"C:\Program Files\VMware\VMware GSX Server\vmware-authd.exe"><N>
[VMware DHCP Service / VMnetDHCP][Stopped/Disabled]
  <C><VMware>
[VMware Registration Service / vmserverdWin32][Stopped/Disabled]
  <C><VMware>
[VMware NAT Service / VMware NAT Service][Stopped/Disabled]
  <C><N>
[Compaq DMI Insight Web Management Agent / WebDmi.exe][Stopped/Disabled]
  <C><N>

==================================
Drivers
[arp8023 / arp8023][Stopped/Manual Start]
  <SystemRoot><N>
[ati2mpad / ati2mpad][Running/Manual Start]
  <system32><ATI>
[caitwn32 / caitwn32][Stopped/System Start]
  <system32><Compaq>
[Compaq Client Management Driver / ClntMgmt][Running/System Start]
  <System32><Compaq>
[cpqasm2 / cpqasm2][Running/Manual Start]
  <system32><Compaq>
[HP iLO Management Channel Interface Driver / CpqCiDrv][Running/Manual Start]
  <system32><Hewlett>
[CPQCISSE / CPQCISSE][Running/Manual Start]
  <system32><Hewlett>
[cpqcissm / cpqcissm][Running/Boot Start]
  <SystemRoot><Hewlett>
[HP Network Configuration Utility / CPQTeam][Stopped/Manual Start]
  <system32><Hewlett>
[EntDrv52 / EntDrv52][Stopped/Manual Start]
  <C><N>
[McAfee HIP-Komponente FireHook / FireHook][Running/System Start]
  <C><McAfee>
[firelm01 / firelm01][Running/Manual Start]
  <C><McAfee>
[McAfee HIP-Komponente FirePM / FirePM][Running/Boot Start]
  <SystemRoot><McAfee>
[McAfee HIP-Komponente FireTDI / FireTDI][Running/System Start]
  <C><McAfee>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32><N>
[Lsi_scsi / Lsi_scsi][Running/Boot Start]
  <SystemRoot><LSI>
[McAfee Inc. / mfeapfk][Running/Manual Start]
  <system32><McAfee>
[McAfee Inc. / mfeavfk][Running/Manual Start]
  <system32><McAfee>
[McAfee Inc. / mfebopk][Running/Manual Start]
  <system32><McAfee>
[McAfee Inc. / mfehidk][Running/Manual Start]
  <system32><McAfee>
[VSCore mferkdk / mferkdk][Running/System Start]
  <C><McAfee>
[McAfee Inc. / mfetdik][Running/System Start]
  <system32><McAfee>
[NVIDIA Compatible Windows Miniport Driver / nvmini][Stopped/Auto Start]
  <system32><N>
[CA Backup Agent for Open Files Driver / OFADriver][Running/Auto Start]
  <SystemRoot><CA>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32><Parallel>
[HP NC7761 Gigabit Server Adapter / q57w2k][Running/Manual Start]
  <system32><Hewlett>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32><Macrovision>
[HP ProLiant Virtual Install Disk Support Driver / startdss][Stopped/Disabled]
  <system32><N>
[symmpi / symmpi][Running/Boot Start]
  <SystemRoot><LSI>
[HP ProLiant System Management Interface Driver / SysMgmt][Running/Manual Start]
  <system32><Compaq>
[VMware Bridge Protocol / VMnet][Running/Auto Start]
  <system32><VMware>
[VMware Virtual Ethernet Adapter Driver / VMnetx][Running/Manual Start]
  <system32><VMware>
[hidsys / hidsys][Running/Manual Start]
  <C><McAfee>

==================================
Browser Add-ons
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C>
[Java Plug-in 1.3.1_02]
  {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} <C>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C>
[Java Plug-in 1.3.1_02]
  {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} <C>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C>

==================================
Running Processes
[PID: 332 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 380 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 412 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 460 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 472 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
    [C:\WINDOWS\system32\TivoliAP.dll]  [IBM Corporation, 1.27.1.0]
[PID: 688 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 756 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 828 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 844 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 884 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 1028 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\hpdcmon.dll]  [Hewlett-Packard, 04.20.00]
    [C:\WINDOWS\system32\hppamon0.dll]  [HP, 7, 0, 5, 0]
    [C:\WINDOWS\system32\HPBMMON.DLL]  [Hewlett-Packard, 10.00.15]
    [C:\WINDOWS\system32\hpdomon.dll]  [Hewlett-Packard, 03.42.00]
    [C:\WINDOWS\system32\HPBHealr.dll]  [N/A, ]
    [C:\WINDOWS\system32\spool\PRTPROCS\W32X86\hpprn05.dll]  [Hewlett-Packard Corporation, 60.05.17.02]
    [C:\WINDOWS\system32\spool\PRTPROCS\W32X86\hpzpp034.dll]  [Hewlett-Packard Corporation, 60.034.78.41]
    [C:\WINDOWS\system32\spool\PRTPROCS\W32X86\hpzpp041.dll]  [Hewlett-Packard Corporation, 60.041.41.00]
    [C:\WINDOWS\system32\spool\PRTPROCS\W32X86\hpzpp43e.DLL]  [Hewlett-Packard Corporation, 60.053.644.00]
    [C:\WINDOWS\system32\hppadt40.dll]  [HP, 7, 0, 5, 0]
    [C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\UNIDRV.DLL]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 1060 / NETWORK SERVICE][C:\WINDOWS\system32\msdtc.exe]  [Microsoft Corporation, 2001.12.4720.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 1156 / SYSTEM][C:\Program Files\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\CADS\ASVCTL.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\CADS\BRAND.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\CADS\CSTool.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\CADS\ASBRDCST.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\CADS\CHEYPROD.dll]  [CA, r11.5.4232.1]
[PID: 1192 / SYSTEM][C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\UnivAgent.exe]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\shrdmem.dll]  [N/A, ]
    [C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\BRAND.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\CSTool.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\DSLOAD.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\ASDCEN.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\libetpki.dll]  [Computer Associates International, Inc., Version 1.8.0]
    [C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\pthread.dll]  [N/A, ]
    [C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\asatgenc.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\univagres.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\asbrdcst.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\CHEYPROD.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\BrightStor ARCserve Backup Client Agent for Windows\ntagent.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\BrightStor ARCserve Backup Client Agent for Windows\AS2000.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\SAVCFG.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\zlib1.dll]  [, 1.2.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\PSAPI.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\dsa.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\BrightStor ARCserve Backup Client Agent for Windows\bsvssnet.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\BrightStor ARCserve Backup Client Agent for Windows\ADRCLIENTDLL.DLL]  [CA, r11.5.4232.1]
[PID: 1288 / SYSTEM][C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe]  [Compaq Computer Corporation, 5.0.3.4]
    [C:\Program Files\Compaq\Compaq Management Agents\CPQHCI.DLL]  [Compaq Computer Corporation, 5.0.3.4]
    [C:\Program Files\Compaq\Compaq Management Agents\CPQDMSC.DLL]  [Compaq Computer Corporation, 5.0.3.4]
[PID: 1316 / SYSTEM][C:\WINDOWS\system32\cpqrcmc.exe]  [Hewlett-Packard Company, 5.11.2.0 built by: buildsrv]
[PID: 1336 / SYSTEM][C:\Compaq\VCRepository\cpqsrhmo.exe]  [Compaq Computer Corporation, 1.0.2206.0]
    [C:\Compaq\VCRepository\CpqHMMO.dll]  [Compaq Computer Corp., 5.0.0]
    [C:\Compaq\VCRepository\expat.dll]  [N/A, ]
[PID: 1356 / SYSTEM][C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe]  [Hewlett-Packard Company, 2.1.8.780]
    [C:\hp\hpsmh\data\cgi-bin\vcagent\xerces-c_2_4_0.dll]  [Apache Software Foundation, 2, 4, 0]
    [C:\hp\hpsmh\data\cgi-bin\vcagent\Xalan-C_1_7_0.dll]  [Apache Software Foundation, 1, 7, 0, 0]
    [C:\hp\hpsmh\data\cgi-bin\vcagent\XalanMessages_1_7_0.dll]  [N/A, ]
    [C:\hp\hpsmh\bin\ssleay32.dll]  [N/A, ]
    [C:\hp\hpsmh\bin\LIBEAY32.dll]  [N/A, ]
[PID: 1388 / SYSTEM][C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\DBASVR.exe]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\CSTool.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\BRAND.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\ASDCEN.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\libetpki.dll]  [Computer Associates International, Inc., Version 1.8.0]
    [C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\pthread.dll]  [N/A, ]
[PID: 1420 / SYSTEM][C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe]  [McAfee, Inc., 6.1.0.506]
    [C:\WINDOWS\system32\FireCore.dll]  [McAfee, Inc., 2.5]
    [C:\WINDOWS\system32\FireCNL.dll]  [McAfee, Inc., 6.1.0.506]
    [C:\WINDOWS\system32\FireCL.dll]  [McAfee, Inc., 6.1.0.506]
    [C:\Program Files\McAfee\Host Intrusion Prevention\Resource\0407\AppRL.dll]  [McAfee, Inc., 6.1.0.431]
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory20070723121432.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\naCmnLib71.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\naXML71.dll]  [N/A, ]
    [C:\Program Files\Network Associates\Common Framework\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Network Associates\Common Framework\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Network Associates\Common Framework\nailog.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\McAfee\Host Intrusion Prevention\AgentNT.dll]  [McAfee, Inc., 6.1.0.506]
    [C:\Program Files\McAfee\Host Intrusion Prevention\mfehida.dll]  [McAfee, Inc., SYSCORE.13.3.0.111.x86]
[PID: 1448 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 1520 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 6.0.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 1548 / SYSTEM][C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe]  [N/A, ]
    [C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\libmrt60.dll]  [N/A, ]
    [C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\libcpl60.dll]  [N/A, ]
    [C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\libdes60.dll]  [N/A, ]
    [C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\libguid60.dll]  [N/A, ]
    [C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\libmem60.dll]  [N/A, ]
    [C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\libtcp60.dll]  [N/A, ]
[PID: 1580 / SYSTEM][C:\CA_LIC\LogWatNT.exe]  [Computer Associates, 1.52]
    [C:\CA_LIC\lic98.dll]  [Computer Associates, 01.62.9]
[PID: 1612 / SYSTEM][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\nailog.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Network Associates\Common Framework\naXML71.dll]  [N/A, ]
    [C:\Program Files\Network Associates\Common Framework\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Network Associates\Common Framework\naCmnLib71.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\applib.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\0409\AgentRes.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\Logging.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\InternetManager.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\naInet.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\UserSpace.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory20070723121432.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\Management.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\cmalib.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\NaiSign.DLL]  [N/A, ]
    [C:\WINDOWS\system32\epoPGPSDK.dll]  [PGP Corporation, 3.5.3]
    [C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\Scheduler.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\Agent.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\naSPIPE.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\ListenServer.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\TCSubSys.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\GenEvtInf20070723121431.dll]  [McAfee, Inc., 3.6.0.546]
[PID: 1644 / SYSTEM][C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe]  [McAfee, Inc., VSCORE.13.3.2.101.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\LockDown.dll]  [McAfee, Inc., VSCORE.13.3.1.100.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus.dll]  [McAfee, Inc., VSCORE.13.3.1.100.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus2.dll]  [McAfee, Inc., VSCORE.13.3.2.101.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\RES0c00\McShield.dll]  [McAfee, Inc., VSCORE.13.3.1.101]
    [C:\Program Files\McAfee\VirusScan Enterprise\FTL.Dll]  [McAfee, Inc., VSCORE.13.3.1.100.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\naiann.dll]  [McAfee, Inc., 8.5.0.781]
    [C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll]  [N/A, ]
    [C:\Program Files\McAfee\VirusScan Enterprise\NAEvent.dll]  [McAfee, Inc., VSCORE.13.3.1.100.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll]  [McAfee, Inc., 8.5.0.830]
    [C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll]  [McAfee, Inc., 8.5.0.781]
    [C:\Program Files\Network Associates\Common Framework\GenEvtInf20070723121431.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Network Associates\Common Framework\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\McAfee\VirusScan Enterprise\scriptsv.dll]  [McAfee, Inc., VSCORE.13.3.1.100.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mfebopa.dll]  [McAfee, Inc., SYSCORE.13.3.0.116.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mfehida.dll]  [McAfee, Inc., SYSCORE.13.3.0.116.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mfeapfa.dll]  [McAfee, Inc., SYSCORE.13.3.0.116.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mfeavfa.dll]  [McAfee, Inc., SYSCORE.13.3.0.116.x86]
    [C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll]  [McAfee, Inc., 5.1.00]
[PID: 1684 / SYSTEM][C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe]  [McAfee, Inc., 8.5.0.830]
    [C:\Program Files\McAfee\VirusScan Enterprise\LockDown.dll]  [McAfee, Inc., VSCORE.13.3.1.100.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus2.dll]  [McAfee, Inc., VSCORE.13.3.2.101.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus.dll]  [McAfee, Inc., VSCORE.13.3.1.100.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll]  [McAfee, Inc., 8.5.0.830]
    [C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll]  [McAfee, Inc., 8.5.0.781]
    [C:\Program Files\McAfee\VirusScan Enterprise\condl.dll]  [McAfee, Inc., 8.5.0.781]
    [C:\Program Files\McAfee\VirusScan Enterprise\RES0c00\McShield.dll]  [McAfee, Inc., VSCORE.13.3.1.101]
    [C:\Program Files\McAfee\VirusScan Enterprise\MIDUtil.Dll]  [McAfee, Inc., 8.5.0.148]
[PID: 1824 / SYSTEM][C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\NaiSign.DLL]  [N/A, ]
    [C:\WINDOWS\system32\epoPGPSDK.dll]  [PGP Corporation, 3.5.3]
    [C:\Program Files\Network Associates\Common Framework\naXML71.dll]  [N/A, ]
    [C:\Program Files\Network Associates\Common Framework\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Network Associates\Common Framework\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Network Associates\Common Framework\nailog.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\naCmnLib71.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\applib.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\0409\AgentRes.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\AgentPlugin.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\NAGSHR32.DLL]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\System Compliance Profiler\PtchScan.dll]  [Networks Associates Technology, Inc., 1.1.0.156]
    [C:\Program Files\McAfee\VirusScan Enterprise\VsPlugin.dll]  [McAfee, Inc., 8.5.0.781]
    [C:\WINDOWS\system32\FireePO.dll]  [McAfee, Inc., 6.1.0.506]
    [C:\WINDOWS\system32\FireCore.dll]  [McAfee, Inc., 2.5]
    [C:\WINDOWS\system32\FireCL.dll]  [McAfee, Inc., 6.1.0.506]
    [C:\WINDOWS\system32\FireCNL.dll]  [McAfee, Inc., 6.1.0.506]
    [C:\Program Files\McAfee\Host Intrusion Prevention\Resource\0407\CLibRL.dll]  [McAfee, Inc., 6.1.0.431]
    [C:\Program Files\Network Associates\Common Framework\PCRPlug.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\UpdPlug.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory20070723121432.dll]  [McAfee, Inc., 3.6.0.546]
[PID: 1932 / SYSTEM][C:\MSSQL7\binn\sqlservr.exe]  [Microsoft Corporation, 1998.11.13]
    [C:\MSSQL7\binn\opends60.dll]  [Microsoft Corporation, 1998.11.13]
    [C:\MSSQL7\binn\ums.dll]  [Microsoft Corporation, 1998.11.13]
    [C:\MSSQL7\binn\sqlevn70.dll]  [Microsoft Corporation, 1998.11.13]
    [C:\MSSQL7\binn\COMNEVNT.DLL]  [Microsoft Corporation, 1998.11.13]
    [C:\WINDOWS\system32\SQLWOA.dll]  [Microsoft Corporation, 1999.10.20]
    [C:\MSSQL7\binn\SQLTrace.DLL]  [Microsoft Corporation, 1998.11.13]
    [C:\MSSQL7\binn\SSNMPN70.dll]  [Microsoft Corporation, 1998.11.13]
    [C:\MSSQL7\binn\SSMSSO70.dll]  [Microsoft Corporation, 1998.11.13]
    [C:\MSSQL7\binn\SSMSRP70.dll]  [Microsoft Corporation, 1998.11.13]
    [C:\MSSQL7\binn\SQLRGSTR.DLL]  [N/A, ]
[PID: 2128 / SYSTEM][C:\Program Files\CA\BrightStor Backup Agent for Open Files\Ofant.exe]  [CA, 20, 0, 0, 4232]
    [C:\Program Files\CA\BrightStor Backup Agent for Open Files\CheyProd.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\BrightStor Backup Agent for Open Files\ASBRDCST.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\BrightStor Backup Agent for Open Files\BRAND.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\BrightStor Backup Agent for Open Files\CSTool.dll]  [CA, r11.5.4232.1]
    [C:\CA_LIC\lic98.dll]  [Computer Associates, 01.62.9]
[PID: 2156 / SYSTEM][C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\dbasqlr.exe]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\CSTool.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\BRAND.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\ASDCEN.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\libetpki.dll]  [Computer Associates International, Inc., Version 1.8.0]
    [C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\pthread.dll]  [N/A, ]
    [C:\Program Files\CA\BrightStor ARCserve Backup Agent for Microsoft SQL Server\dbasql.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\CHEYPROD.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\ASBRDCST.dll]  [CA, r11.5.4232.1]
    [C:\Program Files\CA\BrightStor ARCserve Backup Agent for Microsoft SQL Server\dbasqlrc.dll]  [CA, r11.5.4232.1]
[PID: 2204 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 2232 / SYSTEM][C:\WINDOWS\system32\tcpsvcs.exe]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 2252 / SYSTEM][C:\WINDOWS\System32\snmp.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\MSSQL7\BINN\sqlsnmp.dll]  [Microsoft Corporation, 1998.11.13]
    [C:\WINDOWS\system32\CpqMgmt\Cqmghost\hostmib.dll]  [Hewlett-Packard Company, 7.80.0.0]
    [C:\WINDOWS\system32\cqhstutl.dll]  [Hewlett-Packard Company, 7.80.0.0]
    [C:\WINDOWS\system32\cpqmgmt\CqMgHost\hostsnmp.dll]  [Hewlett-Packard Company, 7.80.0.0]
    [C:\WINDOWS\system32\CPQMgmt\CqMgHost\CPQMIB1K.DLL]  [Hewlett-Packard Company, 7.80.0.0]
    [C:\WINDOWS\system32\CpqNiMgt\NICMIB.DLL]  [N/A, ]
    [C:\WINDOWS\system32\cpqnimgt\w2kmgdll.dll]  [N/A, ]
    [C:\WINDOWS\system32\cpqnimgt\cqnisnmp.dll]  [N/A, ]
    [C:\WINDOWS\system32\CpqNiMgt\CPQNIMIB.DLL]  [N/A, ]
    [C:\WINDOWS\system32\sm2user.dll]  [Hewlett-Packard Company, 7.80.00.0]
    [C:\WINDOWS\system32\CpqMgmt\Cqmgstor\stormib.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqstrutl.dll]  [N/A, ]
    [C:\WINDOWS\system32\cpqmgmt\cqmgstor\storsnmp.dll]  [N/A, ]
    [C:\WINDOWS\system32\CpqMgmt\Cqmgserv\servmib.dll]  [Hewlett-Packard Company, 7.80.00.0]
    [C:\WINDOWS\system32\cqsrvutl.dll]  [Hewlett-Packard Company, 7.80.00.0]
    [C:\WINDOWS\system32\cpqmgmt\cqmgserv\servsnmp.dll]  [Hewlett-Packard Company, 7.80.00.0]
    [C:\Program Files\Compaq\Compaq Management Agents\cpqagent.dll]  [Compaq Computer Corporation, 5.0.3.4]
    [C:\Program Files\Compaq\Compaq Management Agents\CPQINIT.DLL]  [Compaq Computer Corporation, 5.0.3.4]
    [C:\Program Files\McAfee\VirusScan Enterprise\mcvssnmp.dll]  [McAfee, Inc., VSCORE.13.3.1.100.x86]
    [C:\WINDOWS\system32\CpqMgmt\CqmgStor\iscsimib.dll]  [N/A, ]
[PID: 2272 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [c:\windows\system32\srmsvc.dll]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [c:\windows\system32\srmtrace.DLL]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [c:\windows\system32\DFSEXT.dll]  [Microsoft Corporation, 5.2.3790.2075 (dnsrv_r2.051122-2350)]
[PID: 2292 / SYSTEM][C:\hp\hpsmh\bin\smhstart.exe]  [Hewlett-Packard Company, 2.1.8.179]
    [C:\hp\hpsmh\bin\libapr.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\hp\hpsmh\bin\libhttpd.dll]  [Hewlett-Packard Company, 2.1.8.179]
    [C:\hp\hpsmh\bin\libaprutil.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\hp\hpsmh\bin\libapriconv.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\hp\hpsmh\bin\domc.dll]  [N/A, ]
[PID: 2468 / SYSTEM][C:\WINDOWS\System32\CPQNiMgt\CPQNIMGT.EXE]  [Hewlett-Packard Company, 7.80.0.0]
    [C:\WINDOWS\System32\CPQNiMgt\w2kmgdll.dll]  [N/A, ]
[PID: 2600 / SYSTEM][C:\WINDOWS\system32\cpqmgmt\CqMgServ\CqMgServ.EXE]  [Hewlett-Packard Company, 7.80.00.0]
    [C:\WINDOWS\system32\cpqmgmt\CqMgServ\cqmgserv.dll]  [Hewlett-Packard Company, 7.80.00.0]
    [C:\WINDOWS\system32\cqsrvutl.dll]  [Hewlett-Packard Company, 7.80.00.0]
    [C:\WINDOWS\system32\cpqmgmt\CqMgServ\CPQHLTH.dll]  [Hewlett-Packard Company, 7.80.00.0]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.086.3959.00 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\cpqmgmt\CqMgServ\SERVALRT.dll]  [Hewlett-Packard Company, 7.80.00.0]
    [C:\WINDOWS\system32\cpqmgmt\CqMgServ\CPQSM2.dll]  [Hewlett-Packard Company, 7.80.00.0]
    [C:\WINDOWS\system32\sm2user.dll]  [Hewlett-Packard Company, 7.80.00.0]
    [C:\WINDOWS\system32\cpqsmif.dll]  [Hewlett-Packard Company, 1.2.0.0]
[PID: 2632 / SYSTEM][C:\WINDOWS\system32\cpqmgmt\cqmgstor\cqmgstor.exe]  [Hewlett-Packard Company, 7.80.0.0]
    [C:\WINDOWS\system32\cpqmgmt\cqmgstor\CQMGSTOR.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqstrutl.dll]  [N/A, ]
    [C:\WINDOWS\system32\cpqmgmt\cqmgstor\CPQIDE.dll]  [N/A, ]
    [C:\WINDOWS\system32\cpqmgmt\cqmgstor\CPQMDISK.dll]  [N/A, ]
    [C:\WINDOWS\system32\cpqmgmt\cqmgstor\CPQMSCSI.dll]  [N/A, ]
    [C:\WINDOWS\system32\cpqmgmt\cqmgstor\CPQMIDA.dll]  [N/A, ]
    [C:\WINDOWS\system32\cpqmgmt\cqmgstor\CPQFCA.dll]  [N/A, ]
    [C:\WINDOWS\system32\cpqmgmt\cqmgstor\CPQISCSI.dll]  [N/A, ]
    [C:\WINDOWS\system32\cpqmgmt\cqmgstor\STORALRT.dll]  [N/A, ]
    [C:\WINDOWS\system32\cpqmgmt\cqmgstor\CPQSAS.dll]  [N/A, ]
    [C:\WINDOWS\system32\CQHSTUTL.DLL]  [Hewlett-Packard Company, 7.80.0.0]
[PID: 2660 / SYSTEM][C:\hp\hpsmh\bin\hpsmhd.exe]  [Hewlett-Packard Company, 2.1.8.179]
    [C:\hp\hpsmh\bin\libapr.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\hp\hpsmh\bin\libaprutil.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\hp\hpsmh\bin\libapriconv.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\hp\hpsmh\bin\libhttpd.dll]  [Hewlett-Packard Company, 2.1.8.179]
    [C:\HP\hpsmh\modules\mod_access.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_actions.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_alias.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_cgi.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_dir.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_env.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_imap.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_log_config.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_mime.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_proxy.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_proxy_connect.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_proxy_http.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_negotiation.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_rewrite.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_setenvif.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_headers.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_ssl.so]  [Apache Software Foundation, 2.0.49]
    [C:\hp\hpsmh\bin\SSLEAY32.dll]  [N/A, ]
    [C:\hp\hpsmh\bin\LIBEAY32.dll]  [N/A, ]
    [C:\HP\hpsmh\modules\mod_smh_aa.so]  [Hewlett-Packard Company, 2.1.8.179]
    [C:\HP\hpsmh\modules\mod_smh_config.so]  [Hewlett-Packard Company, 2.1.8.179]
    [C:\HP\hpsmh\modules\domc.dll]  [N/A, ]
    [C:\HP\hpsmh\modules\mod_smh_bc.so]  [Hewlett-Packard Company, 2.1.8.179]
    [C:\HP\hpsmh\modules\mod_smh_ui.so]  [Hewlett-Packard Company, 2.1.8.179]
    [C:\HP\hpsmh\modules\mod_smh_pkcs.so]  [Hewlett-Packard Company, 2.1.8.179]
    [C:\HP\hpsmh\modules\mod_smh_help.so]  [Hewlett-Packard Company, 2.1.8.177]
    [C:\HP\hpsmh\modules\php4apache2.so]  [N/A, ]
    [C:\HP\hpsmh\modules\php4ts.dll]  [The PHP Group, 4.4.6.6]
    [C:\hp\hpsmh\modules\php_domxml.dll]  [N/A, ]
    [C:\hp\hpsmh\bin\iconv.dll]  [Free Software Foundation, 1.9]
[PID: 2716 / SYSTEM][C:\WINDOWS\system32\Dfsr.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\System32\dfsrres.dll]  [Microsoft Corporation, 5.2.3790.2075 (dnsrv_r2.051122-2350)]
[PID: 2888 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 2980 / SYSTEM][C:\WINDOWS\system32\sysdown.exe]  [Compaq Computer Corporation, 5.35.0.0 built by: buildsrv]
[PID: 3072 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 3104 / SYSTEM][C:\WINDOWS\system32\cpqmgmt\CqMgHost\CQMGHOST.EXE]  [Hewlett-Packard Company, 7.80.0.0]
    [C:\WINDOWS\system32\cpqmgmt\CqMgHost\cqmghost.dll]  [Hewlett-Packard Company, 7.80.0.0]
    [C:\WINDOWS\system32\cqhstutl.dll]  [Hewlett-Packard Company, 7.80.0.0]
    [C:\WINDOWS\system32\cpqmgmt\CqMgHost\CPQMHOST.dll]  [Hewlett-Packard Company, 7.80.0.0]
    [C:\WINDOWS\system32\cpqmgmt\CqMgHost\CPQPERF.dll]  [Hewlett-Packard Company, 7.80.0.0]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.086.3959.00 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\cpqmgmt\CqMgHost\CPQSTAT.dll]  [Hewlett-Packard Company, 7.80.0.0]
    [C:\WINDOWS\system32\cpqmgmt\CqMgHost\CPQSWV.dll]  [Hewlett-Packard Company, 7.80.0.0]
    [C:\WINDOWS\system32\cpqmgmt\CqMgHost\CPQTHRSH.dll]  [Hewlett-Packard Company, 7.80.0.0]
    [C:\WINDOWS\system32\cpqmgmt\CqMgHost\HOSTALRT.dll]  [Hewlett-Packard Company, 7.80.0.0]
[PID: 3564 / SYSTEM][C:\hp\hpsmh\bin\rotatelogs.exe]  [Apache Software Foundation, 2.0.49]
[PID: 3572 / SYSTEM][C:\hp\hpsmh\bin\rotatelogs.exe]  [Apache Software Foundation, 2.0.49]
[PID: 3580 / SYSTEM][C:\hp\hpsmh\bin\hpsmhd.exe]  [Hewlett-Packard Company, 2.1.8.179]
    [C:\hp\hpsmh\bin\libapr.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\hp\hpsmh\bin\libaprutil.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\hp\hpsmh\bin\libapriconv.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\hp\hpsmh\bin\libhttpd.dll]  [Hewlett-Packard Company, 2.1.8.179]
    [C:\HP\hpsmh\modules\mod_access.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_actions.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_alias.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_cgi.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_dir.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_env.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_imap.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_log_config.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_mime.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_proxy.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_proxy_connect.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_proxy_http.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_negotiation.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_rewrite.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_setenvif.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_headers.so]  [Apache Software Foundation, 2.0.49]
    [C:\HP\hpsmh\modules\mod_ssl.so]  [Apache Software Foundation, 2.0.49]
    [C:\hp\hpsmh\bin\SSLEAY32.dll]  [N/A, ]
    [C:\hp\hpsmh\bin\LIBEAY32.dll]  [N/A, ]
    [C:\HP\hpsmh\modules\mod_smh_aa.so]  [Hewlett-Packard Company, 2.1.8.179]
    [C:\HP\hpsmh\modules\mod_smh_config.so]  [Hewlett-Packard Company, 2.1.8.179]
    [C:\HP\hpsmh\modules\domc.dll]  [N/A, ]
    [C:\HP\hpsmh\modules\mod_smh_bc.so]  [Hewlett-Packard Company, 2.1.8.179]
    [C:\HP\hpsmh\modules\mod_smh_ui.so]  [Hewlett-Packard Company, 2.1.8.179]
    [C:\HP\hpsmh\modules\mod_smh_pkcs.so]  [Hewlett-Packard Company, 2.1.8.179]
    [C:\HP\hpsmh\modules\mod_smh_help.so]  [Hewlett-Packard Company, 2.1.8.177]
    [C:\HP\hpsmh\modules\php4apache2.so]  [N/A, ]
    [C:\HP\hpsmh\modules\php4ts.dll]  [The PHP Group, 4.4.6.6]
    [C:\hp\hpsmh\modules\php_domxml.dll]  [N/A, ]
    [C:\hp\hpsmh\bin\iconv.dll]  [Free Software Foundation, 1.9]
[PID: 3608 / SYSTEM][C:\hp\hpsmh\bin\rotatelogs.exe]  [Apache Software Foundation, 2.0.49]
[PID: 3616 / SYSTEM][C:\hp\hpsmh\bin\rotatelogs.exe]  [Apache Software Foundation, 2.0.49]
[PID: 4392 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 4420 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 4888 / administrateur][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\Program Files\Network Associates\Common Framework\JrMac.dll]  [McAfee, Inc., 1.0.0.125]
    [C:\Program Files\McAfee\VirusScan Enterprise\shext.dll]  [McAfee, Inc., 8.5.0.781]
    [C:\WINDOWS\system32\dfshim.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[PID: 4956 / administrateur][C:\Program Files\Network Associates\Common Framework\UdaterUI.exe]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\nailog.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Network Associates\Common Framework\naCmnLib71.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\naXML71.dll]  [N/A, ]
    [C:\Program Files\Network Associates\Common Framework\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Network Associates\Common Framework\applib.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\cmalib.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\0409\UpdRes.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\0409\AgentRes.dll]  [McAfee, Inc., 3.6.0.546]
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory20070723121432.dll]  [McAfee, Inc., 3.6.0.546]
[PID: 4964 / administrateur][C:\PROGRA~1\Compaq\COMPAQ~2\CHKADMIN.EXE]  [Compaq Computer Corporation, 5.0.3.4]
[PID: 4972 / administrateur][C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE]  [McAfee, Inc., 8.5.0.830]
    [C:\Program Files\McAfee\VirusScan Enterprise\LockDown.dll]  [McAfee, Inc., VSCORE.13.3.1.100.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\ftcfg.dll]  [McAfee, Inc., 8.5.0.781]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus2.dll]  [McAfee, Inc., VSCORE.13.3.2.101.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus.dll]  [McAfee, Inc., VSCORE.13.3.1.100.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll]  [McAfee, Inc., 8.5.0.781]
    [C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll]  [McAfee, Inc., 8.5.0.830]
    [C:\Program Files\McAfee\VirusScan Enterprise\RES0c00\McShield.dll]  [McAfee, Inc., VSCORE.13.3.1.101]
    [C:\Program Files\McAfee\VirusScan Enterprise\Graphics.dll]  [McAfee, Inc., 8.5.0.781]
[PID: 5008 / administrateur][C:\WINDOWS\system32\Atiptaxx.exe]  [ATI Technologies, Inc., 6.13.2523]
    [C:\WINDOWS\system32\ATRPUIXX.ENU]  [ATI Technologies, Inc., 6.13.2523]
    [C:\WINDOWS\system32\atipdsxx.dll]  [ATI Technologies, Inc., 6.13.2523]
[PID: 5016 / administrateur][C:\WINDOWS\system32\cpqteam.exe]  [Hewlett-Packard Company, 8.60.0.11]
[PID: 5028 / administrateur][C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe]  [McAfee, Inc., 6.1.0.506]
    [C:\WINDOWS\system32\FireCore.dll]  [McAfee, Inc., 2.5]
    [C:\WINDOWS\system32\FireCNL.dll]  [McAfee, Inc., 6.1.0.506]
    [C:\WINDOWS\system32\FireCL.dll]  [McAfee, Inc., 6.1.0.506]
    [C:\Program Files\McAfee\Host Intrusion Prevention\Resource\0407\CLibRL.dll]  [McAfee, Inc., 6.1.0.431]
    [C:\Program Files\McAfee\Host Intrusion Prevention\Resource\0407\TrayRL.dll]  [McAfee, Inc., 6.1.0.431]
[PID: 5044 / administrateur][C:\Program Files\Network Associates\Common Framework\McTray.exe]  [McAfee, Inc., 1.0.0.125]
    [C:\Program Files\Network Associates\Common Framework\JrMac.dll]  [McAfee, Inc., 1.0.0.125]
[PID: 5136 / administrateur][C:\MSSQL7\Binn\sqlmangr.exe]  [Microsoft Corporation, 1998.11.13]
    [C:\MSSQL7\Binn\W95SCM.dll]  [Microsoft Corporation, 1998.11.13]
[PID: 5296 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 5616 / administrateur][C:\WINDOWS\system32\mmc.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.086.3959.00 (srv03_sp2_rtm.070216-1710)]
[PID: 4936 / administrateur][C:\DOCUME~1\ADMINI~2\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe]  [Soeperman Enterprises Ltd., 1.99.0001]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9782]
[PID: 2692 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 5520 / administrateur][C:\Documents and Settings\administrateur\Desktop\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Documents and Settings\administrateur\Desktop\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1388, C:\PROGRAM FILES\CA\SHAREDCOMPONENTS\BRIGHTSTOR\DBACOMMON\DBASVR.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================




----------------------------------------------------------------------------------




je peux t'envoyer où une bouteille de rouge ? ;-) merci
pyofan
Libellulien
Libellulien
 
Messages: 51
Inscription: 09 Déc 2005 15:17

Messagepar Falkra » 24 Juil 2007 15:27

Jene vois pas grand chose de concluant là dedans, si ce n'est que McAffee a vraimnt ses entrées partout et très profond dans le système.

Un dernier petit test de diagnostic, plus classique :

* Fais un clic droit sur ce lien de navilog1 de IL-MAFIOSO :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

* Choisis Enregistrer la cible (du lien) sous et enregistre-le fichier sur ton bureau.
* Ensuite double clique sur navilog1.exe pour lancer l'installation.
* Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
* Laisse-toi guider. Au menu principal, choisis 1 et valide.
(ne fais pas le choix 2,3 ou 4 sans accord)
* Cela dure un moment, attents le message :
*** Analyse Termine le ..... ***

* Appuie sur une touche comme demandé, le bloc note va s'ouvrir.
* Copie-colle l'intégralité du rapport dans ton prochain post. Referme le bloc note.

Note :
Le rapport est aussi sauvegardé à la racine du disque (fixnavi.txt)
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Messagepar pyofan » 24 Juil 2007 15:38

je viens d'essayer mais j'ai un message me disant que le fix ne fonctionne que sous windows xp....

penses-tu que je doive changer d'anti-virus ?? ça ne m'arrange pas je dois dire....

le serveur n'a plus rebooté depuis hier soir 19h..... est-ce un signe ? ;-P

Merci pour toutes tes lumières en tous cas.
pyofan
Libellulien
Libellulien
 
Messages: 51
Inscription: 09 Déc 2005 15:17

Messagepar Falkra » 24 Juil 2007 15:50

Ce n'est pas un signe, rien n'a été modifié.
changer d'antivirus pourrait faire du bien (pour tester), mais je comprends les réticences sur un serveur à faire ce type de manipulations, surtout avec des solutions payantes.

Je consulte d'autres personnes d'un forum ami a propos de la ligne O20, je poste dès que j'ai des infos ou quelque chose d'intéressant à tester. La ligne est louche, mais rien ne met en évidence clairement un intrus.

@ tout à l'heure
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Messagepar pyofan » 25 Juil 2007 06:49

salut !

ce matin, pas de signe de nouveau reboot intempestif.....

hier soir pour finir je n'ai pas changé d'antivirus vu que ça ne devait pas modifier grand chose...

bon début de journée et merci pour l'aide d'hier.
pyofan
Libellulien
Libellulien
 
Messages: 51
Inscription: 09 Déc 2005 15:17

Messagepar Falkra » 25 Juil 2007 09:01

Ce test fonctionne sous win server 2003, la page officielle l'indique :
C'est un détecteur de rootkits, qui dressera une liste de fichiers "cachés".

Voici comment procéder :

Télécharge Blacklight (de F-Secure); clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.

Double-clique fsbl.exe et accepte la licence; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" tout de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Messagepar pyofan » 25 Juil 2007 12:08

voilà le résultat:

07/25/07 11:07:22 [Info]: BlackLight Engine 1.0.64 initialized
07/25/07 11:07:22 [Info]: OS: 5.2 build 3790 (Service Pack 2)
07/25/07 11:07:22 [Note]: 7019 4
07/25/07 11:07:22 [Note]: 7005 0
07/25/07 11:07:28 [Note]: 7006 0
07/25/07 11:07:28 [Note]: 7011 4888
07/25/07 11:07:28 [Note]: 7026 0
07/25/07 11:07:28 [Note]: 7026 0
07/25/07 11:07:31 [Note]: FSRAW library version 1.7.1022
07/25/07 13:06:33 [Note]: 7007 0


merci
pyofan
Libellulien
Libellulien
 
Messages: 51
Inscription: 09 Déc 2005 15:17

PrécédenteSuivante

Retourner vers Windows NT, 2000, XP

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 0 invités