infecté avec TR/Proxy.horst.gen

infecté avec TR/Proxy.horst.gen - Virus/Spywares - Windows & Software

Marsh Posté le 01-07-2009 à 11:35:50    

bonjour,
tout est dans le titre je vous soumets le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:17:18, on 29/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
I:\ANTIVIR\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
I:\ANTIVIR\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
I:\ANTIVIR\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
I:\CLONE CD\CloneCD\CloneCDTray.exe
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\rundll32.exe
I:\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe
I:\firefox\firefox.exe
C:\WINDOWS\TBPANEL.exe
I:\OFFICE XP 2002\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
I:\EMULE\emule.exe
I:\Hijackthis\scanner.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fsinsider.com/downloads [...] Pack1.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\DOCUME~1\laurent\LOCALS~1\APPLIC~1\cmstp.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - I:\REALPLAYER\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\SPYBOT\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - E:\jeux johan\Flash Saving Plugin\FlashSButton.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [UVS10 Preload] I:\VIDEO STUDIO 10+\uvPL.exe
O4 - HKLM\..\Run: [avgnt] "I:\ANTIVIR\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [CloneCDTray] "I:\CLONE CD\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] E:\jeux johan\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\WINDOWS\System\mstsc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\laurent\LOCALS~1\APPLIC~1\MICROS~1\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\mqtgsvc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [SessMgr] C:\WINDOWS\System32\drivers\sessmgr.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\laurent\APPLIC~1\MICROS~1\cisvc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\laurent\LOCALS~1\APPLIC~1\MICROS~1\spoolsv.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\laurent\LOCALS~1\APPLIC~1\MICROS~1\comrepl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [IEudinit] C:\DOCUME~1\laurent\APPLIC~1\MICROS~1\ieudinit.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [rsvp] C:\DOCUME~1\laurent\LOCALS~1\APPLIC~1\MICROS~1\rsvp.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\WINDOWS\logman.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\WINDOWS\System\esentutl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\laurent\LOCALS~1\Temp\cmstp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\System32\drivers\dllhst3g.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Spool] C:\WINDOWS\System32\drivers\spoolsv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\laurent\LOCALS~1\Temp\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\DOCUME~1\laurent\APPLIC~1\MICROS~1\sessmgr.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\laurent\LOCALS~1\Temp\mstsc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [IEudinit] C:\DOCUME~1\laurent\LOCALS~1\Temp\ieudinit.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\laurent\LOCALS~1\Temp\logman.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [rsvp] C:\DOCUME~1\laurent\LOCALS~1\Temp\rsvp.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\laurent\LOCALS~1\APPLIC~1\MICROS~1\clipsrv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\laurent\LOCALS~1\APPLIC~1\MICROS~1\clipsrv.exe /waitservice (User 'Default user')
O4 - Startup: fsbackup.lnk = I:\FSBACKUP\fsbackup.exe
O4 - Global Startup: Microsoft Office.lnk = I:\OFFICE XP 2002\Office10\OSA.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\OFFICE~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://E:\jeux johan\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Save YouTube Video - res://E:\jeux johan\Flash Saving Plugin\FlashSButton.dll/217
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - I:\HTTRACK - aspi de sites web\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - I:\HTTRACK - aspi de sites web\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\SPYBOT\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\SPYBOT\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - E:\jeux johan\Flash Saving Plugin\FlashSButton.dll (HKCU)
O15 - Trusted Zone: *.line6.net
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - I:\ANTIVIR\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - I:\ANTIVIR\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcr_device -   - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NBService - Unknown owner - I:\NERO\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
 
--
End of file - 11899 bytes
 
merci de m'aider!
laurent

Reply

Marsh Posté le 01-07-2009 à 11:35:50   

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed