Virus infecte

StartupList report, 21/05/2006, 19:40:38
StartupList version: 1.52.2
Started from :

C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\Rar$EX00.750\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\svchost.exe
C:\Program Files\Adobe\Photoshop Album Edition

Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\PROGRA~1\DrWeb\spidernt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu

Démarrer\Programmes\Démarrage]
AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
Microsoft Office.lnk = C:\Program Files\microsoft

office\office10\OSA.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ATIModeChange = Ati2mdxx.exe
ATIPTA = C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
NeroFilterCheck = C:\WINDOWS\System32\NeroCheck.exe
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HP Software Update = C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe
TkBellExe = "C:\Program Files\Fichiers

communs\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
eBayToolbar = C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
AOLDialer = C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
Picasa Media Detector = C:\Program

Files\Picasa2\PicasaMediaDetector.exe
WindowsServicesStartup = C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\svchost.exe

1
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album

Edition Découverte\3.0\Apps\apdproxy.exe"
Install5G = E:\AOLbox\Install.exe /SI=1
DrWebScheduler = "C:\Program Files\DrWeb\DRWEBSCD.EXE"
SpIDerNT = C:\PROGRA~1\DrWeb\spidernt.exe /agent

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\MAT.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll -

{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll -

{53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

HP Usg Daily FY04.job
Maintenance en 1 clic.job

--------------------------------------------------

Enumerating Download Program Files:

[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagcc.ocx
CODEBASE = http://aolcc.aol.fr/computercheckup/qdiagcc.cab

[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocx
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE =

https://www.trendmicro.com/en_us/forHome/products/housecall.html

housecall/xscan53.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx
CODEBASE =

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

[Canal+ Active MSWAY]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msway.dll
CODEBASE = http://servicesv4.canalplusactive.com/cabs/msway42.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #2: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #3: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #4: C:\WINDOWS\system32\DRWEBSP.DLL

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations:

C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\_iu14D2N.tmp|||C

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 7 799 bytes
Report generated in 0,047 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of

platform
/history - to list version history only