win32 trojan gen {upx}
Forum Sécurité - Virus : win32 trojan gen {upx}
Voilà j' ai telechargé un lgiciel q'un copain m'avait conseillé, vdowloader, à un moment alors que tout allait bien de puis 2mois que je l'ai j' ai eu un message d'avast me disant que j'etais infecté par un fameux TROJAN WIN 32 GEN {UPX}.
et à chaque fois que je reprend le loiciel c'est la même chose!!
voilà le rapport hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 18:02:55, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition
Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RAMpage\RAMpage.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Steam\Steam.exe
C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.lemonde.fr/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class -
{08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres
pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 193.57.244.36 www.airfrance.fr
O1 - Hosts: 91.121.83.208 www.1980-games.com
O1 - Hosts: 213.11.173.79 www.saint-maur.com
O1 - Hosts: 194.153.89.166 www.pralognan.com
O1 - Hosts: 212.43.240.228 www.abritel.fr
O1 - Hosts: 87.238.81.131 www.amazon.fr
O1 - Hosts: 213.251.173.130 www.aujardin.info
O1 - Hosts: 213.186.52.226 fr.audiofanzine.com
O1 - Hosts: 195.219.48.200 www.voyages-sncf.com
O1 - Hosts: 170.171.248.108 bobdylan.com
O1 - Hosts: 66.45.228.110 www.bossanovaguitar.com
O1 - Hosts: 87.106.133.224 vide-greniers.org
O1 - Hosts: 203.150.2.21 www.absolutelyric.com
O1 - Hosts: 217.167.18.142 www.caisse-epargne.fr
O1 - Hosts: 195.219.48.207 www.canalplus.fr
O1 - Hosts: 85.10.140.25 www.montagne-vacances.com
O1 - Hosts: 217.19.49.229 www.fftt.com
O1 - Hosts: 212.180.4.229 www.cnsmdp.fr
O1 - Hosts: 194.126.217.78 www.infos-du-net.com
O1 - Hosts: 91.121.72.176 www.cs-amx.com
O1 - Hosts: 195.8.214.142 www.dailymotion.com
O1 - Hosts: 213.174.196.170 www.easyjet.com
O1 - Hosts: 62.210.169.3 www.editionsladecouverte.fr
O1 - Hosts: 193.41.200.145 www.esl.eu
O1 - Hosts: 195.42.251.40 www.fnac.com
O1 - Hosts: 195.101.57.133 www.fnphp.com
O1 - Hosts: 195.12.231.201 live.football365.fr
O1 - Hosts: 195.219.48.207 www.football365.fr
O1 - Hosts: 195.219.48.200 bonappetitbiensur.france3.fr
O1 - Hosts: 195.219.48.209 www.france5.fr
O1 - Hosts: 72.14.221.147 maps.google.fr
O1 - Hosts: 209.85.135.99 www.google.fr
O1 - Hosts: 69.25.142.48 www.haus-pirker.com
O1 - Hosts: 213.163.128.180 www.algonet.se
O1 - Hosts: 194.221.84.137 www.ikea.com
O1 - Hosts: 194.2.4.113 www.fatrazie.com
O1 - Hosts: 62.23.140.206 www.truffaut.com
O1 - Hosts: 64.177.32.178 www.aebersold.com
O1 - Hosts: 217.174.215.102 www.jeuxvideo.com
O1 - Hosts: 216.247.113.146 www.johncoltrane.com
O1 - Hosts: 66.201.40.226 www.klincksieck.com
O1 - Hosts: 85.31.221.83 www.pepiniere-77.com
O1 - Hosts: 195.219.48.200 www.lemonde.fr
O1 - Hosts: 212.27.63.112 les.arbres.free.fr
O1 - Hosts: 66.201.40.214 www.lesbelleslettres.com
O1 - Hosts: 62.193.194.155 www.marqueyssac.com
O1 - Hosts: 207.123.33.124 www.liberation.fr
O1 - Hosts: 212.94.167.238 www.logis-de-france.fr
O1 - Hosts: 64.209.134.9 www.plosin.com
O1 - Hosts: 213.200.111.6 www.nespresso.com
O1 - Hosts: 195.219.48.201 www.novotel.com
O1 - Hosts: 216.104.185.11 www.drjohn.org
O1 - Hosts: 161.58.250.181 www.steelydan.com
O1 - Hosts: 193.252.122.103 www.orange.fr
O1 - Hosts: 213.186.33.40 www.oulipo.net
O1 - Hosts: 212.180.4.213 www.pol-editeur.fr
O1 - Hosts: 193.252.242.225 www.pagesjaunes.fr
O1 - Hosts: 194.175.128.243 www.panasonic.fr
O1 - Hosts: 212.78.204.20 membres.lycos.fr
O1 - Hosts: 62.210.65.157 www.radiofrance.fr
O1 - Hosts: 64.22.224.130 www.randynewman.com
O1 - Hosts: 67.15.137.82 www.flyordie.com
O1 - Hosts: 195.110.12.11 www.societe.com
O1 - Hosts: 194.206.194.28 www.honda-speed-motorcycles.com
O1 - Hosts: 81.93.4.208 www.sytadin.tm.fr
O1 - Hosts: 72.22.69.223 www.alligatorboogaloo.com
O1 - Hosts: 212.11.63.254 www.viamichelin.com
O1 - Hosts: 81.25.203.37 www.virginmobile.fr
O1 - Hosts: 216.251.114.90 agence.voyages-sncf.com
O1 - Hosts: 62.23.137.194 www.leroymerlin.fr
O1 - Hosts: 212.27.63.120 best.web.free.fr
O1 - Hosts: 208.65.153.251 www.youtube.com
O1 - Hosts: 217.22.55.225 www.gamerz.be
O1 - Hosts: 212.27.63.116 arbre.vengeur.free.fr
O1 - Hosts: 207.46.193.254 www.microsoft.com
O1 - Hosts: 64.4.52.189 go.microsoft.com
O1 - Hosts: 193.252.148.80 www.voila.fr
O1 - Hosts: 193.252.122.103 www.wanadoo.fr
O1 - Hosts: 193.253.149.16 www.alapage.com
O1 - Hosts: 217.167.29.246 www.francetelecom.com
O1 - Hosts: 193.252.123.5 www.goa.com
O1 - Hosts: 195.101.50.101 www.kompass.fr
O1 - Hosts: 66.116.125.190 www.ma-collection.net
O1 - Hosts: 193.203.32.2 www.mappy.com
O1 - Hosts: 193.253.149.16 www.marcopoly.com
O1 - Hosts: 193.252.149.23 r.wanadoo.fr
O1 - Hosts: 217.115.159.202 www.ogame.fr
O2 - BHO: Aide pour le lien d'Adobe PDF Reader -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
(no file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program
Files\Fichiers communs\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE
Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program
Files\Adobe\Photoshop Album Edition
Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RAMpage] "C:\Program
Files\RAMpage\RAMpage.exe" U=30 M=28 S P="C:\Program
Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM
F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program
Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Télécharger avec FlashGet -
C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet -
C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: Orange -
{1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr
(file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper
Flags Class) -
http://messenger.zone.msn.com/bina [...] b50997.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter
Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo
Upload Tool) -
http://by137fd.bay137.hotmail.msn. [...] nPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class)
- http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/bina [...] nt.cab5099
7.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/bina [...] ient.cab56
907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper
Flags Class) -
http://messenger.zone.msn.com/bina [...] b56986.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{2BFE1A9F-0E69-492C-9454-B8FB0E
C7F055}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F}
- C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon -
C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program
Files\Fichiers communs\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares
Development Group - C:\Documents and
Settings\Bruneau\Bureau\felixmessenger perso\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL
Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program
Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program
Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers
communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision -
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program
Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program
Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony
Corporation - C:\Program Files\Fichiers communs\Sony
Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs,
LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Si quelqun pouvait me dire ce qui ne va pas!!
Merci bien!!
Salut,
Edite ton message et poste le rapport correctement, c'est illisible.
Répondre à XmichouX
Il y a 2289 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
