Se connecter / S'enregistrer
Votre question

win32 trojan gen {upx}

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Janvier 2008 18:07:57

Voilà j' ai telechargé un lgiciel q'un copain m'avait conseillé, vdowloader, à un moment alors que tout allait bien de puis 2mois que je l'ai j' ai eu un message d'avast me disant que j'etais infecté par un fameux TROJAN WIN 32 GEN {UPX}.
et à chaque fois que je reprend le loiciel c'est la même chose!!

voilà le rapport hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 18:02:55, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition

Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RAMpage\RAMpage.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Steam\Steam.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.lemonde.fr/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class -

{08C06D61-F1F3-4799-86F8-BE1A89362C85} -

C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres

pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 193.57.244.36 www.airfrance.fr
O1 - Hosts: 91.121.83.208 www.1980-games.com
O1 - Hosts: 213.11.173.79 www.saint-maur.com
O1 - Hosts: 194.153.89.166 www.pralognan.com
O1 - Hosts: 212.43.240.228 www.abritel.fr
O1 - Hosts: 87.238.81.131 www.amazon.fr
O1 - Hosts: 213.251.173.130 www.aujardin.info
O1 - Hosts: 213.186.52.226 fr.audiofanzine.com
O1 - Hosts: 195.219.48.200 www.voyages-sncf.com
O1 - Hosts: 170.171.248.108 bobdylan.com
O1 - Hosts: 66.45.228.110 www.bossanovaguitar.com
O1 - Hosts: 87.106.133.224 vide-greniers.org
O1 - Hosts: 203.150.2.21 www.absolutelyric.com
O1 - Hosts: 217.167.18.142 www.caisse-epargne.fr
O1 - Hosts: 195.219.48.207 www.canalplus.fr
O1 - Hosts: 85.10.140.25 www.montagne-vacances.com
O1 - Hosts: 217.19.49.229 www.fftt.com
O1 - Hosts: 212.180.4.229 www.cnsmdp.fr
O1 - Hosts: 194.126.217.78 www.infos-du-net.com
O1 - Hosts: 91.121.72.176 www.cs-amx.com
O1 - Hosts: 195.8.214.142 www.dailymotion.com
O1 - Hosts: 213.174.196.170 www.easyjet.com
O1 - Hosts: 62.210.169.3 www.editionsladecouverte.fr
O1 - Hosts: 193.41.200.145 www.esl.eu
O1 - Hosts: 195.42.251.40 www.fnac.com
O1 - Hosts: 195.101.57.133 www.fnphp.com
O1 - Hosts: 195.12.231.201 live.football365.fr
O1 - Hosts: 195.219.48.207 www.football365.fr
O1 - Hosts: 195.219.48.200 bonappetitbiensur.france3.fr
O1 - Hosts: 195.219.48.209 www.france5.fr
O1 - Hosts: 72.14.221.147 maps.google.fr
O1 - Hosts: 209.85.135.99 www.google.fr
O1 - Hosts: 69.25.142.48 www.haus-pirker.com
O1 - Hosts: 213.163.128.180 www.algonet.se
O1 - Hosts: 194.221.84.137 www.ikea.com
O1 - Hosts: 194.2.4.113 www.fatrazie.com
O1 - Hosts: 62.23.140.206 www.truffaut.com
O1 - Hosts: 64.177.32.178 www.aebersold.com
O1 - Hosts: 217.174.215.102 www.jeuxvideo.com
O1 - Hosts: 216.247.113.146 www.johncoltrane.com
O1 - Hosts: 66.201.40.226 www.klincksieck.com
O1 - Hosts: 85.31.221.83 www.pepiniere-77.com
O1 - Hosts: 195.219.48.200 www.lemonde.fr
O1 - Hosts: 212.27.63.112 les.arbres.free.fr
O1 - Hosts: 66.201.40.214 www.lesbelleslettres.com
O1 - Hosts: 62.193.194.155 www.marqueyssac.com
O1 - Hosts: 207.123.33.124 www.liberation.fr
O1 - Hosts: 212.94.167.238 www.logis-de-france.fr
O1 - Hosts: 64.209.134.9 www.plosin.com
O1 - Hosts: 213.200.111.6 www.nespresso.com
O1 - Hosts: 195.219.48.201 www.novotel.com
O1 - Hosts: 216.104.185.11 www.drjohn.org
O1 - Hosts: 161.58.250.181 www.steelydan.com
O1 - Hosts: 193.252.122.103 www.orange.fr
O1 - Hosts: 213.186.33.40 www.oulipo.net
O1 - Hosts: 212.180.4.213 www.pol-editeur.fr
O1 - Hosts: 193.252.242.225 www.pagesjaunes.fr
O1 - Hosts: 194.175.128.243 www.panasonic.fr
O1 - Hosts: 212.78.204.20 membres.lycos.fr
O1 - Hosts: 62.210.65.157 www.radiofrance.fr
O1 - Hosts: 64.22.224.130 www.randynewman.com
O1 - Hosts: 67.15.137.82 www.flyordie.com
O1 - Hosts: 195.110.12.11 www.societe.com
O1 - Hosts: 194.206.194.28 www.honda-speed-motorcycles.com
O1 - Hosts: 81.93.4.208 www.sytadin.tm.fr
O1 - Hosts: 72.22.69.223 www.alligatorboogaloo.com
O1 - Hosts: 212.11.63.254 www.viamichelin.com
O1 - Hosts: 81.25.203.37 www.virginmobile.fr
O1 - Hosts: 216.251.114.90 agence.voyages-sncf.com
O1 - Hosts: 62.23.137.194 www.leroymerlin.fr
O1 - Hosts: 212.27.63.120 best.web.free.fr
O1 - Hosts: 208.65.153.251 www.youtube.com
O1 - Hosts: 217.22.55.225 www.gamerz.be
O1 - Hosts: 212.27.63.116 arbre.vengeur.free.fr
O1 - Hosts: 207.46.193.254 www.microsoft.com
O1 - Hosts: 64.4.52.189 go.microsoft.com
O1 - Hosts: 193.252.148.80 www.voila.fr
O1 - Hosts: 193.252.122.103 www.wanadoo.fr
O1 - Hosts: 193.253.149.16 www.alapage.com
O1 - Hosts: 217.167.29.246 www.francetelecom.com
O1 - Hosts: 193.252.123.5 www.goa.com
O1 - Hosts: 195.101.50.101 www.kompass.fr
O1 - Hosts: 66.116.125.190 www.ma-collection.net
O1 - Hosts: 193.203.32.2 www.mappy.com
O1 - Hosts: 193.253.149.16 www.marcopoly.com
O1 - Hosts: 193.252.149.23 r.wanadoo.fr
O1 - Hosts: 217.115.159.202 www.ogame.fr
O2 - BHO: Aide pour le lien d'Adobe PDF Reader -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} -

(no file)
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Fichiers communs\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE

Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [avast!]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program

Files\Adobe\Photoshop Album Edition

Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RAMpage] "C:\Program

Files\RAMpage\RAMpage.exe" U=30 M=28 S P="C:\Program

Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM

F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program

Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Télécharger avec FlashGet -

C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet -

C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra button: Orange -

{1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr

(file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper

Flags Class) -

http://messenger.zone.msn.com/binary/MineSweeper.cab509...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter

Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo

Upload Tool) -

http://by137fd.bay137.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class)

- http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClie...

7.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPACl...

907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper

Flags Class) -

http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 -

HKLM\System\CCS\Services\Tcpip\..\{2BFE1A9F-0E69-492C-9454-B8FB0E

C7F055}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F}

- C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon -

C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program

Files\Fichiers communs\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares

Development Group - C:\Documents and

Settings\Bruneau\Bureau\felixmessenger perso\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL

Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program

Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program

Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers

communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision -

C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. -

C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program

Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program

Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony

Corporation - C:\Program Files\Fichiers communs\Sony

Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs,

LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Si quelqun pouvait me dire ce qui ne va pas!!
Merci bien!!

Autres pages sur : win32 trojan gen upx

23 Janvier 2008 18:29:45

Salut,

Edite ton message et poste le rapport correctement, c'est illisible.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS