(trojan) win32 gen upx
cbelot
-
Kristopher Messages postés 3752 Statut Contributeur -
Kristopher Messages postés 3752 Statut Contributeur -
Bonjour,
Après avoir fait tourner Ccleaner, Ad-aware SE, Spybot Search and Destroy et Counterspy (je suis sous Me) en mode sans echec et Bitdefender (le scan online de Panda ne fonctionne pas), avast me détecte toujours win 32 gen upx à l'emplacement suivant:
C:\_RESTORE\TEMP\A0665062.CPY
et Win 32 Zmist à l'emplacement suivant:
C:\Mes documents\Cyril\Multimédia\Winprof\engine.cab
Est-ce qu'une âme charitable pourrait me donner un coup de main SVP.
Voici le log de Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:56:15, on 14/02/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\MES DOCUMENTS\CYRIL\MULTIMEDIA\AVAST\ASHSERV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\SUNTHREATENGINE.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\SUNPROTECTIONSERVER.EXE
C:\MES DOCUMENTS\CYRIL\MULTIMEDIA\AVAST\ASHWEBSV.EXE
C:\MES DOCUMENTS\CYRIL\MULTIMEDIA\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\SUNSERVER.EXE
C:\MES DOCUMENTS\CYRIL\MULTIMEDIA\AVAST\ASHMAISV.EXE
C:\DGWL.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\WUAUBOOT.EXE
C:\MES DOCUMENTS\CYRIL\MULTIMEDIA\SETUPS\VIRUS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acuite.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acuite.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O4 - HKLM\..\Run: [avast! Web Scanner] C:\MESDOC~1\CYRIL\MULTIM~1\AVAST\ASHWEBSV.EXE
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Mes documents\Cyril\multimedia\jetico\fwsrv.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Mes documents\Cyril\multimedia\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunServer] C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\sunserver.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\MESDOC~1\CYRIL\MULTIM~1\AVAST\ashmaisv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [avast!] C:\Mes documents\Cyril\multimedia\avast\ashServ.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [5-1-25-298] c:\windows\5-1-25-298.exe -m
O4 - HKCU\..\Run: [Nsquw] \dgwl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Dell Home - {CB138CA8-A6B1-49CF-8C6C-95229FC102F4} - http://www.euro.dell.com/countries/fr/fra/gen/default.htm (file missing) (HKCU)
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.clitos.com/photoshard.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_allgl.exe
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
Après avoir fait tourner Ccleaner, Ad-aware SE, Spybot Search and Destroy et Counterspy (je suis sous Me) en mode sans echec et Bitdefender (le scan online de Panda ne fonctionne pas), avast me détecte toujours win 32 gen upx à l'emplacement suivant:
C:\_RESTORE\TEMP\A0665062.CPY
et Win 32 Zmist à l'emplacement suivant:
C:\Mes documents\Cyril\Multimédia\Winprof\engine.cab
Est-ce qu'une âme charitable pourrait me donner un coup de main SVP.
Voici le log de Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:56:15, on 14/02/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\MES DOCUMENTS\CYRIL\MULTIMEDIA\AVAST\ASHSERV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\SUNTHREATENGINE.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\SUNPROTECTIONSERVER.EXE
C:\MES DOCUMENTS\CYRIL\MULTIMEDIA\AVAST\ASHWEBSV.EXE
C:\MES DOCUMENTS\CYRIL\MULTIMEDIA\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\SUNSERVER.EXE
C:\MES DOCUMENTS\CYRIL\MULTIMEDIA\AVAST\ASHMAISV.EXE
C:\DGWL.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\WUAUBOOT.EXE
C:\MES DOCUMENTS\CYRIL\MULTIMEDIA\SETUPS\VIRUS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acuite.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acuite.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O4 - HKLM\..\Run: [avast! Web Scanner] C:\MESDOC~1\CYRIL\MULTIM~1\AVAST\ASHWEBSV.EXE
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Mes documents\Cyril\multimedia\jetico\fwsrv.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Mes documents\Cyril\multimedia\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunServer] C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\sunserver.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\MESDOC~1\CYRIL\MULTIM~1\AVAST\ashmaisv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [avast!] C:\Mes documents\Cyril\multimedia\avast\ashServ.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [5-1-25-298] c:\windows\5-1-25-298.exe -m
O4 - HKCU\..\Run: [Nsquw] \dgwl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Dell Home - {CB138CA8-A6B1-49CF-8C6C-95229FC102F4} - http://www.euro.dell.com/countries/fr/fra/gen/default.htm (file missing) (HKCU)
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.clitos.com/photoshard.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_allgl.exe
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
A voir également:
- (trojan) win32 gen upx
- Trojan sms-par google ✓ - Forum Virus
- Trojan gen 2 ✓ - Forum Antivirus
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Win32:pup-gen ✓ - Forum Virus
- Win32:malware-gen - Forum Virus
Si je ne m'abuse, je pense que son log est complet car Windows ME, ce sera pareil pour Windows 98 et SE je pense...
++
je pense que son log est complet car Windows ME, ce sera pareil pour Windows 98 et SE je pense... en effet ils sont moins longs que les XP
A+
Merci ^^Marie^^ d'avoir mis en exergue la répétition du mot "je pense" de ma part :)
Et oui, voulant faire en sorte que ma réponse soit la plus explicite possible, j'ai préféré nuancer mon propos :D
Aller, bonne journée (même si le temps est maussade à Paris).
++