Win32 Trojan cd1041.nls détecté - Virus/Spywares - Windows & Software
Marsh Posté le 05-10-2007 à 11:56:33
Bonjour, Avast a détecté sur mon Xp Pro un logiciel malveillant de type Win32:Trojan-gen qui s'appelle C:\cd1041.nls Merci de votre aide. Voici le log hijackthis: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:24:43, on 05/10/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe G:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe g:\Program Files\ProcessGuard\dcsuserprot.exe G:\Program Files\Alwil Software\Avast4\ashWebSv.exe G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe G:\Program Files\ProcessGuard\pgaccount.exe G:\Program Files\ProcessGuard\procguard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe G:\Program Files\Mozilla Firefox 2\firefox.exe C:\Documents and Settings\olivier\Bureau\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy.ac-besancon.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell= N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.mozilla.org/" ); (C:\Documents and Settings\OLIVIER\Application Data\Mozilla\Profiles\default\w6nm4y1q.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CNetscape_France.src" ); (C:\Documents and Settings\OLIVIER\Application Data\Mozilla\Profiles\default\w6nm4y1q.slt\prefs.js) O2 - BHO: (no name) - -{259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!1_pgaccount] "g:\Program Files\ProcessGuard\pgaccount.exe" O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "g:\Program Files\ProcessGuard\procguard.exe" -minimize O4 - HKCU\..\Run: [updateMgr] "G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4724677B-6AB5-4983-BC69-9956786DD4A4}: NameServer = 195.221.85.2,194.57.91.200 O17 - HKLM\System\CCS\Services\Tcpip\..\{681BC84D-DED0-4C73-A179-A28E4FF14E3B}: NameServer = 195.221.85.2,194.57.91.200 O17 - HKLM\System\CCS\Services\Tcpip\..\{7D9BD8B6-D5FF-44F3-9E2F-20E32811CC7D}: NameServer = 195.221.85.2,194.57.91.200 O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - g:\Program Files\ProcessGuard\dcsuserprot.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: NMap - Unknown owner - C:\Program Files\NMapWin\bin\nmapserv.exe (file missing) O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: TabletService - Unknown owner - C:\WINDOWS\System32\Tablet.exe (file missing) O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
Make sure you enter the(*)required information where indicate.HTML code is not allowed
Marsh Posté le 05-10-2007 à 11:56:33
Bonjour,
Avast a détecté sur mon Xp Pro un logiciel malveillant de type Win32:Trojan-gen qui s'appelle
C:\cd1041.nls
Merci de votre aide.
Voici le log hijackthis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:24:43, on 05/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
g:\Program Files\ProcessGuard\dcsuserprot.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\Program Files\ProcessGuard\pgaccount.exe
G:\Program Files\ProcessGuard\procguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
G:\Program Files\Mozilla Firefox 2\firefox.exe
C:\Documents and Settings\olivier\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy.ac-besancon.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.mozilla.org/" ); (C:\Documents and Settings\OLIVIER\Application Data\Mozilla\Profiles\default\w6nm4y1q.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CNetscape_France.src" ); (C:\Documents and Settings\OLIVIER\Application Data\Mozilla\Profiles\default\w6nm4y1q.slt\prefs.js)
O2 - BHO: (no name) - -{259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!1_pgaccount] "g:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "g:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [updateMgr] "G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4724677B-6AB5-4983-BC69-9956786DD4A4}: NameServer = 195.221.85.2,194.57.91.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{681BC84D-DED0-4C73-A179-A28E4FF14E3B}: NameServer = 195.221.85.2,194.57.91.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D9BD8B6-D5FF-44F3-9E2F-20E32811CC7D}: NameServer = 195.221.85.2,194.57.91.200
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - g:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: NMap - Unknown owner - C:\Program Files\NMapWin\bin\nmapserv.exe (file missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TabletService - Unknown owner - C:\WINDOWS\System32\Tablet.exe (file missing)
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe