Virus : Win32;horst-gz Impossible à supprimer

gabbersteam_1_1 · Juin 4, 2007, 2:17

Bonjour,

Je fais ma demande ici car j?ai un virus, sous vista ultimate (vf titre pour le nom) et je n?arrive pas à le supprimer.

Avast le detecte quand il s?execute, le supprime correctement mais celui revient quelque dizaines de minutes plus tard :

Apparemment j?avais d?autre virus mais eux ne sont pas revenu_s après la détéction d?Avast

Voici le log de l?antivirus

30/04/2007 18:29:55 1177950595 SYSTEM 1516 Sign of “Win32:Ardamax-gen [Tool]” has been found in “D:\eMule temp\Able2Extract Pdf Converter To Excel, Word & More v4.0.rar” file.
05/05/2007 14:42:26 1178368946 SYSTEM 1540 Sign of “Win32:Trojan-gen. {Other}” has been found in “D:\eMule temp\Wavelab 6 + full upgrade.iso\CRACKE~0\INSTALL.EXE” file.
05/05/2007 15:05:39 1178370339 SYSTEM 1540 Sign of “Win32:Trojan-gen. {Other}” has been found in “D:\eMule temp\Wavelab 6 + full upgrade(1).iso\CRACKE~0\INSTALL.EXE” file.
12/05/2007 12:21:49 1178965309 SYSTEM 1508 Sign of “Win32:Wormgen-C-PEL [Wrm]” has been found in “D:\eMule temp\Numark Cue crack.zip\Numark Cue crack.exe\td.exe” file.
12/05/2007 12:22:35 1178965355 SYSTEM 1508 Sign of “Win32:Simple [Wrm]” has been found in “D:\eMule temp\Numark Cue crack.zip\Numark Cue crack.exe\run.exe” file.
12/05/2007 12:22:36 1178965356 SYSTEM 1508 Sign of “Win32:Trojan-gen. {Other}” has been found in “D:\eMule temp\Numark Cue crack.zip\Numark Cue crack.exe” file.
12/05/2007 14:41:54 1178973714 SYSTEM 1508 Sign of “Win32:Small-DQP [Trj]” has been found in “C:\Windows\System32\Cier.exe” file.
31/05/2007 13:17:18 1180610239 SYSTEM 1528 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\61exhdda.9.exe[UPX]” file.
31/05/2007 19:50:41 1180633841 SYSTEM 1508 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\12exhdda.9.exe[UPX]” file.
31/05/2007 20:39:28 1180636768 SYSTEM 1508 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\71exhdda.9.exe[UPX]” file.
31/05/2007 21:30:11 1180639811 SYSTEM 1508 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\74exhdda.9.exe[UPX]” file.
31/05/2007 22:36:13 1180643773 SYSTEM 1508 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\94exhdda.9.exe[UPX]” file.
01/06/2007 11:07:46 1180688866 SYSTEM 1508 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\69exhdda.9.exe[UPX]” file.
02/06/2007 10:52:39 1180774359 SYSTEM 1464 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\86exhdda.9.exe[UPX]” file.
02/06/2007 12:42:52 1180780972 SYSTEM 1464 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\62exhdda.9.exe[UPX]” file.
02/06/2007 15:22:51 1180790571 SYSTEM 1464 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\57exhdda.9.exe[UPX]” file.
03/06/2007 13:31:23 1180870283 SYSTEM 1496 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\53exhdda.9.exe[UPX]” file.
03/06/2007 15:56:52 1180879012 SYSTEM 1496 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\87exhdda.9.exe[UPX]” file.
03/06/2007 18:15:09 1180887309 SYSTEM 1496 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\41exhdda.9.exe[UPX]” file.
03/06/2007 19:41:49 1180892509 SYSTEM 1496 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\73exhdda.9.exe[UPX]” file.

C?est toujours le même genre de fichier dans temp !!!

J?ai essayer le scan Avast en mode sans echec, avec restauration du systeme off : sa revient toujours, donc je m?en remet à vous.

Voici le resultat du scan HiJackThis :

Logfile of HijackThis v1.99.1
Scan saved at 14:14:26, on 04/06/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative Professional\E-MU USB Audio\E-MU USB Audio\EmuUsbAudioCP.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Log et Drivers\Log\Anti Virus-Spyware\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM…\Run: [Cier] %WINDIR%\system32\Cier.exe
O4 - HKLM…\Run: [.nvsvc] C:\Windows\system\smss.exe /w
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKCU…\Run: [E-MU USB Audio Control Panel] “C:\Program Files\Creative Professional\E-MU USB Audio\E-MU USB Audio\EmuUsbAudioCP.exe”
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - javadl-esd.sun.com…
O17 - HKLM\System\CCS\Services\Tcpip…{19E50703-A990-46DE-94B3-0562FC252040}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CCS\Services\Tcpip…{D2201EA0-A226-49DB-B709-A7D24328A2B7}: NameServer = 192.168.2.89
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: E-MU Audio Service (emaudsv) - E-MU Systems - C:\Windows\system32\emaudsv.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Je n?y vois rien de suspect, peut être que vous si !

Emu c?est l?application de ma carte son pour précision.

Si vous avez une idée?

gabbersteam_1_1 · Juin 5, 2007, 9:17

up!

Hier j’ai pas trop eu de prob dans la journée, mais ce matin au démarage ça recommence…

gabbersteam_1_1 · Juin 5, 2007, 2:08

Au news

En recherchant le nom des fichier infectés sur Google, je suis tombé sur le site d’un editeur proposant de telecharger PrevX, soit disant solution a mon probleme.

Je l’ai téléchargé et installé, et ça marche!!!

Le virus a corectement été suprimé, et d’autre aussi par la meme occase.

Domage qu’il ne soit pas gratuit…

Cimer pour votre aide au passage …