Bonjour,
Je fais ma demande ici car j?ai un virus, sous vista ultimate (vf titre pour le nom) et je n?arrive pas à le supprimer.
Avast le detecte quand il s?execute, le supprime correctement mais celui revient quelque dizaines de minutes plus tard :
Apparemment j?avais d?autre virus mais eux ne sont pas revenu_s après la détéction d?Avast
Voici le log de l?antivirus
30/04/2007 18:29:55 1177950595 SYSTEM 1516 Sign of “Win32:Ardamax-gen [Tool]” has been found in “D:\eMule temp\Able2Extract Pdf Converter To Excel, Word & More v4.0.rar” file.
05/05/2007 14:42:26 1178368946 SYSTEM 1540 Sign of “Win32:Trojan-gen. {Other}” has been found in “D:\eMule temp\Wavelab 6 + full upgrade.iso\CRACKE~0\INSTALL.EXE” file.
05/05/2007 15:05:39 1178370339 SYSTEM 1540 Sign of “Win32:Trojan-gen. {Other}” has been found in “D:\eMule temp\Wavelab 6 + full upgrade(1).iso\CRACKE~0\INSTALL.EXE” file.
12/05/2007 12:21:49 1178965309 SYSTEM 1508 Sign of “Win32:Wormgen-C-PEL [Wrm]” has been found in “D:\eMule temp\Numark Cue crack.zip\Numark Cue crack.exe\td.exe” file.
12/05/2007 12:22:35 1178965355 SYSTEM 1508 Sign of “Win32:Simple [Wrm]” has been found in “D:\eMule temp\Numark Cue crack.zip\Numark Cue crack.exe\run.exe” file.
12/05/2007 12:22:36 1178965356 SYSTEM 1508 Sign of “Win32:Trojan-gen. {Other}” has been found in “D:\eMule temp\Numark Cue crack.zip\Numark Cue crack.exe” file.
12/05/2007 14:41:54 1178973714 SYSTEM 1508 Sign of “Win32:Small-DQP [Trj]” has been found in “C:\Windows\System32\Cier.exe” file.
31/05/2007 13:17:18 1180610239 SYSTEM 1528 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\61exhdda.9.exe[UPX]” file.
31/05/2007 19:50:41 1180633841 SYSTEM 1508 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\12exhdda.9.exe[UPX]” file.
31/05/2007 20:39:28 1180636768 SYSTEM 1508 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\71exhdda.9.exe[UPX]” file.
31/05/2007 21:30:11 1180639811 SYSTEM 1508 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\74exhdda.9.exe[UPX]” file.
31/05/2007 22:36:13 1180643773 SYSTEM 1508 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\94exhdda.9.exe[UPX]” file.
01/06/2007 11:07:46 1180688866 SYSTEM 1508 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\69exhdda.9.exe[UPX]” file.
02/06/2007 10:52:39 1180774359 SYSTEM 1464 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\86exhdda.9.exe[UPX]” file.
02/06/2007 12:42:52 1180780972 SYSTEM 1464 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\62exhdda.9.exe[UPX]” file.
02/06/2007 15:22:51 1180790571 SYSTEM 1464 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\57exhdda.9.exe[UPX]” file.
03/06/2007 13:31:23 1180870283 SYSTEM 1496 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\53exhdda.9.exe[UPX]” file.
03/06/2007 15:56:52 1180879012 SYSTEM 1496 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\87exhdda.9.exe[UPX]” file.
03/06/2007 18:15:09 1180887309 SYSTEM 1496 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\41exhdda.9.exe[UPX]” file.
03/06/2007 19:41:49 1180892509 SYSTEM 1496 Sign of “Win32:Horst-GZ [Trj]” has been found in “C:\Users\Ju\AppData\Local\Temp\73exhdda.9.exe[UPX]” file.
C?est toujours le même genre de fichier dans temp !!!
J?ai essayer le scan Avast en mode sans echec, avec restauration du systeme off : sa revient toujours, donc je m?en remet à vous.
Voici le resultat du scan HiJackThis :
Logfile of HijackThis v1.99.1
Scan saved at 14:14:26, on 04/06/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative Professional\E-MU USB Audio\E-MU USB Audio\EmuUsbAudioCP.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Log et Drivers\Log\Anti Virus-Spyware\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM…\Run: [Cier] %WINDIR%\system32\Cier.exe
O4 - HKLM…\Run: [.nvsvc] C:\Windows\system\smss.exe /w
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKCU…\Run: [E-MU USB Audio Control Panel] “C:\Program Files\Creative Professional\E-MU USB Audio\E-MU USB Audio\EmuUsbAudioCP.exe”
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - javadl-esd.sun.com…
O17 - HKLM\System\CCS\Services\Tcpip…{19E50703-A990-46DE-94B3-0562FC252040}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CCS\Services\Tcpip…{D2201EA0-A226-49DB-B709-A7D24328A2B7}: NameServer = 192.168.2.89
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: E-MU Audio Service (emaudsv) - E-MU Systems - C:\Windows\system32\emaudsv.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Je n?y vois rien de suspect, peut être que vous si !
Emu c?est l?application de ma carte son pour précision.
Si vous avez une idée?
up!
Hier j’ai pas trop eu de prob dans la journée, mais ce matin au démarage ça recommence…
Au news
En recherchant le nom des fichier infectés sur Google, je suis tombé sur le site d’un editeur proposant de telecharger PrevX, soit disant solution a mon probleme.
Je l’ai téléchargé et installé, et ça marche!!!
Le virus a corectement été suprimé, et d’autre aussi par la meme occase.
Domage qu’il ne soit pas gratuit…
Cimer pour votre aide au passage …