Alureon-CY
Résolu
charlyy
-
dilara -
dilara -
Bonjour,
Salut j,ai un virus qui sapelle alureon-CY je voudrais avoir l,outil pour me débarasser de ce virus je suis oubliger dallé en mode erchec pour ouvrir mes programme je ne peut accéder a rien jai avast et lui veut pas travaillé rien a faire cé quoi L'outil pour ce débarrasser de cela je pense que Alureon-Cy est un logiciel malveillant alord quel qun peut maider merci bien
Salut j,ai un virus qui sapelle alureon-CY je voudrais avoir l,outil pour me débarasser de ce virus je suis oubliger dallé en mode erchec pour ouvrir mes programme je ne peut accéder a rien jai avast et lui veut pas travaillé rien a faire cé quoi L'outil pour ce débarrasser de cela je pense que Alureon-Cy est un logiciel malveillant alord quel qun peut maider merci bien
80 réponses
salut tout le monde mon cas n,est pas encore résolu j,ai encore ce problemes un rootkit on ma fait téléchargé toute sorte de programme pour résoudre ce problemes alord on continu ou si il a quel qun qui est dé meilleur idée la dessus merci
non désolé cela nr fonctionne pas pour le programme de combofix et de faire dé redémarré en mode sans échec rien a faire ten pense quoi toi de reformaté ordi au complet si je ne suis pas capable dallé en mode normal ce rootkit quon appelle cheval de troie sa lair assez fort ce virus la hein on fait quoi maintenant?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Rapport GenProc 2.627 [1] - 2009-09-16 à 13:32:36
@ Windows Vista Service Pack 1 - Mode sans echec
@ Internet Explorer (8.0.6001.18813) [Navigateur par défaut]
~~ "C:\Windows\sed.exe" a été renommé sed.exe_RenameGenProc ~~
~~ "C:\Windows\grep.exe" a été renommé grep.exe_RenameGenProc ~~
~~ CM DISK ERROR ~~
Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures" ; par la suite, laisse-le avec ses réglages par défaut. C'est tout.
# Etape 1/ Télécharge :
- WORT http://pc-system.fr/ (dj QUIOU) sur le Bureau.
- ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.
Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** soanne charly *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).
# Etape 2/
Double-clique sur le fichier WORT.exe et sélectionne le Bureau à l'aide du bouton "Parcourir". Suis les instructions et double-clique sur le fichier Wareout Removal Tool.bat qui vient d'être créé sur le Bureau. Sélectionne l'option 1 et valide par entrée.
# Etape 3/
Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.
# Etape 4/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 5/
Redémarre normalement et poste, dans la même réponse :
- Le contenu du rapport WORT_report.txt situé dans C:\Wort ;
- Le contenu du rapport Combofix.txt situé dans C:\ ;
- Un nouveau rapport HijackThis ;
- Un nouveau rapport GenProc ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
~~ Arguments de la procédure ~~
# Détections [1] GenProc 2.627 2009-09-16 à 13:33:00
WareOut:le 2009-09-16 à 13:33:15
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.207,85.255.112.210
TDSS:le 2009-09-16 à 13:33:27 "C:\Windows\System32\gaopdx*.???"
----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------
~~ Fin à 13:33:52 ~~
@ Windows Vista Service Pack 1 - Mode sans echec
@ Internet Explorer (8.0.6001.18813) [Navigateur par défaut]
~~ "C:\Windows\sed.exe" a été renommé sed.exe_RenameGenProc ~~
~~ "C:\Windows\grep.exe" a été renommé grep.exe_RenameGenProc ~~
~~ CM DISK ERROR ~~
Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures" ; par la suite, laisse-le avec ses réglages par défaut. C'est tout.
# Etape 1/ Télécharge :
- WORT http://pc-system.fr/ (dj QUIOU) sur le Bureau.
- ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.
Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** soanne charly *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).
# Etape 2/
Double-clique sur le fichier WORT.exe et sélectionne le Bureau à l'aide du bouton "Parcourir". Suis les instructions et double-clique sur le fichier Wareout Removal Tool.bat qui vient d'être créé sur le Bureau. Sélectionne l'option 1 et valide par entrée.
# Etape 3/
Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.
# Etape 4/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 5/
Redémarre normalement et poste, dans la même réponse :
- Le contenu du rapport WORT_report.txt situé dans C:\Wort ;
- Le contenu du rapport Combofix.txt situé dans C:\ ;
- Un nouveau rapport HijackThis ;
- Un nouveau rapport GenProc ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
~~ Arguments de la procédure ~~
# Détections [1] GenProc 2.627 2009-09-16 à 13:33:00
WareOut:le 2009-09-16 à 13:33:15
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.207,85.255.112.210
TDSS:le 2009-09-16 à 13:33:27 "C:\Windows\System32\gaopdx*.???"
----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------
~~ Fin à 13:33:52 ~~
ok, c'etait pour me rassurer genproc
---> Télécharge Gmer http://www2.gmer.net/gmer.zip sur ton Bureau.
---> Extrais le contenu de l'archive puis renomme gmer.exe en tib.exe (Le .exe n'est pas forcément visible).
sur ton burreau
---> Double-clique sur tib.exe.
---> si tu as un message warning
comme celui la
http://www.genproc.com/gmer.JPG
clique non puis save, et enregistre sur ton Bureau "gmer.txt".
---> Double-clique sur "gmer.txt", le rapport apparaît, poste-le.
---> Télécharge Gmer http://www2.gmer.net/gmer.zip sur ton Bureau.
---> Extrais le contenu de l'archive puis renomme gmer.exe en tib.exe (Le .exe n'est pas forcément visible).
sur ton burreau
---> Double-clique sur tib.exe.
---> si tu as un message warning
comme celui la
http://www.genproc.com/gmer.JPG
clique non puis save, et enregistre sur ton Bureau "gmer.txt".
---> Double-clique sur "gmer.txt", le rapport apparaît, poste-le.
GMER 1.0.15.15087 - http://www.gmer.net
Rootkit quick scan 2009-09-16 13:58:10
Windows 6.0.6001 Service Pack 1
Running: tib.exe.exe; Driver: C:\Users\SOANNE~1\AppData\Local\Temp\kgdyypoc.sys
---- System - GMER 1.0.15 ----
Code 8AB30458 ZwEnumerateKey
Code 8AB30320 ZwFlushInstructionCache
Code 8AB402EE ZwSaveKey
Code 8AB3048E ZwSaveKeyEx
Code 8AB412DD IofCallDriver
Code 8AB212BE IofCompleteRequest
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dynamique/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF dynamique/Microsoft Corporation)
---- Services - GMER 1.0.15 ----
Service C:\Windows\system32\drivers\gasfkyxcrvxxuv.sys (*** hidden *** ) [SYSTEM] gasfkywibbvhex <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
Rootkit quick scan 2009-09-16 13:58:10
Windows 6.0.6001 Service Pack 1
Running: tib.exe.exe; Driver: C:\Users\SOANNE~1\AppData\Local\Temp\kgdyypoc.sys
---- System - GMER 1.0.15 ----
Code 8AB30458 ZwEnumerateKey
Code 8AB30320 ZwFlushInstructionCache
Code 8AB402EE ZwSaveKey
Code 8AB3048E ZwSaveKeyEx
Code 8AB412DD IofCallDriver
Code 8AB212BE IofCompleteRequest
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dynamique/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF dynamique/Microsoft Corporation)
---- Services - GMER 1.0.15 ----
Service C:\Windows\system32\drivers\gasfkyxcrvxxuv.sys (*** hidden *** ) [SYSTEM] gasfkywibbvhex <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
===> Telecharge AVZ http://z-oleg.com/avz4.zip
- extrait sur ton bureau
- ouvre le dossier AVZ4
- double clique sur avz.exe
- clique sur file (en haut à gauche)
- dans la liste choisie Custom scripts
- dans le carré qui apparait colle ce qui est en gras dessous
- puis clique sur Run
- valide le message, ton PC va redémarrer
- une fois redémarrer ouvre le dossier AVZ4
- poste le contenu de AvzBootCleaner.log
var
service, driverfile, AvzDir : string;
begin
AvzDir:=GetAVZDirectory;
service:=('gasfkywibbvhex');
driverfile:=('gasfkyxcrvxxuv.sys');
ShowMessage('Le PC va redémarrer.');
SearchRootKit(true,true);
SetAVZGuardStatus(true);
BC_QrFile('%System32%\Drivers\'+driverfile);
BC_DeleteSvc(service);
BC_LogFile(AvzDir + 'AvzBootCleaner.log');
BC_Activate;
RebootWindows(true);
end.
- extrait sur ton bureau
- ouvre le dossier AVZ4
- double clique sur avz.exe
- clique sur file (en haut à gauche)
- dans la liste choisie Custom scripts
- dans le carré qui apparait colle ce qui est en gras dessous
- puis clique sur Run
- valide le message, ton PC va redémarrer
- une fois redémarrer ouvre le dossier AVZ4
- poste le contenu de AvzBootCleaner.log
var
service, driverfile, AvzDir : string;
begin
AvzDir:=GetAVZDirectory;
service:=('gasfkywibbvhex');
driverfile:=('gasfkyxcrvxxuv.sys');
ShowMessage('Le PC va redémarrer.');
SearchRootKit(true,true);
SetAVZGuardStatus(true);
BC_QrFile('%System32%\Drivers\'+driverfile);
BC_DeleteSvc(service);
BC_LogFile(AvzDir + 'AvzBootCleaner.log');
BC_Activate;
RebootWindows(true);
end.
Attention !!! Database was last updated 2009-08-21 it is necessary to update the database (via File - Database update)
AVZ Antiviral Toolkit log; AVZ version is 4.32
Scanning started at 2009-09-16 14:24:35
Database loaded: signatures - 237871, NN profile(s) - 2, malware removal microprograms - 56, signature database released 21.08.2009 14:23
Heuristic microprograms loaded: 374
PVS microprograms loaded: 9
Digital signatures of system files loaded: 135524
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: disabled
Windows version is: 6.0.6001, Service Pack 1 ; AVZ is run with administrator rights
System Restore: enabled
System booted in Safe Mode with Networking
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Error loading driver - operation interrupted [C000035F]
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Error loading driver - operation interrupted [C000035F]
2. Scanning RAM
Number of processes found: 24
Number of modules loaded: 273
Scanning RAM - complete
3. Scanning disks
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Temp\~DFE0A6.tmp
C:\Program Files\Common Files\Windows Live\.cache\178f16701c9947d\fssclient_x86.msi/{MS-OLE}/\8 >>>>> Trojan.Kyjak
C:\Program Files\Fichiers communs\Windows Live\.cache\178f16701c9947d\fssclient_x86.msi/{MS-OLE}/\8 >>>>> Trojan.Kyjak
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Temp\~DFE0A6.tmp
C:\Windows\Installer\26488a4.msi/{MS-OLE}/\7 >>>>> Trojan.Kyjak
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
>> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
>> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> HDD autorun is allowed
>> Network drives autorun is allowed
>> Removable media autorun is allowed
>> Start -> Run menu item is blocked
Checking - complete
Files scanned: 292248, extracted from archives: 144186, malicious software found 3, suspicions - 0
Scanning finished at 2009-09-16 15:09:33
Time of scanning: 00:44:58
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address https://virusinfo.info/ conference
AVZ Antiviral Toolkit log; AVZ version is 4.32
Scanning started at 2009-09-16 14:24:35
Database loaded: signatures - 237871, NN profile(s) - 2, malware removal microprograms - 56, signature database released 21.08.2009 14:23
Heuristic microprograms loaded: 374
PVS microprograms loaded: 9
Digital signatures of system files loaded: 135524
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: disabled
Windows version is: 6.0.6001, Service Pack 1 ; AVZ is run with administrator rights
System Restore: enabled
System booted in Safe Mode with Networking
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Error loading driver - operation interrupted [C000035F]
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Error loading driver - operation interrupted [C000035F]
2. Scanning RAM
Number of processes found: 24
Number of modules loaded: 273
Scanning RAM - complete
3. Scanning disks
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\AppData\Local\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Temp\~DF2FA7.tmp
Direct reading: C:\Documents and Settings\soanne charly\Local Settings\Temp\~DFE0A6.tmp
C:\Program Files\Common Files\Windows Live\.cache\178f16701c9947d\fssclient_x86.msi/{MS-OLE}/\8 >>>>> Trojan.Kyjak
C:\Program Files\Fichiers communs\Windows Live\.cache\178f16701c9947d\fssclient_x86.msi/{MS-OLE}/\8 >>>>> Trojan.Kyjak
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\AppData\Local\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Application Data\Temp\~DFE0A6.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Temp\~DF2FA7.tmp
Direct reading: C:\Users\soanne charly\Local Settings\Temp\~DFE0A6.tmp
C:\Windows\Installer\26488a4.msi/{MS-OLE}/\7 >>>>> Trojan.Kyjak
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
>> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
>> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> HDD autorun is allowed
>> Network drives autorun is allowed
>> Removable media autorun is allowed
>> Start -> Run menu item is blocked
Checking - complete
Files scanned: 292248, extracted from archives: 144186, malicious software found 3, suspicions - 0
Scanning finished at 2009-09-16 15:09:33
Time of scanning: 00:44:58
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address https://virusinfo.info/ conference
je double clique sur avz.exe apres tu dit clique sur file en haut a gauche dans la liste je choisie custum script cé ok apres le problemes cest dans le carré qui appatait je colle quoi qui es gras dessous cé la qui bloque il a rien écrit la dessous
colle ça:
var
service, driverfile, AvzDir : string;
begin
AvzDir:=GetAVZDirectory;
service:=('gasfkywibbvhex');
driverfile:=('gasfkyxcrvxxuv.sys');
ShowMessage('Le PC va redémarrer.');
SearchRootKit(true,true);
SetAVZGuardStatus(true);
BC_QrFile('%System32%\Drivers\'+driverfile);
BC_DeleteSvc(service);
BC_LogFile(AvzDir + 'AvzBootCleaner.log');
BC_Activate;
RebootWindows(true);
end.
var
service, driverfile, AvzDir : string;
begin
AvzDir:=GetAVZDirectory;
service:=('gasfkywibbvhex');
driverfile:=('gasfkyxcrvxxuv.sys');
ShowMessage('Le PC va redémarrer.');
SearchRootKit(true,true);
SetAVZGuardStatus(true);
BC_QrFile('%System32%\Drivers\'+driverfile);
BC_DeleteSvc(service);
BC_LogFile(AvzDir + 'AvzBootCleaner.log');
BC_Activate;
RebootWindows(true);
end.
j,ai fait mon redémarré et je suis revenue en mode normal la présentement il me demande de redémarré en mode normal et je suis revenue sur mon bureau et la je tenvoie mon rapport aussitot mon redémarré fait
Quarantine path: \??\C:\Users\soanne charly\Documents\avz4\Quarantine\2009-09-16\
QuarantineFile \??\C:\Windows\system32\Drivers\gasfkyxcrvxxuv.sys - succeeded
Delete File \systemroot\system32\drivers\gasfkyxcrvxxuv.sys - succeeded
Delete Service & File gasfkywibbvhex - failed (0xC0000022)
-- End --
QuarantineFile \??\C:\Windows\system32\Drivers\gasfkyxcrvxxuv.sys - succeeded
Delete File \systemroot\system32\drivers\gasfkyxcrvxxuv.sys - succeeded
Delete Service & File gasfkywibbvhex - failed (0xC0000022)
-- End --
= Lance combofix
= si combofix t'ouvre des messages concernant tes protections, clique sur OK
= il se lance alors (le pc va redemarrer) laisse fairre.
= poste son rapport.
= si combofix t'ouvre des messages concernant tes protections, clique sur OK
= il se lance alors (le pc va redemarrer) laisse fairre.
= poste son rapport.
