PDA

Просмотр полной версии : AVZ and Hijack This logs, for infected PC



sbw07
14.04.2008, 07:58
Hi, I'm trying to clean a pc that hasn't been properly maintained for quite some time. Attached are the logs from the AVZ scan and from hijack this.
Please assist me, thank you.

Bratez
14.04.2008, 10:00
I can see nothing suspicious in your logs.
The only thing to be said about is:

Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
You should install updates from Microsoft website.

kps
14.04.2008, 10:14
Why do you think that your PC is infected?
Nothing very suspicious in your logs, but we can check some files:
AVZ - File - Custom scripts
Execute the following script (copy it, paste it in the script window of AVZ and execute):

begin
QuarantineFile('C:\PROGRA~1\TEXTBR~1.0\Bin\TBMHOOK .dll','');
QuarantineFile('C:\Program Files\Common Files\Atomica Shared\agtcmp32.dll','');
QuarantineFile('C:\WINDOWS\System32\Drivers\GoBack 2K.sys','');
QuarantineFile('C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\Kasspersky.exe','');
BC_ImportQuarantineList;
BC_Activate;
DelBHO('{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}');
RebootWindows(true);
end.
Your computer will reboot.
Upload the quarantined files according to the Appendix 3 of the rules (http://virusinfo.info/showthread.php?t=9184). (upload here http://virusinfo.info/upload_virus_eng.php?tid=21476 )

sbw07
14.04.2008, 19:24
Thanks guys! I thought it was infected because I ran alot of other scans that found multiple infection - Ad-Aware alone found 38!. After cleaning them I ran the scans recommended here to verify that it's fully cleaned. I am about to install SP2 but I wanted to clean up the PC first as recommended by Microsoft. I'm uploading now the results of the custom script.

kps
15.04.2008, 11:33
The sent quarantined files are clean.

sbw07
15.04.2008, 18:35
Thanks!

kps
15.04.2008, 19:26
We are interested in your opinion about our project, it can help us to improve our service http://virusinfo.info/showthread.php?t=19966