Показано с 1 по 13 из 13.

I cant remove some infectec files...

  1. #1
    Junior Member Репутация
    Регистрация
    24.07.2008
    Сообщений
    7
    Вес репутации
    35

    I cant remove some infectec files...

    1. I cant use kaspersky anti virus 2009 the shield wont turn on...
    2. I cant upload infected file because i cant see it on this locations...
    3. I cant upload whole log of kaspersky remover tool because it is to high it find 96 modification's all same on different locations...


    scan kaspersky tool remover
    http://www.wklej.org/id/1db82229f7

    scan hijackthis
    http://wklej.org/id/910ff355bf

    scand dr.web
    psexesvc.exe;c:\windows;Program.PsExec.170;Usunięt y.;


    Please help me i'm really tied !!

    And sorry for my bad English i have hope someone of u speak polish and can help me...
    Последний раз редактировалось th30ne; 24.07.2008 в 13:43.

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    29.09.2004
    Сообщений
    3,510
    Вес репутации
    1280
    Please read the rules http://virusinfo.info/showthread.php?t=9184, make and attach 3 log-files according to the rules.
    Месть - мечта слабых, прощение - удел сильных.
    Поддержать проект можно здесь

  3. #3
    Junior Member Репутация
    Регистрация
    24.07.2008
    Сообщений
    7
    Вес репутации
    35
    done i see u didn't even read my post -.-

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    29.09.2004
    Сообщений
    3,510
    Вес репутации
    1280
    I did. And i didnt see the needed logs. Please do as described here http://virusinfo.info/showthread.php?t=9184
    Месть - мечта слабых, прощение - удел сильных.
    Поддержать проект можно здесь

  5. #5
    Junior Member Репутация
    Регистрация
    24.07.2008
    Сообщений
    7
    Вес репутации
    35
    i do it a ready -.-


    -------
    Код:
    Appendix 2. Searching files on disk with AVZ.
    
    1. Click "File" - "Add to quarantine by list ".
    2. Enter the list of files which were asked to send in the top window.
    3. Press "Start" and wait until "File addition process – complete” notification appears at the bottom of the window.
    4. Close current window “Add to quarantine by list ".
    5. Choose from the menu "File"-> “Quarantine folder viewer ".
    6. Mark files in the list which should be sent.
    7. Click "Archive" and specify a place on the disk where the archive should be kept.
    8. Upload the archive using the upload link (Upload quarantined files) at the top of your thread (the "thread link" field will be filled automatically), or use this link: http://virusinfo.info/upload_virus_eng.php , where you need to fill the "thread link" field manually. (It should look like httр: // virusinfo.info/showthread.php?t=ХХХХ).
    I cant do it because when i doing that it not showing on quarantine list............................

  6. #6
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    29.09.2004
    Сообщений
    3,510
    Вес репутации
    1280
    You have to attach 2 logs of AVZ and 1 log of HijackThis.
    Месть - мечта слабых, прощение - удел сильных.
    Поддержать проект можно здесь

  7. #7
    Junior Member Репутация
    Регистрация
    24.07.2008
    Сообщений
    7
    Вес репутации
    35
    omg so i see u didt read it because before i delete all logs what was here first time i give 2 logs of avz and 1 of hijackthis

    this one was on first time before i edit because of you...
    Код:
    <AVZ_CollectSysInfo>
    --------------------
    Start time:	2008-07-24 13:13
    Duration:	00:00:54
    Finish time:	2008-07-24 13:14
    
    
    <AVZ_CollectSysInfo>
    --------------------
    Time	Event
    ----	-----
    2008-07-24 13:13	1.1 Searching for user-mode API hooks
    2008-07-24 13:13	 Analysis: kernel32.dll, export table found in section .text
    2008-07-24 13:13	Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C802367->61F03F42
    2008-07-24 13:13	Hook kernel32.dll:CreateProcessA (99) blocked
    2008-07-24 13:13	Function kernel32.dll:CreateProcessW (103) intercepted, method ProcAddressHijack.GetProcAddress ->7C802332->61F04040
    2008-07-24 13:13	Hook kernel32.dll:CreateProcessW (103) blocked
    2008-07-24 13:13	Function kernel32.dll:FreeLibrary (241) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AA66->61F041FC
    2008-07-24 13:13	Hook kernel32.dll:FreeLibrary (241) blocked
    2008-07-24 13:13	Function kernel32.dll:GetModuleFileNameA (372) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B357->61F040FB
    2008-07-24 13:13	Hook kernel32.dll:GetModuleFileNameA (372) blocked
    2008-07-24 13:13	Function kernel32.dll:GetModuleFileNameW (373) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B25D->61F041A0
    2008-07-24 13:13	Hook kernel32.dll:GetModuleFileNameW (373) blocked
    2008-07-24 13:13	Function kernel32.dll:GetProcAddress (408) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AC28->61F04648
    2008-07-24 13:13	Hook kernel32.dll:GetProcAddress (408) blocked
    2008-07-24 13:13	Function kernel32.dll:LoadLibraryA (578) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D77->61F03C6F
    2008-07-24 13:13	Hook kernel32.dll:LoadLibraryA (578) blocked
    2008-07-24 13:13	 >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement  !!)
    2008-07-24 13:13	Function kernel32.dll:LoadLibraryExA (579) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D4F->61F03DAF
    2008-07-24 13:13	Hook kernel32.dll:LoadLibraryExA (579) blocked
    2008-07-24 13:13	 >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
    2008-07-24 13:13	Function kernel32.dll:LoadLibraryExW (580) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF1->61F03E5A
    2008-07-24 13:13	Hook kernel32.dll:LoadLibraryExW (580) blocked
    2008-07-24 13:13	Function kernel32.dll:LoadLibraryW (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C80ACD3->61F03D0C
    2008-07-24 13:13	Hook kernel32.dll:LoadLibraryW (581) blocked
    2008-07-24 13:13	IAT modification detected: GetModuleFileNameW - 00B00010<>7C80B25D
    2008-07-24 13:13	 Analysis: ntdll.dll, export table found in section .text
    2008-07-24 13:13	 Analysis: user32.dll, export table found in section .text
    2008-07-24 13:13	 Analysis: advapi32.dll, export table found in section .text
    2008-07-24 13:13	 Analysis: ws2_32.dll, export table found in section .text
    2008-07-24 13:13	 Analysis: wininet.dll, export table found in section .text
    2008-07-24 13:13	 Analysis: rasapi32.dll, export table found in section .text
    2008-07-24 13:13	 Analysis: urlmon.dll, export table found in section .text
    2008-07-24 13:13	 Analysis: netapi32.dll, export table found in section .text
    2008-07-24 13:13	1.2 Searching for kernel-mode API hooks
    2008-07-24 13:13	 Driver loaded successfully
    2008-07-24 13:13	 SDT found (RVA=0846E0)
    2008-07-24 13:13	 Kernel ntkrnlpa.exe found in memory at address 804D7000
    2008-07-24 13:13	   SDT = 8055B6E0
    2008-07-24 13:13	   KiST = 80503734 (284)
    2008-07-24 13:13	Function NtAssignProcessToJobObject (13) intercepted (805D4DD0->B6AB6C20), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtClose (19) intercepted (805BAEB4->B6AA21E0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtConnectPort (1F) intercepted (805A2FF4->B6AB886C), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtCreateFile (25) intercepted (80577E5E->B6A9CCC0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtCreateKey (29) intercepted (80622048->B6AA8D10), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtCreateProcess (2F) intercepted (805CFA1C->B6AB2270), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtCreateProcessEx (30) intercepted (805CF966->B6AB2AD0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtCreateSection (32) intercepted (805A9DEE->B6A9BE60), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtCreateSymbolicLinkObject (34) intercepted (805C35E0->B6AA8AD0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtCreateThread (35) intercepted (805CF804->B6AB0EE0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtDeleteFile (3E) intercepted (80575A46->B6AA7960), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtDeleteKey (3F) intercepted (806224D8->B6AAA390), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtDeleteValueKey (41) intercepted (806226A8->B6AAF0A0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtEnumerateKey (47) intercepted (80622888->BA6C3FB2), hook C:\WINDOWS\system32\Drivers\sptd.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtEnumerateValueKey (49) intercepted (80622AF2->BA6C4340), hook C:\WINDOWS\system32\Drivers\sptd.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtMakeTemporaryObject (69) intercepted (805BAF58->B6AA8350), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtOpenFile (74) intercepted (80578F5C->B6AA0FE0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtOpenKey (77) intercepted (806233DE->B6AA9BB0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtOpenProcess (7A) intercepted (805C9C46->B6AB47D0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtOpenSection (7D) intercepted (805A8E12->B6A9C5F0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtOpenThread (80) intercepted (805C9ED2->B6AB3DF0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtProtectVirtualMemory (89) intercepted (805B6DA2->B6AB7DA0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtQueryDirectoryFile (91) intercepted (80578C3E->B6AA2DF0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtQueryKey (A0) intercepted (80623702->B6AAAE40), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtQueryValueKey (B1) intercepted (80620102->B6AAB5B0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtReplaceKey (C1) intercepted (80623C28->B6AAC900), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtRestoreKey (CC) intercepted (80620450->B6AAE900), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtSaveKey (CF) intercepted (806204F2->B6AADA10), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtSaveKeyEx (D0) intercepted (80620582->B6AAE180), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtSecureConnectPort (D2) intercepted (805A2788->B6AB91EC), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtSetContextThread (D5) intercepted (805CFF26->B6AB6400), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtSetInformationFile (E0) intercepted (80579DC4->B6AA3F90), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtSetValueKey (F7) intercepted (80620708->B6AABD50), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtTerminateProcess (101) intercepted (805D1170->B6AB51C0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtTerminateThread (102) intercepted (805D136A->B6AB5B80), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Function NtWriteVirtualMemory (115) intercepted (805B2D5C->B6AB7390), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
    2008-07-24 13:13	>>> Function restored successfully !
    2008-07-24 13:13	>>> Hook code blocked
    2008-07-24 13:13	Functions checked: 284, intercepted: 36, restored: 36
    2008-07-24 13:13	1.3 Checking IDT and SYSENTER
    2008-07-24 13:13	 Analysis for CPU 1
    2008-07-24 13:13	 Analysis for CPU 2
    2008-07-24 13:13	 Checking IDT and SYSENTER - complete
    2008-07-24 13:13	1.4 Searching for masking processes and drivers
    2008-07-24 13:13	 Checking not performed: extended monitoring driver (AVZPM) is not installed
    2008-07-24 13:13	 Driver loaded successfully
    2008-07-24 13:13	1.5 Checking of IRP handlers
    2008-07-24 13:13	\FileSystem\ntfs[IRP_MJ_CREATE] = 8A5C51E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\ntfs[IRP_MJ_CLOSE] = 8A5C51E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\ntfs[IRP_MJ_WRITE] = 8A5C51E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 8A5C51E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 8A5C51E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\ntfs[IRP_MJ_QUERY_EA] = 8A5C51E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\ntfs[IRP_MJ_SET_EA] = 8A5C51E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 8A5C51E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 8A5C51E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 8A5C51E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 8A5C51E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 8A5C51E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 8A5C51E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 8A5C51E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 8A5C51E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\ntfs[IRP_MJ_PNP] = 8A5C51E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\FastFat[IRP_MJ_CREATE] = 85EF21E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\FastFat[IRP_MJ_CLOSE] = 85EF21E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\FastFat[IRP_MJ_WRITE] = 85EF21E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\FastFat[IRP_MJ_QUERY_INFORMATION] = 85EF21E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\FastFat[IRP_MJ_SET_INFORMATION] = 85EF21E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\FastFat[IRP_MJ_QUERY_EA] = 85EF21E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\FastFat[IRP_MJ_SET_EA] = 85EF21E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\FastFat[IRP_MJ_QUERY_VOLUME_INFORMATION] = 85EF21E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\FastFat[IRP_MJ_SET_VOLUME_INFORMATION] = 85EF21E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\FastFat[IRP_MJ_DIRECTORY_CONTROL] = 85EF21E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\FastFat[IRP_MJ_FILE_SYSTEM_CONTROL] = 85EF21E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\FastFat[IRP_MJ_DEVICE_CONTROL] = 85EF21E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\FastFat[IRP_MJ_LOCK_CONTROL] = 85EF21E8 -> hook not defined
    2008-07-24 13:13	\FileSystem\FastFat[IRP_MJ_PNP] = 85EF21E8 -> hook not defined
    2008-07-24 13:13	\driver\tcpip[IRP_MJ_CREATE] = B8FF8DA6 -> C:\WINDOWS\system32\DRIVERS\afw.sys
    2008-07-24 13:13	\driver\tcpip[IRP_MJ_DEVICE_CONTROL] = B8FF90DE -> C:\WINDOWS\system32\DRIVERS\afw.sys
    2008-07-24 13:13	\driver\tcpip[IRP_MJ_INTERNAL_DEVICE_CONTROL] = B8FF8F60 -> C:\WINDOWS\system32\DRIVERS\afw.sys
    2008-07-24 13:13	\driver\tcpip[IRP_MJ_CLEANUP] = B8FF8E94 -> C:\WINDOWS\system32\DRIVERS\afw.sys
    2008-07-24 13:13	 Checking - complete
    2008-07-24 13:13	C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\prremote.dll --> Suspicion for Keylogger or Trojan DLL
    2008-07-24 13:13	C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\prremote.dll>>> Behavioural analysis 
    2008-07-24 13:13	 Behaviour typical for keyloggers not detected
    2008-07-24 13:13	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll --> Suspicion for Keylogger or Trojan DLL
    2008-07-24 13:13	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll>>> Behavioural analysis 
    2008-07-24 13:13	 Behaviour typical for keyloggers not detected
    2008-07-24 13:13	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll --> Suspicion for Keylogger or Trojan DLL
    2008-07-24 13:13	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll>>> Behavioural analysis 
    2008-07-24 13:13	 Behaviour typical for keyloggers not detected
    2008-07-24 13:13	C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\FSSync.dll --> Suspicion for Keylogger or Trojan DLL
    2008-07-24 13:13	C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\FSSync.dll>>> Behavioural analysis 
    2008-07-24 13:13	 Behaviour typical for keyloggers not detected
    2008-07-24 13:13	c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\params.ppl --> Suspicion for Keylogger or Trojan DLL
    2008-07-24 13:13	c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\params.ppl>>> Behavioural analysis 
    2008-07-24 13:13	 Behaviour typical for keyloggers not detected
    2008-07-24 13:13	c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\bl.ppl --> Suspicion for Keylogger or Trojan DLL
    2008-07-24 13:13	c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\bl.ppl>>> Behavioural analysis 
    2008-07-24 13:13	 Behaviour typical for keyloggers not detected
    2008-07-24 13:13	c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\avp1.ppl --> Suspicion for Keylogger or Trojan DLL
    2008-07-24 13:13	c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\avp1.ppl>>> Behavioural analysis 
    2008-07-24 13:13	 Behaviour typical for keyloggers not detected
    2008-07-24 13:13	c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\avzproxy.ppl --> Suspicion for Keylogger or Trojan DLL
    2008-07-24 13:13	c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\avzproxy.ppl>>> Behavioural analysis 
    2008-07-24 13:13	 Behaviour typical for keyloggers not detected
    2008-07-24 13:13	c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\avzscan.ppl --> Suspicion for Keylogger or Trojan DLL
    2008-07-24 13:13	c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\avzscan.ppl>>> Behavioural analysis 
    2008-07-24 13:13	 Behaviour typical for keyloggers not detected
    2008-07-24 13:13	C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\avzkrnl.dll --> Suspicion for Keylogger/Trojan DLL, being masked as system file
    2008-07-24 13:13	C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\avzkrnl.dll>>> Behavioural analysis 
    2008-07-24 13:13	  1. Reacts to events: keyboard, all events
    2008-07-24 13:13	C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\avzkrnl.dll>>> Neural net: file with probability 0.00% like a typical keyboard/mouse events interceptor
    2008-07-24 13:13	c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\basegui.ppl --> Suspicion for Keylogger or Trojan DLL
    2008-07-24 13:13	c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\basegui.ppl>>> Behavioural analysis 
    2008-07-24 13:13	 Behaviour typical for keyloggers not detected
    2008-07-24 13:13	Note: Do NOT delete suspicious files, send them for analysis  (see FAQ for more details),  because there are lots of useful hooking DLLs
    2008-07-24 13:14	>> Services: potentially dangerous service allowed: TermService (Usługi terminalowe)
    2008-07-24 13:14	>> Services: potentially dangerous service allowed: Schedule (Harmonogram zadań)
    2008-07-24 13:14	>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
    2008-07-24 13:14	>> Services: potentially dangerous service allowed: RDSessMgr (Menedżer sesji pomocy pulpitu zdalnego)
    2008-07-24 13:14	> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
    2008-07-24 13:14	>> Security: disk drives' autorun is enabled
    2008-07-24 13:14	>> Security: administrative shares (C$, D$ ...) are enabled
    2008-07-24 13:14	>> Security: anonymous user access is enabled
    2008-07-24 13:14	>> Security: sending Remote Assistant queries is enabled
    2008-07-24 13:14	System Analysis in progress
    2008-07-24 13:14	Delete file:C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\LOG\avptool_syscheck.htm
    2008-07-24 13:14	>>>To delete the file C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\LOG\avptool_syscheck.htm reboot is required
    2008-07-24 13:14	Delete file:C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\LOG\avptool_syscheck.xml
    2008-07-24 13:14	>>>To delete the file C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\LOG\avptool_syscheck.xml reboot is required
    2008-07-24 13:14	Script executed without errors

  8. #8
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    29.09.2004
    Сообщений
    3,510
    Вес репутации
    1280
    Please red the rules. The needed logs must be attached to you message. They have names: virusinfo_syscure.zip, virusinfo_syscheck.zip, hijackthis.log.
    What you showed is not enought and not needed!
    Please attach 3 files according to the rules, else we cant help you.

    See for example here http://virusinfo.info/showthread.php?t=26755 how a topic with attached logs looks like.
    Месть - мечта слабых, прощение - удел сильных.
    Поддержать проект можно здесь

  9. #9
    Junior Member Репутация
    Регистрация
    24.07.2008
    Сообщений
    7
    Вес репутации
    35
    kk nvm my mistake sorry.
    Последний раз редактировалось th30ne; 24.07.2008 в 14:29.

  10. #10
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    29.09.2004
    Сообщений
    3,510
    Вес репутации
    1280
    Its not the same, believe me. We are here not to discuss the differnces, but to help you, so please do, how is described in the rules. The Appendix 2 of the rules is not needed for you now.

    Do the following:
    . Start AVZ. Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Investigation" check box. Click on the “Execute selected scripts”.
    Automatic scanning, healing and system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.

    9. It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan. All applications will work properly after the system restart.

    10. Start AVZ. Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Investigation" check box. Click on the "Execute selected scripts".
    A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

    11. Start HijackThis. If the program malfunctions or stops working right after the start, download the renamed file of HijackThis here and use it in the following instructions.

    12. Click on the "Do a system scan and save a logfile ".

    13. Save the logfile. The logfile will be saved in the program folder as hijackthis.log by default.

    14. Create a new thread in the "Help Me" section only. The header should contain a brief description of the problem and the body should provide the details. Attach the logfiles created at steps 8 (AVZ - virusinfo_syscure.zip), 10 (AVZ - virusinfo_syscheck.zip) and 13 (HJT - hijackthis.log) to the message. There should be 3 logs in general. We will do our best to help you.
    Месть - мечта слабых, прощение - удел сильных.
    Поддержать проект можно здесь

  11. #11
    Junior Member Репутация
    Регистрация
    24.07.2008
    Сообщений
    7
    Вес репутации
    35
    kk i say a ready my mistake sorry... i have to do scan again...

    th30ne, you do not have permission to access this page. This could be due to one of several reasons:

    1. Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
    2. If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

    Log Out Home "
    oO??

    i can't upload files
    Последний раз редактировалось th30ne; 24.07.2008 в 20:30. Причина: Добавлено

  12. #12
    Junior Member Репутация
    Регистрация
    24.07.2008
    Сообщений
    7
    Вес репутации
    35
    virusinfo_syscheck.zip don't wanna create automatically so i save log on avz_log.txt
    Вложения Вложения
    Последний раз редактировалось drongo; 24.07.2008 в 21:41.

  13. #13
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    971
    read again how to create logs in avz, and do not attach here the virusinfo_cure.zip, it should be send only by red link -> http://virusinfo.info/upload_virus_eng.php?tid=26987

Похожие темы

  1. infected files need help
    От tignac в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 01.06.2010, 10:35
  2. I cannot run avi files...
    От vineetsharma1503 в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 29.09.2009, 10:13
  3. Log Files
    От Armine в разделе Malware Removal Service
    Ответов: 2
    Последнее сообщение: 11.04.2009, 08:41
  4. Ответов: 3
    Последнее сообщение: 09.11.2008, 15:24
  5. Ответов: 3
    Последнее сообщение: 27.10.2008, 14:10

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01492 seconds with 17 queries