Full Version: ayuda con la configuracion
tengo karspersky internet security 2009 el internet me va muy lento tarda mucho en abrir k puedo hader para k vaya bien y como lo configuro
Bienvenido.
Necesitamos más información para poder ayudarte.
lee las normas http://forum.kaspersky.com/index.php?showtopic=84034 y danos la información del gsi y el log del avz.
En ese enlace tienes como hacerlo aunque el gsi descarga la versión beta del gsi.kaspersky.fr.
Necesitamos más información para poder ayudarte.
lee las normas http://forum.kaspersky.com/index.php?showtopic=84034 y danos la información del gsi y el log del avz.
En ese enlace tienes como hacerlo aunque el gsi descarga la versión beta del gsi.kaspersky.fr.
tego xp profesional 32 bit service pack 3 y todas las actualizaciones de windows udatep
QUOTE(litotis123 @ 17.01.2009 23:05) 
tego xp profesional 32 bit service pack 3 y todas las actualizaciones de windows udatep
No es suficiente, genera siguiendo las normas un GSI (getsysteminfo) y un AVZ log, y nos subes ambos informes para su revisión.
Saludos.
Como ya te han indicado revisate las normas del foro, y postea toda la información que en ellas se pide para que te podamos ayudar.
Sobre todo tu getsysteminfo y tu avz log. Recuerda utilizar la nueva version beta del gsi, para poder ayudarte mejor.
Saludos
Sobre todo tu getsysteminfo y tu avz log. Recuerda utilizar la nueva version beta del gsi, para poder ayudarte mejor.
Saludos
<AVZ_CollectSysInfo>
--------------------
Start time: 18/01/2009 16:36:19
Duration: 00:01:51
Finish time: 18/01/2009 16:38:10
<AVZ_CollectSysInfo>
--------------------
Time Event
---- -----
18/01/2009 16:36:20 Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 3"
18/01/2009 16:36:20 System Restore: enabled
18/01/2009 16:36:22 1.1 Searching for user-mode API hooks
18/01/2009 16:36:22 Analysis: kernel32.dll, export table found in section .text
18/01/2009 16:36:22 Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C80236B->61F03F42
18/01/2009 16:36:22 Hook kernel32.dll:CreateProcessA (99) blocked
18/01/2009 16:36:22 Function kernel32.dll:CreateProcessW (103) intercepted, method ProcAddressHijack.GetProcAddress ->7C802336->61F04040
18/01/2009 16:36:22 Hook kernel32.dll:CreateProcessW (103) blocked
18/01/2009 16:36:22 Function kernel32.dll:FreeLibrary (241) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AC6E->61F041FC
18/01/2009 16:36:22 Hook kernel32.dll:FreeLibrary (241) blocked
18/01/2009 16:36:22 Function kernel32.dll:GetModuleFileNameA (373) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B55F->61F040FB
18/01/2009 16:36:22 Hook kernel32.dll:GetModuleFileNameA (373) blocked
18/01/2009 16:36:22 Function kernel32.dll:GetModuleFileNameW (374) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B465->61F041A0
18/01/2009 16:36:22 Hook kernel32.dll:GetModuleFileNameW (374) blocked
18/01/2009 16:36:22 Function kernel32.dll:GetProcAddress (409) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AE30->61F04648
18/01/2009 16:36:22 Hook kernel32.dll:GetProcAddress (409) blocked
18/01/2009 16:36:22 Function kernel32.dll:LoadLibraryA (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D7B->61F03C6F
18/01/2009 16:36:22 Hook kernel32.dll:LoadLibraryA (581) blocked
18/01/2009 16:36:22 >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
18/01/2009 16:36:22 Function kernel32.dll:LoadLibraryExA (582) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D53->61F03DAF
18/01/2009 16:36:22 Hook kernel32.dll:LoadLibraryExA (582) blocked
18/01/2009 16:36:22 >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
18/01/2009 16:36:22 Function kernel32.dll:LoadLibraryExW (583) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF5->61F03E5A
18/01/2009 16:36:22 Hook kernel32.dll:LoadLibraryExW (583) blocked
18/01/2009 16:36:22 Function kernel32.dll:LoadLibraryW (584) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AEDB->61F03D0C
18/01/2009 16:36:22 Hook kernel32.dll:LoadLibraryW (584) blocked
18/01/2009 16:36:22 IAT modification detected: LoadLibraryW - 00D60010<>7C80AEDB
18/01/2009 16:36:22 Analysis: ntdll.dll, export table found in section .text
18/01/2009 16:36:22 Analysis: user32.dll, export table found in section .text
18/01/2009 16:36:22 Analysis: advapi32.dll, export table found in section .text
18/01/2009 16:36:22 Analysis: ws2_32.dll, export table found in section .text
18/01/2009 16:36:22 Analysis: wininet.dll, export table found in section .text
18/01/2009 16:36:22 Analysis: rasapi32.dll, export table found in section .text
18/01/2009 16:36:22 Analysis: urlmon.dll, export table found in section .text
18/01/2009 16:36:22 Analysis: netapi32.dll, export table found in section .text
18/01/2009 16:36:23 1.2 Searching for kernel-mode API hooks
18/01/2009 16:36:24 Driver loaded successfully
18/01/2009 16:36:24 SDT found (RVA=085700)
18/01/2009 16:36:24 Kernel ntkrnlpa.exe found in memory at address 804D7000
18/01/2009 16:36:24 SDT = 8055C700
18/01/2009 16:36:24 KiST = 80504460 (284)
18/01/2009 16:36:24 Function NtAdjustPrivilegesToken (0B) intercepted (805EBB3E->B78E081A), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:24 >>> Function restored successfully !
18/01/2009 16:36:24 >>> Hook code blocked
18/01/2009 16:36:24 Function NtClose (19) intercepted (805BC4F8->B78E0DC6), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:24 >>> Function restored successfully !
18/01/2009 16:36:24 >>> Hook code blocked
18/01/2009 16:36:24 Function NtConnectPort (1F) intercepted (805A45B4->B78E282A), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:24 >>> Function restored successfully !
18/01/2009 16:36:24 >>> Hook code blocked
18/01/2009 16:36:25 Function NtCreateFile (25) intercepted (80579084->B78E21E0), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtCreateKey (29) intercepted (80623792->B78DFF90), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtCreateSymbolicLinkObject (34) intercepted (805C39C2->B78E418C), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtCreateThread (35) intercepted (805D0FE0->B78E0BC2), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtDeleteKey (3F) intercepted (80623C22->B78E03D2), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtDeleteValueKey (41) intercepted (80623DF2->B78E05D2), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtDeviceIoControlFile (42) intercepted (8057924A->B78E24EC), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtDuplicateObject (44) intercepted (805BDFD0->B78E4698), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtEnumerateKey (47) intercepted (80623FD2->B78E06E8), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtEnumerateValueKey (49) intercepted (8062423C->B78E0750), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtFsControlFile (54) intercepted (8057927E->B78E23A2), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtLoadDriver (61) intercepted (8058413A->B78E3C50), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtOpenFile (74) intercepted (8057A182->B78E203C), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtOpenKey (77) intercepted (80624B64->B78E00F2), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtOpenProcess (7A) intercepted (805CB408->B78E09E8), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtOpenSection (7D) intercepted (805AA3D2->B78E41B6), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtOpenThread (80) intercepted (805CB694->B78E093E), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtQueryKey (A0) intercepted (80624E8A->B78E07B8), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtQueryMultipleValueKey (A1) intercepted (806228E0->B78E04BC), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtQueryValueKey (B1) intercepted (806219CA->B78E029A), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtQueueApcThread (B4) intercepted (805D123E->B78E3EB8), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtReplaceKey (C1) intercepted (8062583E->B78DFC12), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtRequestWaitReplyPort (C8) intercepted (805A2D5A->B78E30B4), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtRestoreKey (CC) intercepted (8062514A->B78DFD74), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtResumeThread (CE) intercepted (805D4982->B78E4568), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtSaveKey (CF) intercepted (80625246->B78DFA10), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtSecureConnectPort (D2) intercepted (805A3D48->B78E26CC), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtSetContextThread (D5) intercepted (805D1702->B78E0CC0), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtSetSecurityObject (ED) intercepted (805C05F6->B78E3D4A), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtSetSystemInformation (F0) intercepted (8060F3C6->B78E41E0), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtSetValueKey (F7) intercepted (80621D18->B78E0148), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtSuspendProcess (FD) intercepted (805D4A4A->B78E42C4), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtSuspendThread (FE) intercepted (805D48BC->B78E43F0), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtSystemDebugControl (FF) intercepted (8061777A->B78E3B7C), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtTerminateProcess (101) intercepted (805D29AA->B78E0A92), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtWriteVirtualMemory (115) intercepted (805B4394->B78E0B04), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:26 Function FsRtlCheckLockForReadAccess (804EAF84) - machine code modification Method of JmpTo. jmp B78F701C \SystemRoot\system32\DRIVERS\klif.sys
18/01/2009 16:36:26 >>> Function restored successfully !
18/01/2009 16:36:26 Function IoIsOperationSynchronous (804EF912) - machine code modification Method of JmpTo. jmp B78F73D6 \SystemRoot\system32\DRIVERS\klif.sys
18/01/2009 16:36:26 >>> Function restored successfully !
18/01/2009 16:36:26 Functions checked: 284, intercepted: 39, restored: 41
18/01/2009 16:36:26 1.3 Checking IDT and SYSENTER
18/01/2009 16:36:26 Analysis for CPU 1
18/01/2009 16:36:26 Analysis for CPU 2
18/01/2009 16:36:26 Analysis for CPU 3
18/01/2009 16:36:26 Analysis for CPU 4
18/01/2009 16:36:26 Checking IDT and SYSENTER - complete
18/01/2009 16:36:27 1.4 Searching for masking processes and drivers
18/01/2009 16:36:27 Checking not performed: extended monitoring driver (AVZPM) is not installed
18/01/2009 16:36:27 Driver loaded successfully
18/01/2009 16:36:27 1.5 Checking of IRP handlers
18/01/2009 16:36:27 Checking - complete
18/01/2009 16:36:28 C:\ARCHIV~1\KASPER~1\KASPER~1\adialhk.dll --> Suspicion for Keylogger or Trojan DLL
18/01/2009 16:36:28 C:\ARCHIV~1\KASPER~1\KASPER~1\adialhk.dll>>> Behavioral analysis
18/01/2009 16:36:28 Behaviour typical for keyloggers not detected
18/01/2009 16:36:28 C:\ARCHIV~1\KASPER~1\KASPER~1\kloehk.dll --> Suspicion for Keylogger or Trojan DLL
18/01/2009 16:36:28 C:\ARCHIV~1\KASPER~1\KASPER~1\kloehk.dll>>> Behavioral analysis
18/01/2009 16:36:28 Behaviour typical for keyloggers not detected
18/01/2009 16:36:33 Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
18/01/2009 16:36:42 Latent loading of libraries through AppInit_DLLs suspected: "C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARCHIV~1\KASPER~1\KASPER~1\adialhk.dll,C:\ARCHIV~1\KASPER~1\KASPER~1\kloehk.dll"
18/01/2009 16:36:42 >> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto)
18/01/2009 16:36:42 >> Services: potentially dangerous service allowed: TermService (Servicios de Terminal Server)
18/01/2009 16:36:42 >> Services: potentially dangerous service allowed: SSDPSRV (Servicio de descubrimientos SSDP)
18/01/2009 16:36:42 >> Services: potentially dangerous service allowed: Schedule (Programador de tareas)
18/01/2009 16:36:42 >> Services: potentially dangerous service allowed: mnmsrvc (Escritorio remoto compartido de NetMeeting)
18/01/2009 16:36:42 >> Services: potentially dangerous service allowed: RDSessMgr (Administrador de sesión de Ayuda de escritorio remoto)
18/01/2009 16:36:42 > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
18/01/2009 16:36:42 >> Security: disk drives' autorun is enabled
18/01/2009 16:36:42 >> Security: administrative shares (C$, D$ ...) are enabled
18/01/2009 16:36:42 >> Security: anonymous user access is enabled
18/01/2009 16:36:43 >> Security: sending Remote Assistant queries is enabled
18/01/2009 16:36:49 >> Disable HDD autorun
18/01/2009 16:36:49 >> Disable autorun from network drives
18/01/2009 16:36:49 >> Disable CD/DVD autorun
18/01/2009 16:36:49 >> Disable removable media autorun
18/01/2009 16:36:49 System Analysis in progress
18/01/2009 16:38:10 System Analysis - complete
18/01/2009 16:38:10 Delete file:C:\Documents and Settings\Paco\Escritorio\Virus Removal Tool\is-PCT9C\LOG\avptool_syscheck.htm
18/01/2009 16:38:10 Delete file:C:\Documents and Settings\Paco\Escritorio\Virus Removal Tool\is-PCT9C\LOG\avptool_syscheck.xml
18/01/2009 16:38:10 Deleting service/driver: ute3mjk3
18/01/2009 16:38:10 Delete file:C:\WINDOWS\system32\Drivers\ute3mjk3.sys
18/01/2009 16:38:10 Deleting service/driver: uje3mjk3
18/01/2009 16:38:10 Script executed without errors
--------------------
Start time: 18/01/2009 16:36:19
Duration: 00:01:51
Finish time: 18/01/2009 16:38:10
<AVZ_CollectSysInfo>
--------------------
Time Event
---- -----
18/01/2009 16:36:20 Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 3"
18/01/2009 16:36:20 System Restore: enabled
18/01/2009 16:36:22 1.1 Searching for user-mode API hooks
18/01/2009 16:36:22 Analysis: kernel32.dll, export table found in section .text
18/01/2009 16:36:22 Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C80236B->61F03F42
18/01/2009 16:36:22 Hook kernel32.dll:CreateProcessA (99) blocked
18/01/2009 16:36:22 Function kernel32.dll:CreateProcessW (103) intercepted, method ProcAddressHijack.GetProcAddress ->7C802336->61F04040
18/01/2009 16:36:22 Hook kernel32.dll:CreateProcessW (103) blocked
18/01/2009 16:36:22 Function kernel32.dll:FreeLibrary (241) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AC6E->61F041FC
18/01/2009 16:36:22 Hook kernel32.dll:FreeLibrary (241) blocked
18/01/2009 16:36:22 Function kernel32.dll:GetModuleFileNameA (373) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B55F->61F040FB
18/01/2009 16:36:22 Hook kernel32.dll:GetModuleFileNameA (373) blocked
18/01/2009 16:36:22 Function kernel32.dll:GetModuleFileNameW (374) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B465->61F041A0
18/01/2009 16:36:22 Hook kernel32.dll:GetModuleFileNameW (374) blocked
18/01/2009 16:36:22 Function kernel32.dll:GetProcAddress (409) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AE30->61F04648
18/01/2009 16:36:22 Hook kernel32.dll:GetProcAddress (409) blocked
18/01/2009 16:36:22 Function kernel32.dll:LoadLibraryA (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D7B->61F03C6F
18/01/2009 16:36:22 Hook kernel32.dll:LoadLibraryA (581) blocked
18/01/2009 16:36:22 >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
18/01/2009 16:36:22 Function kernel32.dll:LoadLibraryExA (582) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D53->61F03DAF
18/01/2009 16:36:22 Hook kernel32.dll:LoadLibraryExA (582) blocked
18/01/2009 16:36:22 >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
18/01/2009 16:36:22 Function kernel32.dll:LoadLibraryExW (583) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF5->61F03E5A
18/01/2009 16:36:22 Hook kernel32.dll:LoadLibraryExW (583) blocked
18/01/2009 16:36:22 Function kernel32.dll:LoadLibraryW (584) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AEDB->61F03D0C
18/01/2009 16:36:22 Hook kernel32.dll:LoadLibraryW (584) blocked
18/01/2009 16:36:22 IAT modification detected: LoadLibraryW - 00D60010<>7C80AEDB
18/01/2009 16:36:22 Analysis: ntdll.dll, export table found in section .text
18/01/2009 16:36:22 Analysis: user32.dll, export table found in section .text
18/01/2009 16:36:22 Analysis: advapi32.dll, export table found in section .text
18/01/2009 16:36:22 Analysis: ws2_32.dll, export table found in section .text
18/01/2009 16:36:22 Analysis: wininet.dll, export table found in section .text
18/01/2009 16:36:22 Analysis: rasapi32.dll, export table found in section .text
18/01/2009 16:36:22 Analysis: urlmon.dll, export table found in section .text
18/01/2009 16:36:22 Analysis: netapi32.dll, export table found in section .text
18/01/2009 16:36:23 1.2 Searching for kernel-mode API hooks
18/01/2009 16:36:24 Driver loaded successfully
18/01/2009 16:36:24 SDT found (RVA=085700)
18/01/2009 16:36:24 Kernel ntkrnlpa.exe found in memory at address 804D7000
18/01/2009 16:36:24 SDT = 8055C700
18/01/2009 16:36:24 KiST = 80504460 (284)
18/01/2009 16:36:24 Function NtAdjustPrivilegesToken (0B) intercepted (805EBB3E->B78E081A), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:24 >>> Function restored successfully !
18/01/2009 16:36:24 >>> Hook code blocked
18/01/2009 16:36:24 Function NtClose (19) intercepted (805BC4F8->B78E0DC6), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:24 >>> Function restored successfully !
18/01/2009 16:36:24 >>> Hook code blocked
18/01/2009 16:36:24 Function NtConnectPort (1F) intercepted (805A45B4->B78E282A), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:24 >>> Function restored successfully !
18/01/2009 16:36:24 >>> Hook code blocked
18/01/2009 16:36:25 Function NtCreateFile (25) intercepted (80579084->B78E21E0), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtCreateKey (29) intercepted (80623792->B78DFF90), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtCreateSymbolicLinkObject (34) intercepted (805C39C2->B78E418C), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtCreateThread (35) intercepted (805D0FE0->B78E0BC2), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtDeleteKey (3F) intercepted (80623C22->B78E03D2), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtDeleteValueKey (41) intercepted (80623DF2->B78E05D2), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtDeviceIoControlFile (42) intercepted (8057924A->B78E24EC), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtDuplicateObject (44) intercepted (805BDFD0->B78E4698), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtEnumerateKey (47) intercepted (80623FD2->B78E06E8), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtEnumerateValueKey (49) intercepted (8062423C->B78E0750), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtFsControlFile (54) intercepted (8057927E->B78E23A2), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtLoadDriver (61) intercepted (8058413A->B78E3C50), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtOpenFile (74) intercepted (8057A182->B78E203C), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtOpenKey (77) intercepted (80624B64->B78E00F2), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtOpenProcess (7A) intercepted (805CB408->B78E09E8), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtOpenSection (7D) intercepted (805AA3D2->B78E41B6), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtOpenThread (80) intercepted (805CB694->B78E093E), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtQueryKey (A0) intercepted (80624E8A->B78E07B8), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtQueryMultipleValueKey (A1) intercepted (806228E0->B78E04BC), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtQueryValueKey (B1) intercepted (806219CA->B78E029A), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtQueueApcThread (B4) intercepted (805D123E->B78E3EB8), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtReplaceKey (C1) intercepted (8062583E->B78DFC12), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtRequestWaitReplyPort (C8) intercepted (805A2D5A->B78E30B4), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtRestoreKey (CC) intercepted (8062514A->B78DFD74), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtResumeThread (CE) intercepted (805D4982->B78E4568), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtSaveKey (CF) intercepted (80625246->B78DFA10), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtSecureConnectPort (D2) intercepted (805A3D48->B78E26CC), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtSetContextThread (D5) intercepted (805D1702->B78E0CC0), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtSetSecurityObject (ED) intercepted (805C05F6->B78E3D4A), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtSetSystemInformation (F0) intercepted (8060F3C6->B78E41E0), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtSetValueKey (F7) intercepted (80621D18->B78E0148), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtSuspendProcess (FD) intercepted (805D4A4A->B78E42C4), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtSuspendThread (FE) intercepted (805D48BC->B78E43F0), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtSystemDebugControl (FF) intercepted (8061777A->B78E3B7C), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtTerminateProcess (101) intercepted (805D29AA->B78E0A92), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:25 Function NtWriteVirtualMemory (115) intercepted (805B4394->B78E0B04), hook C:\WINDOWS\system32\DRIVERS\klif.sys
18/01/2009 16:36:25 >>> Function restored successfully !
18/01/2009 16:36:25 >>> Hook code blocked
18/01/2009 16:36:26 Function FsRtlCheckLockForReadAccess (804EAF84) - machine code modification Method of JmpTo. jmp B78F701C \SystemRoot\system32\DRIVERS\klif.sys
18/01/2009 16:36:26 >>> Function restored successfully !
18/01/2009 16:36:26 Function IoIsOperationSynchronous (804EF912) - machine code modification Method of JmpTo. jmp B78F73D6 \SystemRoot\system32\DRIVERS\klif.sys
18/01/2009 16:36:26 >>> Function restored successfully !
18/01/2009 16:36:26 Functions checked: 284, intercepted: 39, restored: 41
18/01/2009 16:36:26 1.3 Checking IDT and SYSENTER
18/01/2009 16:36:26 Analysis for CPU 1
18/01/2009 16:36:26 Analysis for CPU 2
18/01/2009 16:36:26 Analysis for CPU 3
18/01/2009 16:36:26 Analysis for CPU 4
18/01/2009 16:36:26 Checking IDT and SYSENTER - complete
18/01/2009 16:36:27 1.4 Searching for masking processes and drivers
18/01/2009 16:36:27 Checking not performed: extended monitoring driver (AVZPM) is not installed
18/01/2009 16:36:27 Driver loaded successfully
18/01/2009 16:36:27 1.5 Checking of IRP handlers
18/01/2009 16:36:27 Checking - complete
18/01/2009 16:36:28 C:\ARCHIV~1\KASPER~1\KASPER~1\adialhk.dll --> Suspicion for Keylogger or Trojan DLL
18/01/2009 16:36:28 C:\ARCHIV~1\KASPER~1\KASPER~1\adialhk.dll>>> Behavioral analysis
18/01/2009 16:36:28 Behaviour typical for keyloggers not detected
18/01/2009 16:36:28 C:\ARCHIV~1\KASPER~1\KASPER~1\kloehk.dll --> Suspicion for Keylogger or Trojan DLL
18/01/2009 16:36:28 C:\ARCHIV~1\KASPER~1\KASPER~1\kloehk.dll>>> Behavioral analysis
18/01/2009 16:36:28 Behaviour typical for keyloggers not detected
18/01/2009 16:36:33 Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
18/01/2009 16:36:42 Latent loading of libraries through AppInit_DLLs suspected: "C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARCHIV~1\KASPER~1\KASPER~1\adialhk.dll,C:\ARCHIV~1\KASPER~1\KASPER~1\kloehk.dll"
18/01/2009 16:36:42 >> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto)
18/01/2009 16:36:42 >> Services: potentially dangerous service allowed: TermService (Servicios de Terminal Server)
18/01/2009 16:36:42 >> Services: potentially dangerous service allowed: SSDPSRV (Servicio de descubrimientos SSDP)
18/01/2009 16:36:42 >> Services: potentially dangerous service allowed: Schedule (Programador de tareas)
18/01/2009 16:36:42 >> Services: potentially dangerous service allowed: mnmsrvc (Escritorio remoto compartido de NetMeeting)
18/01/2009 16:36:42 >> Services: potentially dangerous service allowed: RDSessMgr (Administrador de sesión de Ayuda de escritorio remoto)
18/01/2009 16:36:42 > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
18/01/2009 16:36:42 >> Security: disk drives' autorun is enabled
18/01/2009 16:36:42 >> Security: administrative shares (C$, D$ ...) are enabled
18/01/2009 16:36:42 >> Security: anonymous user access is enabled
18/01/2009 16:36:43 >> Security: sending Remote Assistant queries is enabled
18/01/2009 16:36:49 >> Disable HDD autorun
18/01/2009 16:36:49 >> Disable autorun from network drives
18/01/2009 16:36:49 >> Disable CD/DVD autorun
18/01/2009 16:36:49 >> Disable removable media autorun
18/01/2009 16:36:49 System Analysis in progress
18/01/2009 16:38:10 System Analysis - complete
18/01/2009 16:38:10 Delete file:C:\Documents and Settings\Paco\Escritorio\Virus Removal Tool\is-PCT9C\LOG\avptool_syscheck.htm
18/01/2009 16:38:10 Delete file:C:\Documents and Settings\Paco\Escritorio\Virus Removal Tool\is-PCT9C\LOG\avptool_syscheck.xml
18/01/2009 16:38:10 Deleting service/driver: ute3mjk3
18/01/2009 16:38:10 Delete file:C:\WINDOWS\system32\Drivers\ute3mjk3.sys
18/01/2009 16:38:10 Deleting service/driver: uje3mjk3
18/01/2009 16:38:10 Script executed without errors
Revisate las normas del foro, alli te indican como tienes que hacerlo y que tienes que subir. El avz log, tienes que subir el zip que contiene dos ficheros, y te falta subir el enlace a tu getsysteminfo (gsi).
Lee detalladamente las normas.
Lee detalladamente las normas.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.